fix: allow reset-apikey command without user.manage permission

The reset-apikey command has its own auth mechanism via --acc-mgr-token, so it should not be gated by permission introspection. This matches the behavior of "user create" which is also Permitted: true. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-16 22:32:30 +01:00
1 changed files with 1 additions and 1 deletions
--- a/internal/help/surface.go
+++ b/internal/help/surface.go
@@ -40,7 +40,7 @@ func CommandSurface() []Group {
 				{Name: "activate", Description: "Activate a user", Permitted: has(perms, "user.manage")},
 				{Name: "deactivate", Description: "Deactivate a user", Permitted: has(perms, "user.manage")},
 				{Name: "delete", Description: "Delete a user", Permitted: has(perms, "user.manage")},
-				{Name: "reset-apikey", Description: "Reset a user's API key", Permitted: has(perms, "user.manage")},
+				{Name: "reset-apikey", Description: "Reset a user's API key", Permitted: true},
 			},
 		},
 		{