skip check if role has access to all routes (e.g. admin)

wangdeer · Jan 22, 2022 · 5c4f861 · 5c4f861
1 parent 4f03e51
commit 5c4f861
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/app/Containers/AppSection/Authorization/Traits/IsResourceOwnerTrait.php b/app/Containers/AppSection/Authorization/Traits/IsResourceOwnerTrait.php
@@ -10,6 +10,10 @@ trait IsResourceOwnerTrait
      */
     public function isResourceOwner(): bool
     {
+        if ($this->user()->hasAnyRole(config('apiato.requests.allow-roles-to-access-all-routes'))) {
+            return true;
+        }
+
         return hash_equals((string)$this->user()->getKey(), (string)$this->id);
     }
 }