Loosen authorization rule for recoverty token search

The authorization to read recovery tokens (RT) for ones institution was set to require the RAA role. However, reading and removing RT is a RA action. This commit lowers authz to RA for searching the RT See: https://www.pivotaltracker.com/story/show/184938232
OpenConext · Feb 20, 2024 · e7bc00b · e7bc00b
1 parent 7b2d9ab
commit e7bc00b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Surfnet/StepupMiddleware/ApiBundle/Controller/RecoveryTokenController.php b/src/Surfnet/StepupMiddleware/ApiBundle/Controller/RecoveryTokenController.php
@@ -99,7 +99,7 @@ public function collectionAction(Request $request)
             $actorId = new IdentityId($actorId);
             $query->authorizationContext = $this->authorizationService->buildInstitutionAuthorizationContext(
                 $actorId,
-                RegistrationAuthorityRole::raa()
+                RegistrationAuthorityRole::ra()
             );
         }
         $paginator = $this->service->search($query);