commit a1fbb0deffe345acb4c4e29520c4dae3c79b8fe3
parent 76f41e95fd0e6e87bc5d1cd0ee918e9bf54cc948
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 29 Jun 2026 15:45:05 +0200
fix #9515: make sure pos-token has access to pos-read for GET to /private/pos
Diffstat:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_auth.c b/src/backend/taler-merchant-httpd_auth.c
@@ -97,19 +97,19 @@ static struct ScopePermissionMap scope_permissions[] = {
{
.as = TMH_AS_ORDER_POS,
.name = "order-pos",
- .permissions = "orders-read,orders-write,inventory-lock"
+ .permissions = "orders-read,orders-write,pos-read,inventory-lock"
},
/* Simple order management, also allows refunding */
{
.as = TMH_AS_ORDER_MGMT,
.name = "order-mgmt",
- .permissions = "orders-read,orders-write,orders-refund"
+ .permissions = "orders-read,orders-write,pos-read,orders-refund"
},
/* Full order management, allows inventory locking and refunds */
{
.as = TMH_AS_ORDER_FULL,
.name = "order-full",
- .permissions = "orders-read,orders-write,inventory-lock,orders-refund"
+ .permissions = "orders-read,orders-write,pos-read,inventory-lock,orders-refund"
},
/* No permissions, dummy scope */
{