From 83cab0da09c7db920d242f2db9da796e99ef1a96 Mon Sep 17 00:00:00 2001
From: xiaomlove <beixiao2777@gmail.com>
Date: Sun, 22 Jun 2025 20:43:04 +0700
Subject: [PATCH] fix token create

---
 app/Console/Commands/Test.php            | 12 +++---------
 app/Http/Controllers/TokenController.php |  2 +-
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/app/Console/Commands/Test.php b/app/Console/Commands/Test.php
index 0b3e88ab..4be7874f 100644
--- a/app/Console/Commands/Test.php
+++ b/app/Console/Commands/Test.php
@@ -15,6 +15,7 @@ use App\Models\User;
 use App\Repositories\ClaimRepository;
 use App\Repositories\ExamRepository;
 use App\Repositories\SeedBoxRepository;
+use App\Repositories\TokenRepository;
 use App\Repositories\UploadRepository;
 use Illuminate\Console\Command;
 use Illuminate\Support\Facades\DB;
@@ -78,15 +79,8 @@ class Test extends Command
 //        $res = unserialize("O:36:\"App\\Jobs\\UpdateUserDownloadPrivilege\":3:{s:6:\"userId\";i:1;s:6:\"status\";s:3:\"yes\";s:9:\"reasonKey\";s:8:\"test_key\";}");
 //        $res = unserialize("O:36:\"App\\Jobs\\UpdateUserDownloadPrivilege\":3:{s:6:\"userId\";i:1;s:6:\"status\";s:3:\"yes\";s:9:\"reasonKey\";s:8:\"test_key\";}");
 //        dd($res);
-        NexusDB::transaction(function () {
-            User::query()->where("id", 1)->update(["last_access" => now()]);
-            Message::add([
-                'receiver' => 1,
-                'subject' => 'test',
-                'msg' => microtime(true),
-                'added' => now()
-            ]);
-        });
+        $r = TokenRepository::listUserTokenPermissionAllowed();
+        dd($r);
     }
 
 }
diff --git a/app/Http/Controllers/TokenController.php b/app/Http/Controllers/TokenController.php
index 21e8ad7a..8c662767 100644
--- a/app/Http/Controllers/TokenController.php
+++ b/app/Http/Controllers/TokenController.php
@@ -30,7 +30,7 @@ class TokenController extends Controller
             }
             $allowed = TokenRepository::listUserTokenPermissionAllowed();
             foreach ($request->permissions as $permission) {
-                if (!in_array($permission, $allowed)) {
+                if (!isset($allowed[$permission])) {
                     throw new NexusException(nexus_trans("token.permission_not_allowed", ['permission_text' => nexus_trans("route-permission.{$permission}.text")]));
                 }
             }