From b8c1b68328884ca7585aa870a3d24065d649ee68 Mon Sep 17 00:00:00 2001
From: MartinOscar <40749467+RMartinOscar@users.noreply.github.com>
Date: Wed, 5 Feb 2025 12:58:10 +0100
Subject: [PATCH] Add back TransientToken check (#968)

---
 .../Requests/Api/Application/ApplicationApiRequest.php     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/Http/Requests/Api/Application/ApplicationApiRequest.php b/app/Http/Requests/Api/Application/ApplicationApiRequest.php
index 98c40212d..7dac16d27 100644
--- a/app/Http/Requests/Api/Application/ApplicationApiRequest.php
+++ b/app/Http/Requests/Api/Application/ApplicationApiRequest.php
@@ -4,6 +4,7 @@ namespace App\Http\Requests\Api\Application;
 
 use Webmozart\Assert\Assert;
 use App\Models\ApiKey;
+use Laravel\Sanctum\TransientToken;
 use Illuminate\Validation\Validator;
 use Illuminate\Database\Eloquent\Model;
 use App\Services\Acl\Api\AdminAcl;
@@ -36,9 +37,13 @@ abstract class ApplicationApiRequest extends FormRequest
             throw new PanelException('An ACL resource must be defined on API requests.');
         }
 
+        /** @var TransientToken|ApiKey $token */
         $token = $this->user()->currentAccessToken();
 
-        /** @var ApiKey $token */
+        if ($token instanceof TransientToken) {
+            return true;
+        }
+
         if ($token->key_type === ApiKey::TYPE_ACCOUNT) {
             return true;
         }