fix: fixed broken priv handling in plus 24.11

jaredhendrickson13 · jaredhendrickson13 · commit b0507f06cc80 · 2024-12-07T21:03:55.000-07:00
diff --git a/pfSense-pkg-API/files/etc/inc/api/framework/APIAuth.inc b/pfSense-pkg-API/files/etc/inc/api/framework/APIAuth.inc
@@ -129,7 +129,10 @@ class APIAuth {
     public function authorize() {
         # Local variables
         $authorized = false;
-        $client_config =& getUserEntry($this->username);;
+
+        # Starting with pfSense Plus 24.11, the client config is nested under an 'item' key. Handle both cases.
+        $client_config =& getUserEntry($this->username);
+        $client_config = (array_key_exists('item', $client_config)) ? $client_config['item'] : $client_config;
         $this->privs = get_user_privileges($client_config);
 
         # If no require privileges were given, assume call is always authorized
