Fix tenant photo moderation and guest updates

app/Http/Controllers/Api/Tenant/PhotoController.php

@@ -525,13 +525,13 @@ class PhotoController extends Controller
         ]);
 
         // Only tenant admins can moderate
-        if (isset($validated['status']) && ! $this->tokenHasScope($request, 'tenant:write')) {
+        if (isset($validated['status']) && ! $this->tokenHasScope($request, 'tenant-admin')) {
             return ApiError::response(
                 'insufficient_scope',
                 'Insufficient Scopes',
                 'You are not allowed to moderate photos for this event.',
                 Response::HTTP_FORBIDDEN,
-                ['required_scope' => 'tenant:write']
+                ['required_scope' => 'tenant-admin']
             );
         }
 
@@ -823,6 +823,11 @@ class PhotoController extends Controller
 
     private function tokenHasScope(Request $request, string $scope): bool
     {
+        $accessToken = $request->user()?->currentAccessToken();
+        if ($accessToken && $accessToken->can($scope)) {
+            return true;
+        }
+
         $scopes = $request->user()->scopes ?? ($request->attributes->get('decoded_token')['scopes'] ?? []);
 
         if (! is_array($scopes)) {