bd sync: 2026-01-12 17:02:15

app/Http/Controllers/Api/Tenant/PhotoController.php

@@ -525,13 +525,13 @@ class PhotoController extends Controller
         ]);
 
         // Only tenant admins can moderate
-        if (isset($validated['status']) && ! $this->tokenHasScope($request, 'tenant-admin')) {
+        if (isset($validated['status']) && ! $this->tokenHasScope($request, 'tenant:write')) {
             return ApiError::response(
                 'insufficient_scope',
                 'Insufficient Scopes',
                 'You are not allowed to moderate photos for this event.',
                 Response::HTTP_FORBIDDEN,
-                ['required_scope' => 'tenant-admin']
+                ['required_scope' => 'tenant:write']
             );
         }
 
@@ -823,11 +823,6 @@ class PhotoController extends Controller
 
     private function tokenHasScope(Request $request, string $scope): bool
     {
-        $accessToken = $request->user()?->currentAccessToken();
-        if ($accessToken && $accessToken->can($scope)) {
-            return true;
-        }
-
         $scopes = $request->user()->scopes ?? ($request->attributes->get('decoded_token')['scopes'] ?? []);
 
         if (! is_array($scopes)) {