From b09922b58a76e571aba9dec1a3ba55f329589ee4 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Fri, 19 Aug 2016 15:22:52 +1000
Subject: [PATCH] we have to allow message bus for read clients

---
 lib/auth/default_current_user_provider.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index be65402ebc9..7dd482b7cb2 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -178,7 +178,7 @@ class Auth::DefaultCurrentUserProvider
 
   def lookup_user_api_user(user_api_key)
     if api_key = UserApiKey.where(key: user_api_key, revoked_at: nil).includes(:user).first
-      if !api_key.write && @env["REQUEST_METHOD"] != "GET"
+      if !api_key.write && (@env["REQUEST_METHOD"] != "GET" && @env["PATH_INFO"] !~ /^\/message-bus\/.*\/poll/)
         raise Discourse::InvalidAccess
       end