Checking User Rights in the Server API

Hi Devs,

If Google Recaptcha is enabled in the options, I’d like admins to be able to skip the captcha requirement.

I tried this:

Line 222 Role Check in API

But when I submit the signup form using my admin account:

res.locals.oauth && res.locals.oauth.token

Are still null, and thus, I’m never able to get to the userHasPermission(UserRight.MANAGE_USERS) check.

What is the proper way to determine if the API call was made by an admin, moderator, or normal user?

Use optionalAuthenticate: