Added gate to check that the user is allowed to view API keys

Signed-off-by: snipe <snipe@snipe.net>

app/Http/Controllers/ProfileController.php

@@ -113,6 +113,12 @@ class ProfileController extends Controller
      */
     public function api()
     {
+
+        // Make sure the self.api permission has been granted
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
         return view('account/api');
     }