mirror/wakapi
1
0
Fork 0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00
Code Issues Projects Releases Wiki Activity

fix: admin users can't fetch other user data

Browse Source
This commit is contained in:
Asen Mihaylov 2022-06-28 13:01:35 +03:00
parent 099cdaddbc
commit affff0c386
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
routes/utils/user_utils.go
View File

@ -35,7 +35,7 @@ func CheckEffectiveUser(w http.ResponseWriter, r *http.Request, userService serv
return nil, err return nil, err
} }
if authorizedUser == nil || authorizedUser.ID != requestedUser.ID { if authorizedUser == nil || authorizedUser.ID != requestedUser.ID && !authorizedUser.IsAdmin {
err := errors.New(conf.ErrUnauthorized) err := errors.New(conf.ErrUnauthorized)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(err.Error())) w.Write([]byte(err.Error()))