Added admincheck to all adminroutes

2018-01-23 15:27:08 +01:00 · 2018-01-23 15:27:08 +01:00 · a92d711b00
parent 4275a3acad
commit a92d711b00
3 changed files with 17 additions and 0 deletions
--- a/routes/api/v1/user_add_update.go
+++ b/routes/api/v1/user_add_update.go
@ -11,6 +11,12 @@ import (

 // UserAddOrUpdate is the handler to add a user
 func UserAddOrUpdate(c echo.Context) error {
+
+	// Check if the user is admin
+	if !models.IsAdmin(c) {
+		return echo.ErrUnauthorized
+	}
+
 	// Check for Request Content
 	userFromString := c.FormValue("user")
 	var datUser *models.User
--- a/routes/api/v1/user_delete.go
+++ b/routes/api/v1/user_delete.go
@ -10,6 +10,11 @@ import (
 // UserDelete is the handler to delete a user
 func UserDelete(c echo.Context) error {

+	// Check if the user is admin
+	if !models.IsAdmin(c) {
+		return echo.ErrUnauthorized
+	}
+
 	id := c.Param("id")

 	// Make int
--- a/routes/api/v1/user_show.go
+++ b/routes/api/v1/user_show.go
@ -8,6 +8,12 @@ import (
 )

 func UserShow(c echo.Context) error {
+
+	// Check if the user is admin
+	if !models.IsAdmin(c) {
+		return echo.ErrUnauthorized
+	}
+
 	user := c.Param("id")

 	if user == "" {