diff --git a/routes/api/v1/user_add_update.go b/routes/api/v1/user_add_update.go index 8a4aae6..ec92a02 100644 --- a/routes/api/v1/user_add_update.go +++ b/routes/api/v1/user_add_update.go @@ -11,6 +11,12 @@ import ( // UserAddOrUpdate is the handler to add a user func UserAddOrUpdate(c echo.Context) error { + + // Check if the user is admin + if !models.IsAdmin(c) { + return echo.ErrUnauthorized + } + // Check for Request Content userFromString := c.FormValue("user") var datUser *models.User diff --git a/routes/api/v1/user_delete.go b/routes/api/v1/user_delete.go index c184222..348b8ea 100644 --- a/routes/api/v1/user_delete.go +++ b/routes/api/v1/user_delete.go @@ -10,6 +10,11 @@ import ( // UserDelete is the handler to delete a user func UserDelete(c echo.Context) error { + // Check if the user is admin + if !models.IsAdmin(c) { + return echo.ErrUnauthorized + } + id := c.Param("id") // Make int diff --git a/routes/api/v1/user_show.go b/routes/api/v1/user_show.go index d952216..cb4476e 100644 --- a/routes/api/v1/user_show.go +++ b/routes/api/v1/user_show.go @@ -8,6 +8,12 @@ import ( ) func UserShow(c echo.Context) error { + + // Check if the user is admin + if !models.IsAdmin(c) { + return echo.ErrUnauthorized + } + user := c.Param("id") if user == "" {