From b08909c65cbc62f47980b601c6c53320da9966ae Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 10 May 2017 08:42:25 +0000 Subject: [PATCH] only allow authed admins --- router/torrentReportHandler.go | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/router/torrentReportHandler.go b/router/torrentReportHandler.go index ff4cf3ef..74907c0d 100644 --- a/router/torrentReportHandler.go +++ b/router/torrentReportHandler.go @@ -5,6 +5,7 @@ import ( "github.com/ewhal/nyaa/model" "github.com/ewhal/nyaa/service/moderation" + "github.com/ewhal/nyaa/service/user/permission" ) /* func SanitizeTorrentReport(torrentReport *model.TorrentReport) { @@ -47,16 +48,22 @@ func DeleteTorrentReportHandler(w http.ResponseWriter, r *http.Request) { } */ func GetTorrentReportHandler(w http.ResponseWriter, r *http.Request) { - torrentReports, err := moderationService.GetTorrentReports() - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - err = torrentReportTemplate.ExecuteTemplate(w, "torrent_report.html", ViewTorrentReportsVariables{model.TorrentReportsToJSON(torrentReports)}) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } + currentUser := GetUser(r) + if userPermission.HasAdmin(currentUser) { + + torrentReports, err := moderationService.GetTorrentReports() + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + err = torrentReportTemplate.ExecuteTemplate(w, "torrent_report.html", ViewTorrentReportsVariables{model.TorrentReportsToJSON(torrentReports)}) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } else { + http.Error(w, "admins only", http.StatusForbidden) + } } /*