From be88b002788b29604272e3f5a86dcb7de880f722 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Sat, 16 Mar 2024 20:49:17 +0800
Subject: [PATCH] feat: improve RequireAdmin() logic

---
 controllers/record.go | 5 +++++
 controllers/util.go   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/controllers/record.go b/controllers/record.go
index 15ec524a..25f8d5dd 100644
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -85,6 +85,11 @@ func (c *ApiController) GetRecords() {
 // @Success 200 {object} object.Record The Response object
 // @router /get-records-filter [post]
 func (c *ApiController) GetRecordsByFilter() {
+	_, ok := c.RequireAdmin()
+	if !ok {
+		return
+	}
+
 	body := string(c.Ctx.Input.RequestBody)
 
 	record := &casvisorsdk.Record{}
diff --git a/controllers/util.go b/controllers/util.go
index f6992297..35892d9f 100644
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -127,6 +127,11 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	if user.Owner == "built-in" {
 		return "", true
 	}
+
+	if !user.IsAdmin {
+		return "", false
+	}
+
 	return user.Owner, true
 }