feat: improve RequireAdmin() logic

2025-05-23 02:35:49 +08:00 · 2024-03-16 20:49:17 +08:00 · 2024-03-16 20:49:17 +08:00 · be88b00278
commit be88b00278
parent 1bd0245e7a
2 changed files with 10 additions and 0 deletions
--- a/controllers/record.go
+++ b/controllers/record.go
@ -85,6 +85,11 @@ func (c *ApiController) GetRecords() {
 // @Success 200 {object} object.Record The Response object
 // @router /get-records-filter [post]
 func (c *ApiController) GetRecordsByFilter() {
+	_, ok := c.RequireAdmin()
+	if !ok {
+		return
+	}
+
 	body := string(c.Ctx.Input.RequestBody)

 	record := &casvisorsdk.Record{}
--- a/controllers/util.go
+++ b/controllers/util.go
@ -127,6 +127,11 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	if user.Owner == "built-in" {
 		return "", true
 	}
+
+	if !user.IsAdmin {
+		return "", false
+	}
+
 	return user.Owner, true
 }