fix: api/user/profile: logged in users are able to get user profile

2024-03-16 22:00:37 +08:00 · 2024-03-16 22:00:37 +08:00 · 6a28761e73
commit 6a28761e73
parent 3cfa0938e6
1 changed files with 1 additions and 6 deletions
--- a/internal/api/user/profile.go
+++ b/internal/api/user/profile.go
@ -29,7 +29,7 @@ func (h *handler) Profile(c *gin.Context) {
 	}

 	uid := claim.(*model.Claim).UID
-	role := claim.(*model.Claim).Role
+	// role := claim.(*model.Claim).Role

 	req := new(profileRequest)
 	if err := c.ShouldBind(req); err != nil {
@ -43,10 +43,5 @@ func (h *handler) Profile(c *gin.Context) {
 		return
 	}

-	if role < model.RoleAdmin && user.ID != uid {
-		e.Pong[any](c, e.UserUnauthorized, nil)
-		return
-	}
-
 	e.Pong(c, status, user)
 }