fix: api/user/profile: logged in users are able to get user profile
This commit is contained in:
parent
3cfa0938e6
commit
6a28761e73
@ -29,7 +29,7 @@ func (h *handler) Profile(c *gin.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
uid := claim.(*model.Claim).UID
|
uid := claim.(*model.Claim).UID
|
||||||
role := claim.(*model.Claim).Role
|
// role := claim.(*model.Claim).Role
|
||||||
|
|
||||||
req := new(profileRequest)
|
req := new(profileRequest)
|
||||||
if err := c.ShouldBind(req); err != nil {
|
if err := c.ShouldBind(req); err != nil {
|
||||||
@ -43,10 +43,5 @@ func (h *handler) Profile(c *gin.Context) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if role < model.RoleAdmin && user.ID != uid {
|
|
||||||
e.Pong[any](c, e.UserUnauthorized, nil)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
e.Pong(c, status, user)
|
e.Pong(c, status, user)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user