fix: api/user/profile: logged in users are able to get user profile
This commit is contained in:
parent
3cfa0938e6
commit
6a28761e73
@ -29,7 +29,7 @@ func (h *handler) Profile(c *gin.Context) {
|
||||
}
|
||||
|
||||
uid := claim.(*model.Claim).UID
|
||||
role := claim.(*model.Claim).Role
|
||||
// role := claim.(*model.Claim).Role
|
||||
|
||||
req := new(profileRequest)
|
||||
if err := c.ShouldBind(req); err != nil {
|
||||
@ -43,10 +43,5 @@ func (h *handler) Profile(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if role < model.RoleAdmin && user.ID != uid {
|
||||
e.Pong[any](c, e.UserUnauthorized, nil)
|
||||
return
|
||||
}
|
||||
|
||||
e.Pong(c, status, user)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user