Block non-admin users from posting

packages/blog/blog.go

@@ -78,6 +78,14 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) {
 	newBlogPost := &NewBlogPost{}
 	// basic checks
 	_, claims, _ := jwtauth.FromContext(r.Context())
+	is_admin := claims["admin"].(bool)
+	if !is_admin {
+		returnError.Message = "sorry only admins are allowed to create blog posts"
+		w.WriteHeader(http.StatusUnauthorized)
+		render.JSON(w, r, returnError)
+		return
+	}
+
 	username := claims["username"].(string)
 	err := json.NewDecoder(r.Body).Decode(newBlogPost)
 	if err != nil {