From 4457885685ce8f79322785e162c8f68b8b8a6cd8 Mon Sep 17 00:00:00 2001
From: Asara <amarpreet@minhas.io>
Date: Tue, 21 Jan 2020 22:19:35 -0500
Subject: [PATCH] Block non-admin users from posting

---
 packages/blog/blog.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/packages/blog/blog.go b/packages/blog/blog.go
index 88c4f72..151a277 100644
--- a/packages/blog/blog.go
+++ b/packages/blog/blog.go
@@ -78,6 +78,14 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) {
 	newBlogPost := &NewBlogPost{}
 	// basic checks
 	_, claims, _ := jwtauth.FromContext(r.Context())
+	is_admin := claims["admin"].(bool)
+	if !is_admin {
+		returnError.Message = "sorry only admins are allowed to create blog posts"
+		w.WriteHeader(http.StatusUnauthorized)
+		render.JSON(w, r, returnError)
+		return
+	}
+
 	username := claims["username"].(string)
 	err := json.NewDecoder(r.Body).Decode(newBlogPost)
 	if err != nil {