Asara/sudoscientist-go-backend
Archived
1
0
Fork 0
Code Issues Pull requests Releases 2 Wiki Activity

Block non-admin users from posting

Browse source
This commit is contained in:
Amarpreet Minhas 2020-01-21 22:19:35 -05:00
parent aa2731e789
commit 4457885685
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
packages/blog/blog.go
View file

@ -78,6 +78,14 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) {
newBlogPost := &NewBlogPost{} newBlogPost := &NewBlogPost{}
// basic checks // basic checks
_, claims, _ := jwtauth.FromContext(r.Context()) _, claims, _ := jwtauth.FromContext(r.Context())
is_admin := claims["admin"].(bool)
if !is_admin {
returnError.Message = "sorry only admins are allowed to create blog posts"
w.WriteHeader(http.StatusUnauthorized)
render.JSON(w, r, returnError)
return
}
username := claims["username"].(string) username := claims["username"].(string)
err := json.NewDecoder(r.Body).Decode(newBlogPost) err := json.NewDecoder(r.Body).Decode(newBlogPost)
if err != nil { if err != nil {