Block non-admin users from posting

This commit is contained in:
Amarpreet Minhas 2020-01-21 22:19:35 -05:00
parent aa2731e789
commit 4457885685

View file

@ -78,6 +78,14 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) {
newBlogPost := &NewBlogPost{} newBlogPost := &NewBlogPost{}
// basic checks // basic checks
_, claims, _ := jwtauth.FromContext(r.Context()) _, claims, _ := jwtauth.FromContext(r.Context())
is_admin := claims["admin"].(bool)
if !is_admin {
returnError.Message = "sorry only admins are allowed to create blog posts"
w.WriteHeader(http.StatusUnauthorized)
render.JSON(w, r, returnError)
return
}
username := claims["username"].(string) username := claims["username"].(string)
err := json.NewDecoder(r.Body).Decode(newBlogPost) err := json.NewDecoder(r.Body).Decode(newBlogPost)
if err != nil { if err != nil {