Block non-admin users from posting

2020-01-21 22:19:35 -05:00 · 2020-01-21 22:19:35 -05:00 · 4457885685
commit 4457885685
parent aa2731e789
1 changed files with 8 additions and 0 deletions
--- a/packages/blog/blog.go
+++ b/packages/blog/blog.go
@ -78,6 +78,14 @@ func createBlogPost(w http.ResponseWriter, r *http.Request) {
 	newBlogPost := &NewBlogPost{}
 	// basic checks
 	_, claims, _ := jwtauth.FromContext(r.Context())
+	is_admin := claims["admin"].(bool)
+	if !is_admin {
+		returnError.Message = "sorry only admins are allowed to create blog posts"
+		w.WriteHeader(http.StatusUnauthorized)
+		render.JSON(w, r, returnError)
+		return
+	}
+
 	username := claims["username"].(string)
 	err := json.NewDecoder(r.Body).Decode(newBlogPost)
 	if err != nil {