api: fix panic if anonymous user request admin API
Add sign in check before check user account level
This commit is contained in:
parent
745167d57a
commit
e63b2881b1
|
@ -103,7 +103,7 @@ func ReqBasicAuth() macaron.Handler {
|
|||
|
||||
func ReqAdmin() macaron.Handler {
|
||||
return func(ctx *context.Context) {
|
||||
if !ctx.User.IsAdmin {
|
||||
if !ctx.IsSigned || !ctx.User.IsAdmin {
|
||||
ctx.Error(403)
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user