tcjlj/nezha
1
0
Fork 0
mirror of https://github.com/nezhahq/nezha.git synced 2025-01-22 20:58:14 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: enhance authorization check for settings access

Browse Source
This commit is contained in:
naiba 2024-12-22 12:20:18 +08:00
parent 4af7e83004
commit f10e048bec
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/dashboard/controller/setting.go
View File

@ -20,8 +20,12 @@ import (
// @Success 200 {object} model.CommonResponse[model.SettingResponse] // @Success 200 {object} model.CommonResponse[model.SettingResponse]
// @Router /setting [get] // @Router /setting [get]
func listConfig(c *gin.Context) (model.SettingResponse, error) { func listConfig(c *gin.Context) (model.SettingResponse, error) {
_, isMember := c.Get(model.CtxKeyAuthorizedUser) u, ok := c.Get(model.CtxKeyAuthorizedUser)
authorized := isMember // TODO || isViewPasswordVerfied var authorized bool
if ok {
user := u.(*model.User)
authorized = user.Role == model.RoleAdmin
}
conf := model.SettingResponse{ conf := model.SettingResponse{
Config: *singleton.Conf, Config: *singleton.Conf,