Enforce admin role when adding blog pages

2024-01-05 11:09:07 -06:00
parent fad00d2065
commit 7087574366
3 changed files with 4 additions and 5 deletions
@@ -199,11 +199,10 @@ func (d *DarkstormTech) handleBlog(req *stupid.Request) bool {
 }

 func (d *DarkstormTech) addBlog(req *stupid.Request) bool {
-	if req.User == nil {
+	if req.User == nil || req.User.Role != "admin" {
 		req.Resp.WriteHeader(http.StatusUnauthorized)
 		return true
 	}
-	//TODO: Check if user is admin
 	if req.Body == nil {
 		req.Resp.WriteHeader(http.StatusBadRequest)
 		return true