fix: prevent common user from specifying channel id (#12)

2025-10-14 23:00:27 +00:00 · 2023-04-26 14:49:27 +08:00
parent 1dd92a3f92
commit 4f8cbd643d
3 changed files with 26 additions and 1 deletions
--- a/model/user.go
+++ b/model/user.go
@@ -175,3 +175,16 @@ func ResetUserPasswordByEmail(email string, password string) error {
 	err = DB.Model(&User{}).Where("email = ?", email).Update("password", hashedPassword).Error
 	return err
 }
+
+func IsAdmin(userId int) bool {
+	if userId == 0 {
+		return false
+	}
+	var user User
+	err := DB.Where("id = ?", userId).Select("role").Find(&user).Error
+	if err != nil {
+		common.SysError("No such user " + err.Error())
+		return false
+	}
+	return user.Role >= common.RoleAdminUser
+}