]> source.dussan.org Git - gitea.git/commitdiff
projects / gitea.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 745167d)
api: fix panic if anonymous user request admin API
authorUnknwon <u@gogs.io>
Sat, 23 Jul 2016 09:56:37 +0000 (17:56 +0800)
committerUnknwon <u@gogs.io>
Sat, 23 Jul 2016 09:56:37 +0000 (17:56 +0800)
Add sign in check before check user account level

routers/api/v1/api.go patch | blob | history

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 4fac550e82a8404d7d2bdc687c1fa8461b1abab7..a13a1e6885020dde587b1f24228d676e801aeee7 100644 (file)
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -103,7 +103,7 @@ func ReqBasicAuth() macaron.Handler {
 
 func ReqAdmin() macaron.Handler {
        return func(ctx *context.Context) {
-               if !ctx.User.IsAdmin {
+               if !ctx.IsSigned || !ctx.User.IsAdmin {
                        ctx.Error(403)
                        return
                }
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea