add permission control

2022-07-22 20:28:42 +08:00
parent b0280767cb
commit 51e5f2d0fb
13 changed files with 127 additions and 185 deletions
--- a/pkg/api/handle_review.go
+++ b/pkg/api/handle_review.go
@@ -116,13 +116,8 @@ func (api *API) CheckUserCanModifyReview(w http.ResponseWriter, r *http.Request,
 		return err
 	}

-	err = api.CheckNotAnonymous(w, r)
-	if err != nil {
-		return err
-	}
-
-	err = api.CheckAdmin(w, r)
-	if err != nil {
+	userLevel := api.GetUserLevel(r)
+	if userLevel != database.RoleAdmin {
 		userID, err := api.GetUserID(w, r)
 		if err != nil {
 			return err