api: fix panic if anonymous user request admin API

Add sign in check before check user account level
2025-11-04 08:30:25 +08:00 · 2016-07-23 17:56:37 +08:00
parent 745167d57a
commit e63b2881b1
1 changed files with 1 additions and 1 deletions
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -103,7 +103,7 @@ func ReqBasicAuth() macaron.Handler {
 func ReqAdmin() macaron.Handler {
 	return func(ctx *context.Context) {
-		if !ctx.User.IsAdmin {
+		if !ctx.IsSigned || !ctx.User.IsAdmin {
 			ctx.Error(403)
 			return
 		}