diff --git a/kernel/api/router.go b/kernel/api/router.go index b200f01b0..0957874d7 100644 --- a/kernel/api/router.go +++ b/kernel/api/router.go @@ -238,7 +238,7 @@ func ServeAPI(ginServer *gin.Engine) { ginServer.Handle("POST", "/api/sync/listCloudSyncDir", model.CheckAuth, model.CheckAdminRole, listCloudSyncDir) ginServer.Handle("POST", "/api/sync/performSync", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, performSync) ginServer.Handle("POST", "/api/sync/performBootSync", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, performBootSync) - ginServer.Handle("POST", "/api/sync/getBootSync", model.CheckAuth, model.CheckAdminRole, getBootSync) + ginServer.Handle("POST", "/api/sync/getBootSync", model.CheckAuth, getBootSync) ginServer.Handle("POST", "/api/sync/getSyncInfo", model.CheckAuth, model.CheckAdminRole, getSyncInfo) ginServer.Handle("POST", "/api/sync/exportSyncProviderS3", model.CheckAuth, model.CheckAdminRole, exportSyncProviderS3) ginServer.Handle("POST", "/api/sync/importSyncProviderS3", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, importSyncProviderS3) @@ -318,7 +318,7 @@ func ServeAPI(ginServer *gin.Engine) { ginServer.Handle("POST", "/api/setting/setSearch", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, setSearch) ginServer.Handle("POST", "/api/setting/setKeymap", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, setKeymap) ginServer.Handle("POST", "/api/setting/setAppearance", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, setAppearance) - ginServer.Handle("POST", "/api/setting/getCloudUser", model.CheckAuth, model.CheckAdminRole, getCloudUser) + ginServer.Handle("POST", "/api/setting/getCloudUser", model.CheckAuth, getCloudUser) ginServer.Handle("POST", "/api/setting/logoutCloudUser", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, logoutCloudUser) ginServer.Handle("POST", "/api/setting/login2faCloudUser", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, login2faCloudUser) ginServer.Handle("POST", "/api/setting/setEmoji", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, setEmoji) diff --git a/kernel/api/setting.go b/kernel/api/setting.go index 4a6322455..901035007 100644 --- a/kernel/api/setting.go +++ b/kernel/api/setting.go @@ -590,6 +590,10 @@ func getCloudUser(c *gin.Context) { ret := gulu.Ret.NewResult() defer c.JSON(http.StatusOK, ret) + if !model.IsAdminRoleContext(c) { + return + } + arg, ok := util.JsonArg(c, ret) if !ok { return diff --git a/kernel/api/sync.go b/kernel/api/sync.go index f793cbf08..90be8ea18 100644 --- a/kernel/api/sync.go +++ b/kernel/api/sync.go @@ -382,6 +382,10 @@ func getBootSync(c *gin.Context) { ret := gulu.Ret.NewResult() defer c.JSON(http.StatusOK, ret) + if !model.IsAdminRoleContext(c) { + return + } + if model.Conf.Sync.Enabled && 1 == model.BootSyncSucc { ret.Code = 1 ret.Msg = model.Conf.Language(17) diff --git a/kernel/model/role.go b/kernel/model/role.go index 5f0fca3aa..79f6b0f18 100644 --- a/kernel/model/role.go +++ b/kernel/model/role.go @@ -54,3 +54,7 @@ func GetGinContextRole(c *gin.Context) Role { return RoleVisitor } } + +func IsAdminRoleContext(c *gin.Context) bool { + return GetGinContextRole(c) == RoleAdministrator +} diff --git a/kernel/model/session.go b/kernel/model/session.go index 83da63064..4a78cee7d 100644 --- a/kernel/model/session.go +++ b/kernel/model/session.go @@ -324,9 +324,7 @@ func CheckAuth(c *gin.Context) { } func CheckAdminRole(c *gin.Context) { - if IsValidRole(GetGinContextRole(c), []Role{ - RoleAdministrator, - }) { + if IsAdminRoleContext(c) { c.Next() } else { c.AbortWithStatus(http.StatusForbidden)