block viewers from convicting (#746)

This commit is contained in:
Echo 2025-12-28 21:10:29 +01:00 committed by GitHub
parent c0133f7edd
commit 3f13f453f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -2,6 +2,8 @@ module Api
module Admin
module V1
class AdminController < Api::Admin::V1::ApplicationController
before_action :can_write!, only: [ :user_convict ]
def check
api_key = current_admin_api_key
creator = User.find(api_key.user_id)
@ -367,6 +369,13 @@ module Api
private
def can_write!
# blocks viewers
unless current_user.admin_level.in?([ "admin", "superadmin" ])
render json: { error: "no perms lmaooo" }, status: :forbidden
end
end
def find_user_by_id
user_id = params[:id]