System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-20 00:35:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

block viewers from convicting (#746)

Browse source
This commit is contained in:
Echo 2025-12-28 21:10:29 +01:00 committed by GitHub
parent c0133f7edd
commit 3f13f453f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/api/admin/v1/admin_controller.rb
View file

@ -2,6 +2,8 @@ module Api
module Admin
module V1
class AdminController < Api::Admin::V1::ApplicationController
before_action :can_write!, only: [ :user_convict ]
def check
api_key = current_admin_api_key
creator = User.find(api_key.user_id)
@ -367,6 +369,13 @@ module Api
private
def can_write!
# blocks viewers
unless current_user.admin_level.in?([ "admin", "superadmin" ])
render json: { error: "no perms lmaooo" }, status: :forbidden
end
end
def find_user_by_id
user_id = params[:id]