Restrict /api/users to admin and loggedUsers

2021-01-30 03:34:24 +01:00 · 2021-01-30 03:34:24 +01:00 · 0b924af8fe
parent 986c7e4c64
commit 0b924af8fe
1 changed files with 2 additions and 2 deletions
--- a/users.go
+++ b/users.go
@ -12,11 +12,11 @@ func init() {
 	router.GET("/api/users", apiHandler(
 		func(httprouter.Params, []byte) HTTPResponse {
 			return formatApiResponse(getUsers())
-		}))
+		}, adminRestricted))
 	router.GET("/api/users/:uid", apiHandler(userHandler(
 		func(u User, _ []byte) HTTPResponse {
 			return APIResponse{u}
-		})))
+		}), loggedUser))
 	router.PUT("/api/users/:uid", apiHandler(userHandler(updateUser), adminRestricted))
 	router.DELETE("/api/users/:uid", apiHandler(userHandler(
 		func(u User, _ []byte) HTTPResponse {