github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Update security for dashboard and details pages.

Browse Source
This commit is contained in:
Mike Cao
2020-09-17 11:40:04 -07:00
parent ecd2593063
commit bff8806b61
7 changed files with 40 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
pages/api/websites.js
View File

@@ -5,15 +5,15 @@ import { ok, methodNotAllowed, unauthorized } from 'lib/response';
export default async (req, res) => {
await useAuth(req, res);
const { user_id, is_admin } = req.auth;
const { userId } = req.query;
const { user_id: current_user_id, is_admin } = req.auth;
const { user_id } = req.query;
if (req.method === 'GET') {
if (userId && !is_admin) {
if (user_id && !is_admin) {
return unauthorized(res);
}
const websites = await getUserWebsites(+userId || user_id);
const websites = await getUserWebsites(+user_id || current_user_id);
return ok(res, websites);
}