From f10e048bec6d86cda7cc4dbea8c4a48ceb43501b Mon Sep 17 00:00:00 2001
From: naiba <hi@nai.ba>
Date: Sun, 22 Dec 2024 12:20:18 +0800
Subject: [PATCH] feat: enhance authorization check for settings access

---
 cmd/dashboard/controller/setting.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cmd/dashboard/controller/setting.go b/cmd/dashboard/controller/setting.go
index 90dea05..d4a35ea 100644
--- a/cmd/dashboard/controller/setting.go
+++ b/cmd/dashboard/controller/setting.go
@@ -20,8 +20,12 @@ import (
 // @Success 200 {object} model.CommonResponse[model.SettingResponse]
 // @Router /setting [get]
 func listConfig(c *gin.Context) (model.SettingResponse, error) {
-	_, isMember := c.Get(model.CtxKeyAuthorizedUser)
-	authorized := isMember // TODO || isViewPasswordVerfied
+	u, ok := c.Get(model.CtxKeyAuthorizedUser)
+	var authorized bool
+	if ok {
+		user := u.(*model.User)
+		authorized = user.Role == model.RoleAdmin
+	}
 
 	conf := model.SettingResponse{
 		Config:            *singleton.Conf,