From a9b8fbf558dd4b60f3c9dc6e053eb833e3605845 Mon Sep 17 00:00:00 2001 From: LittleSheep Date: Wed, 29 Jan 2025 19:22:36 +0800 Subject: [PATCH] :passport_control: Add permission check for listing news --- pkg/internal/server/api/news_api.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/internal/server/api/news_api.go b/pkg/internal/server/api/news_api.go index 6b29a05..1987859 100644 --- a/pkg/internal/server/api/news_api.go +++ b/pkg/internal/server/api/news_api.go @@ -3,6 +3,7 @@ package api import ( "time" + "git.solsynth.dev/hypernet/nexus/pkg/nex/sec" "git.solsynth.dev/hypernet/reader/pkg/internal/database" "git.solsynth.dev/hypernet/reader/pkg/internal/models" "github.com/gofiber/fiber/v2" @@ -33,6 +34,10 @@ func getTodayNews(c *fiber.Ctx) error { } func listNewsArticles(c *fiber.Ctx) error { + if err := sec.EnsureGrantedPerm(c, "ListNews", true); err != nil { + return err + } + take := c.QueryInt("take", 0) offset := c.QueryInt("offset", 0) source := c.Query("source")