hot fix #1

2026-06-04 02:32:57 +00:00 · 2026-01-26 08:13:18 +01:00
parent aa036b6550
commit dfc079288f
505 changed files with 95755 additions and 5712 deletions
@@ -157,7 +157,13 @@ func RoleAuth(requiredRole string) gin.HandlerFunc {
 			return
 		}

-		// Check if user has the required role
+		// Editors are allowed to access routes that require either "editor" or "admin"
+		if userRole == "editor" && (requiredRole == "editor" || requiredRole == "admin") {
+			c.Next()
+			return
+		}
+
+		// Check if user has the required role exactly
 		if userRole != requiredRole {
 			c.JSON(http.StatusForbidden, gin.H{"error": "Insufficient permissions"})
 			c.Abort()