api: fix panic if anonymous user request admin API

Add sign in check before check user account level
This commit is contained in:
Unknwon 2016-07-23 17:56:37 +08:00
parent 745167d57a
commit e63b2881b1

View File

@ -103,7 +103,7 @@ func ReqBasicAuth() macaron.Handler {
func ReqAdmin() macaron.Handler {
return func(ctx *context.Context) {
if !ctx.User.IsAdmin {
if !ctx.IsSigned || !ctx.User.IsAdmin {
ctx.Error(403)
return
}