From 8e09e72979128d1d16d28df0df17e544037da9f0 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Thu, 16 Jan 2020 14:47:23 -0500 Subject: [PATCH] Require authenticated user for editor access Previously, anyone could access the editor even if they weren't logged in. They couldn't do much in that case (publishing would fail), but it could potentially cause some confusion. Now, users will be sent to the login page, and then redirected back to the editor once successfully logged in. --- routes.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routes.go b/routes.go index 7784d71..ba531fb 100644 --- a/routes.go +++ b/routes.go @@ -169,9 +169,9 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router { draftEditPrefix := "" if apper.App().cfg.App.SingleUser { draftEditPrefix = "/d" - write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET") + write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelUser)).Methods("GET") } else { - write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET") + write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelUser)).Methods("GET") } // All the existing stuff