fix(rank): Incorrect permission verification

user can update answer that put by himself. admin can vote up anyway.
2022-12-06 14:45:29 +08:00 · 2022-12-06 14:45:29 +08:00 · a6630670be
parent 8c4dc92f58
commit a6630670be
2 changed files with 5 additions and 1 deletions
--- a/internal/controller/answer_controller.go
+++ b/internal/controller/answer_controller.go
@ -161,7 +161,7 @@ func (ac *AnswerController) Update(ctx *gin.Context) {
 	canList, err := ac.rankService.CheckOperationPermissions(ctx, req.UserID, []string{
 		rank.AnswerEditRank,
 		rank.AnswerEditWithoutReviewRank,
-	}, "")
+	}, req.ID)
 	if err != nil {
 		handler.HandleResponse(ctx, err, nil)
 		return
--- a/internal/service/rank/rank_service.go
+++ b/internal/service/rank/rank_service.go
@ -170,6 +170,10 @@ func (rs *RankService) CheckVotePermission(ctx context.Context, userID, objectID
 	if !exist {
 		return can, nil
 	}
+	// administrator have all permissions
+	if userInfo.IsAdmin {
+		return true, nil
+	}

 	objectInfo, err := rs.objectInfoService.GetInfo(ctx, objectID)
 	if err != nil {