ryan/bbq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow token-only admin access for events with no owner

Browse Source 
Skip the user ownership check when event.user_id is NULL so
existing events created before auth still work with their
admin links.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Ryan Chen
2026-05-18 09:07:26 -04:00
parent d68a6629ac
commit 997bc8c1c6
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers.go
+2 -2
View File
@@ -468,9 +468,9 @@ func (s *Server) authorizeAdmin(w http.ResponseWriter, r *http.Request, isPage b
return nil return nil
} }
if s.features.Auth { if s.features.Auth && event.UserID.Valid {
user := s.currentUser(r) user := s.currentUser(r)
if user == nil || !event.UserID.Valid || user.ID != event.UserID.Int64 { if user == nil || user.ID != event.UserID.Int64 {
if isPage { if isPage {
http.Redirect(w, r, "/e/"+slug, http.StatusSeeOther) http.Redirect(w, r, "/e/"+slug, http.StatusSeeOther)
} else { } else {