feat: Add admin permission check for resource image updates

2025-12-16 07:51:14 +00:00 · 2025-11-17 21:01:06 +08:00
parent b811ca25c4
commit d118ad7d14
1 changed files with 6 additions and 2 deletions
--- a/server/service/resource.go
+++ b/server/service/resource.go
@@ -872,8 +872,12 @@ func UpdateResourceImage(uid, resourceID, oldImageID, newImageID uint) error {
 		return err
 	}

-	if resource.UserID != uid {
-		// 可以在这里添加管理员权限检查
+	isAdmin, err := CheckUserIsAdmin(uid)
+	if err != nil {
+		return err
+	}
+
+	if resource.UserID != uid && !isAdmin {
 		return model.NewUnAuthorizedError("You don't have permission to update this resource")
 	}