From e440ee8483a6d76b3599d42d93ce523ba37e3aab Mon Sep 17 00:00:00 2001
From: chenjing <28122123@qq.com>
Date: Wed, 22 Feb 2023 10:38:40 +0800
Subject: [PATCH]  api/users/{{user}}/messages add check auth

---
 app/controllers/users/messages_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/users/messages_controller.rb b/app/controllers/users/messages_controller.rb
index 5116f580f..4feb4a98e 100644
--- a/app/controllers/users/messages_controller.rb
+++ b/app/controllers/users/messages_controller.rb
@@ -1,6 +1,7 @@
 class Users::MessagesController < Users::BaseController 
   before_action :private_user_resources!
   before_action :find_receivers, only: [:create]
+  before_action :check_auth
 
   def index 
 		limit = params[:limit] || params[:per_page]
@@ -63,6 +64,10 @@ class Users::MessagesController < Users::BaseController
   end
 
   private 
+  def check_auth
+    return render_forbidden unless current_user.admin? || observed_logged_user?
+  end
+
   def message_type 
     @message_type = begin
       case params[:type]