From e440ee8483a6d76b3599d42d93ce523ba37e3aab Mon Sep 17 00:00:00 2001
From: chenjing <28122123@qq.com>
Date: Wed, 22 Feb 2023 10:38:40 +0800
Subject: [PATCH 1/2]  api/users/{{user}}/messages add check auth

---
 app/controllers/users/messages_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/users/messages_controller.rb b/app/controllers/users/messages_controller.rb
index 5116f580f..4feb4a98e 100644
--- a/app/controllers/users/messages_controller.rb
+++ b/app/controllers/users/messages_controller.rb
@@ -1,6 +1,7 @@
 class Users::MessagesController < Users::BaseController 
   before_action :private_user_resources!
   before_action :find_receivers, only: [:create]
+  before_action :check_auth
 
   def index 
 		limit = params[:limit] || params[:per_page]
@@ -63,6 +64,10 @@ class Users::MessagesController < Users::BaseController
   end
 
   private 
+  def check_auth
+    return render_forbidden unless current_user.admin? || observed_logged_user?
+  end
+
   def message_type 
     @message_type = begin
       case params[:type]

From 54b7f2c72666018cf94a2dec6a3573cc7d44cb55 Mon Sep 17 00:00:00 2001
From: chenjing <28122123@qq.com>
Date: Wed, 22 Feb 2023 10:48:23 +0800
Subject: [PATCH 2/2] fix api/users/:login/headmaps.json bug

---
 app/controllers/users/headmaps_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/users/headmaps_controller.rb b/app/controllers/users/headmaps_controller.rb
index 7c88b5681..7faba1e50 100644
--- a/app/controllers/users/headmaps_controller.rb
+++ b/app/controllers/users/headmaps_controller.rb
@@ -10,15 +10,15 @@ class Users::HeadmapsController < Users::BaseController
   private 
   def start_stamp
     if params[:year].present?
-      Date.new(params[:year], 1).to_time.to_i
+      Date.new(params[:year].to_i, 1).to_time.to_i
     else 
-      Date.today.to_time.to_i - 365*24*60*60
+      (Date.today  - 1.years).to_time.to_i  
     end
   end
 
   def end_stamp 
     if params[:year].present?
-      Date.new(params[:year], 1).to_time.to_i + 365*24*60*60
+      (Date.new(params[:year].to_i, 1) + 1.years).to_time.to_i
     else 
       Date.today.to_time.to_i 
     end