fixed viewing invisible releases with admin session

2025-01-27 00:27:03 +00:00 · 2025-01-27 00:27:03 +00:00 · 70825ae875
commit 70825ae875
parent 1efe52a8cb
5 changed files with 46 additions and 36 deletions
--- a/view/music.go
+++ b/view/music.go
@ -3,6 +3,7 @@ package view
 import (
 	"fmt"
 	"net/http"
+	"os"

 	"arimelody-web/controller"
 	"arimelody-web/model"
@ -59,7 +60,13 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler {
        // only allow authorised users to view hidden releases
        privileged := false
        if !release.Visible {
-            session := r.Context().Value("session").(*model.Session)
+            session, err := controller.GetSessionFromRequest(app.DB, r)
+            if err != nil {
+                fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
+                http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+                return
+            }
+
            if session != nil && session.Account != nil {
                // TODO: check privilege on release
                privileged = true