From 3f1b479c8233bea2f4159957441edfce76997e3f Mon Sep 17 00:00:00 2001
From: Colin Okay <okay@toyful.space>
Date: Fri, 25 Feb 2022 12:02:50 -0600
Subject: unflag is admin only

---
 src/main.lisp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main.lisp b/src/main.lisp
index e31aa76..27afeda 100644
--- a/src/main.lisp
+++ b/src/main.lisp
@@ -582,12 +582,14 @@ admin privileges are allowed to perform this action."
 (defendpoint* :put "/oneliner/:entry a-oneliner-id:/flag" ((token an-api-token)
                                                            (value a-boolean))
   (:auth t)
-  "Flag the oneliner for review."
+  "Flag / Unflag the oneliner for review."
   (when (and (lockedp entry) (not (adminp (api-contributor token))))
     (http-err 403))
   (if value 
       (flag-oneliner entry (api-contributor token))
-      (unflag-oneliner entry))
+      (if (adminp (api-contributor token))
+          (unflag-oneliner entry)
+          (http-err 403)))
   "true")
 
 (defendpoint* :get "/oneliners/all-flagged" ((limit an-int))
-- 
cgit v1.2.3