From 81789d67235dfd40d9e4054acd966b4bd2be79f6 Mon Sep 17 00:00:00 2001
From: Mike Cao <mike@mikecao.com>
Date: Wed, 16 Sep 2020 13:13:50 -0700
Subject: [PATCH] Fix API check.

---
 pages/api/account/[id].js |  2 +-
 pages/api/accounts.js     | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pages/api/account/[id].js b/pages/api/account/[id].js
index c87f948b..6f9beac1 100644
--- a/pages/api/account/[id].js
+++ b/pages/api/account/[id].js
@@ -9,7 +9,7 @@ export default async (req, res) => {
   const { id } = req.query;
   const user_id = +id;
 
-  if (is_admin) {
+  if (!is_admin) {
     return unauthorized(res);
   }
 
diff --git a/pages/api/accounts.js b/pages/api/accounts.js
index c5a41dff..3d651601 100644
--- a/pages/api/accounts.js
+++ b/pages/api/accounts.js
@@ -5,16 +5,16 @@ import { ok, unauthorized, methodNotAllowed } from 'lib/response';
 export default async (req, res) => {
   await useAuth(req, res);
 
-  const { is_admin: current_user_is_admin } = req.auth;
+  const { is_admin } = req.auth;
+
+  if (!is_admin) {
+    return unauthorized(res);
+  }
 
   if (req.method === 'GET') {
-    if (current_user_is_admin) {
-      const accounts = await getAccounts();
+    const accounts = await getAccounts();
 
-      return ok(res, accounts);
-    }
-
-    return unauthorized(res);
+    return ok(res, accounts);
   }
 
   return methodNotAllowed(res);