IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix oauth app update (#7913)

Browse Source
This commit is contained in:
Joram Wilander
2017-12-01 08:21:44 -05:00
committed by GitHub
parent 965a1bf784
commit 239e8df3f4
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api4/oauth.go
View File

@@ -100,7 +100,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
if c.Session.UserId != oldOauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
return
}

7
api4/oauth_test.go
View File

@@ -164,6 +164,13 @@ func TestUpdateOAuthApp(t *testing.T) {
t.Fatal("IsTrusted should have updated")
}
th.LoginBasic2()
updatedApp.CreatorId = th.BasicUser2.Id
_, resp = Client.UpdateOAuthApp(oapp)
CheckForbiddenStatus(t, resp)
th.LoginBasic()
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOnlyAdminIntegrations = false })
th.App.SetDefaultRolesBasedOnConfig()
_, resp = Client.UpdateOAuthApp(oapp)