IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix issue where users may not follow links to private messages they belong to (#26001)

Browse Source 
* Fix issue where users may not follow links to private messages they belong to

* Update tests
This commit is contained in:
Daniel Espino García 2024-01-24 16:10:01 +01:00 committed by GitHub
parent a7192dba8c
commit 409329c3d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/channels/api4/post_test.go
View File

@ -3992,6 +3992,12 @@ func TestPostReminder(t *testing.T) {
func TestPostGetInfo(t *testing.T) {
th := Setup(t).InitBasic()
defer th.TearDown()
defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions())
th.RemovePermissionFromRole(model.PermissionManagePrivateChannelMembers.Id, model.SystemUserRoleId)
th.RemovePermissionFromRole(model.PermissionManagePrivateChannelMembers.Id, model.ChannelUserRoleId)
th.RemovePermissionFromRole(model.PermissionManagePrivateChannelMembers.Id, model.TeamUserRoleId)
client := th.Client
sysadminClient := th.SystemAdminClient
sysadminClient.AddTeamMember(context.Background(), th.BasicTeam.Id, th.SystemAdminUser.Id)

21
server/channels/app/post.go
View File

@ -2296,20 +2296,27 @@ func (a *App) GetPostInfo(c request.CTX, postID string) (*model.PostInfo, *model
}
hasPermissionToAccessChannel := false
if channel.Type == model.ChannelTypeOpen {
_, channelMemberErr := a.GetChannelMember(c, channel.Id, userID)
if channelMemberErr == nil {
hasPermissionToAccessChannel = true
} else if channel.Type == model.ChannelTypePrivate {
hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionManagePrivateChannelMembers)
} else if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup {
hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionReadChannelContent)
}
if !hasPermissionToAccessChannel {
if channel.Type == model.ChannelTypeOpen {
hasPermissionToAccessChannel = true
} else if channel.Type == model.ChannelTypePrivate {
hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionManagePrivateChannelMembers)
} else if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup {
hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionReadChannelContent)
}
}
if !hasPermissionToAccessChannel {
return nil, notFoundError
}
_, channelMemberErr := a.GetChannelMember(c, channel.Id, userID)
info := model.PostInfo{
ChannelId: channel.Id,
ChannelType: channel.Type,