IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixing some locations to use the IsTeamAdmin function which properly checks for system admin permissions.

Browse Source
This commit is contained in:
Christopher Speller
2015-09-30 11:30:11 -04:00
parent 89b77cc72f
commit 7d31f3a271
7 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/context.go
View File

@@ -310,7 +310,7 @@ func (c *Context) IsSystemAdmin() bool {
return false
}
func (c *Context) IsTeamAdmin(userId string) bool {
func (c *Context) IsTeamAdmin() bool {
if model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) || c.IsSystemAdmin() {
return true
}

2
api/file.go
View File

@@ -507,7 +507,7 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getExport(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) {
if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() {
c.Err = model.NewAppError("getExport", "Only a team admin can retrieve exported data.", "userId="+c.Session.UserId)
c.Err.StatusCode = http.StatusForbidden
return

4
api/post.go
View File

@@ -633,7 +633,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
post := result.Data.(*model.PostList).Posts[postId]
if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin(post.UserId) {
if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin() {
return
}
@@ -648,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if post.UserId != c.Session.UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
if post.UserId != c.Session.UserId && !c.IsTeamAdmin() {
c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "")
c.Err.StatusCode = http.StatusForbidden
return

8
api/team.go
View File

@@ -506,7 +506,7 @@ func InviteMembers(c *Context, team *model.Team, user *model.User, invites []str
sender := user.GetDisplayName()
senderRole := ""
if model.IsInRole(user.Roles, model.ROLE_TEAM_ADMIN) || model.IsInRole(user.Roles, model.ROLE_SYSTEM_ADMIN) {
if c.IsTeamAdmin() {
senderRole = "administrator"
} else {
senderRole = "member"
@@ -566,7 +566,7 @@ func updateTeamDisplayName(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
if !c.IsTeamAdmin() {
c.Err = model.NewAppError("updateTeamDisplayName", "You do not have the appropriate permissions", "userId="+c.Session.UserId)
c.Err.StatusCode = http.StatusForbidden
return
@@ -600,7 +600,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) {
}
func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin(c.Session.UserId) {
if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin() {
c.Err = model.NewAppError("importTeam", "Only a team admin can import data.", "userId="+c.Session.UserId)
c.Err.StatusCode = http.StatusForbidden
return
@@ -667,7 +667,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
}
func exportTeam(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) {
if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() {
c.Err = model.NewAppError("exportTeam", "Only a team admin can export data.", "userId="+c.Session.UserId)
c.Err.StatusCode = http.StatusForbidden
return

4
api/user.go
View File

@@ -969,7 +969,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() {
if !c.IsTeamAdmin() {
c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id)
c.Err.StatusCode = http.StatusForbidden
return
@@ -1066,7 +1066,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() {
if !c.IsTeamAdmin() {
c.Err = model.NewAppError("updateActive", "You do not have the appropriate permissions", "userId="+user_id)
c.Err.StatusCode = http.StatusForbidden
return

2
api/webhook.go
View File

@@ -86,7 +86,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = result.Err
return
} else {
if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !c.IsTeamAdmin() {
c.LogAudit("fail - inappropriate conditions")
c.Err = model.NewAppError("deleteIncomingHook", "Inappropriate permissions to delete incoming webhook", "user_id="+c.Session.UserId)
return

4
model/user.go
View File

@@ -304,10 +304,14 @@ func isValidRole(role string) bool {
return false
}
// Make sure you acually want to use this function. In context.go there are functions to check permssions
// This function should not be used to check permissions.
func (u *User) IsInRole(inRole string) bool {
return IsInRole(u.Roles, inRole)
}
// Make sure you acually want to use this function. In context.go there are functions to check permssions
// This function should not be used to check permissions.
func IsInRole(userRoles string, inRole string) bool {
roles := strings.Split(userRoles, " ")