IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update v4 POST log endpoint to match v3 permissions (#7653)

Browse Source
This commit is contained in:
Joram Wilander
2017-10-20 20:26:12 -04:00
committed by Corey Hulen
parent 18ee375860
commit 9d9c737414
2 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
api4/system.go
View File

@@ -36,7 +36,7 @@ func (api *API) InitSystem() {
api.BaseRoutes.ApiRoot.Handle("/caches/invalidate", api.ApiSessionRequired(invalidateCaches)).Methods("POST")
api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiSessionRequired(getLogs)).Methods("GET")
api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiSessionRequired(postLog)).Methods("POST")
api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiHandler(postLog)).Methods("POST")
api.BaseRoutes.ApiRoot.Handle("/analytics/old", api.ApiSessionRequired(getAnalytics)).Methods("GET")
}
@@ -198,9 +198,17 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
}
func postLog(c *Context, w http.ResponseWriter, r *http.Request) {
if !*c.App.Config().ServiceSettings.EnableDeveloper && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
forceToDebug := false
if !*c.App.Config().ServiceSettings.EnableDeveloper {
if c.Session.UserId == "" {
c.Err = model.NewAppError("postLog", "api.context.permissions.app_error", nil, "", http.StatusForbidden)
return
}
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
forceToDebug = true
}
}
m := model.MapFromJson(r.Body)
@@ -211,7 +219,7 @@ func postLog(c *Context, w http.ResponseWriter, r *http.Request) {
msg = msg[0:399]
}
if lvl == "ERROR" {
if !forceToDebug && lvl == "ERROR" {
err := &model.AppError{}
err.Message = msg
err.Id = msg

16
api4/system_test.go
View File

@@ -341,11 +341,27 @@ func TestPostLog(t *testing.T) {
defer th.TearDown()
Client := th.Client
enableDev := *th.App.Config().ServiceSettings.EnableDeveloper
defer func() {
*th.App.Config().ServiceSettings.EnableDeveloper = enableDev
}()
*th.App.Config().ServiceSettings.EnableDeveloper = true
message := make(map[string]string)
message["level"] = "ERROR"
message["message"] = "this is a test"
_, resp := Client.PostLog(message)
CheckNoError(t, resp)
Client.Logout()
_, resp = Client.PostLog(message)
CheckNoError(t, resp)
*th.App.Config().ServiceSettings.EnableDeveloper = false
_, resp = Client.PostLog(message)
CheckForbiddenStatus(t, resp)
logMessage, resp := th.SystemAdminClient.PostLog(message)