IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Simplifing permissions checks

Browse Source
This commit is contained in:
Jesús Espino
2018-05-29 11:29:13 +02:00
parent cdcff72238
commit e2cafc1905
1 changed files with 25 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
api4/emoji.go
View File

@@ -56,19 +56,17 @@ func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_EMOJIS) {
hasPermission := false
for _, membership := range memberships {
if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_EMOJIS) {
hasPermission = true
break
}
}
if !hasPermission {
c.SetPermissionError(model.PERMISSION_MANAGE_EMOJIS)
return
hasPermission := false
for _, membership := range memberships {
if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_EMOJIS) {
hasPermission = true
break
}
}
if !hasPermission {
c.SetPermissionError(model.PERMISSION_MANAGE_EMOJIS)
return
}
m := r.MultipartForm
props := m.Value
@@ -134,37 +132,33 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_EMOJIS) {
hasPermission := false
for _, membership := range memberships {
if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_EMOJIS) {
hasPermission = true
break
}
}
if !hasPermission {
c.SetPermissionError(model.PERMISSION_MANAGE_EMOJIS)
return
}
if c.Session.UserId != emoji.CreatorId {
hasPermission := false
for _, membership := range memberships {
if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_EMOJIS) {
if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_OTHERS_EMOJIS) {
hasPermission = true
break
}
}
if !hasPermission {
c.SetPermissionError(model.PERMISSION_MANAGE_EMOJIS)
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_EMOJIS)
return
}
}
if c.Session.UserId != emoji.CreatorId {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OTHERS_EMOJIS) {
hasPermission := false
for _, membership := range memberships {
if c.App.SessionHasPermissionToTeam(c.Session, membership.TeamId, model.PERMISSION_MANAGE_OTHERS_EMOJIS) {
hasPermission = true
break
}
}
if !hasPermission {
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_EMOJIS)
return
}
}
}
err = c.App.DeleteEmoji(emoji)
if err != nil {
c.Err = err