IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixing permalinks to channels your not a memeber of (#2805)

Browse Source
This commit is contained in:
Christopher Speller
2016-04-27 16:02:58 -04:00
committed by Harrison Healey
parent d962e175f8
commit fa807d8e43
13 changed files with 250 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
api/post.go
View File

@@ -27,6 +27,7 @@ func InitPost() {
BaseRoutes.NeedTeam.Handle("/posts/search", ApiUserRequired(searchPosts)).Methods("GET")
BaseRoutes.NeedTeam.Handle("/posts/{post_id}", ApiUserRequired(getPostById)).Methods("GET")
BaseRoutes.NeedTeam.Handle("/pltmp/{post_id}", ApiUserRequired(getPermalinkTmp)).Methods("GET")
BaseRoutes.Posts.Handle("/create", ApiUserRequired(createPost)).Methods("POST")
BaseRoutes.Posts.Handle("/update", ApiUserRequired(updatePost)).Methods("POST")
@@ -1089,6 +1090,53 @@ func getPostById(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
func getPermalinkTmp(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
postId := params["post_id"]
if len(postId) != 26 {
c.SetInvalidParam("getPermalinkTmp", "postId")
return
}
if result := <-Srv.Store.Post().Get(postId); result.Err != nil {
c.Err = result.Err
return
} else {
list := result.Data.(*model.PostList)
if len(list.Order) != 1 {
c.Err = model.NewLocAppError("getPermalinkTmp", "api.post_get_post_by_id.get.app_error", nil, "")
return
}
post := list.Posts[list.Order[0]]
if !c.HasPermissionsToTeam(c.TeamId, "permalink") {
return
}
cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, post.ChannelId, c.Session.UserId)
if !c.HasPermissionsToChannel(cchan, "getPermalinkTmp") {
// If we don't have permissions attempt to join the channel to fix the problem
if err, _ := JoinChannelById(c, c.Session.UserId, post.ChannelId); err != nil {
// On error just return with permissions error
c.Err = err
return
} else {
// If we sucessfully joined the channel then clear the permissions error and continue
c.Err = nil
}
}
if HandleEtag(list.Etag(), w, r) {
return
}
w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())
w.Write([]byte(list.ToJson()))
}
}
func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)