diff options
| author | Jesús Espino <jespinog@gmail.com> | 2018-02-20 16:19:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-20 16:19:35 +0100 |
| commit | 21afaf4bedcad578d4f876bb315d1072ccd296e6 (patch) | |
| tree | af248e17ec1cc48af7170f2d105ac7a0ee628520 | |
| parent | f8289eb286d00c29859a8df495b957c7b46cb249 (diff) | |
| download | chat-21afaf4bedcad578d4f876bb315d1072ccd296e6.tar.gz chat-21afaf4bedcad578d4f876bb315d1072ccd296e6.tar.bz2 chat-21afaf4bedcad578d4f876bb315d1072ccd296e6.zip | |
MM-8825: Make consistent INVITE_USER and ADD_USER_TO_TEAM permissions checking (#8326)
| -rw-r--r-- | api/team.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/api/team.go b/api/team.go index e89f368ec..b1d8086d3 100644 --- a/api/team.go +++ b/api/team.go @@ -121,6 +121,11 @@ func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + c.SetPermissionError(model.PERMISSION_INVITE_USER) + return + } + if err := c.App.InviteNewUsersToTeam(invites.ToEmailList(), c.TeamId, c.Session.UserId); err != nil { c.Err = err return |