summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristopher Speller <crspeller@gmail.com>2017-10-25 11:48:15 -0700
committerGitHub <noreply@github.com>2017-10-25 11:48:15 -0700
commit4491b5ecdfad96959f9a9ab32a5f127bbfa7eac5 (patch)
treec2fb61b469f5ba6f4bce2ef5aa5c2646dd6a8cf2
parentc16f417f49303ef3a0319ba769eb3698e735b73c (diff)
downloadchat-4491b5ecdfad96959f9a9ab32a5f127bbfa7eac5.tar.gz
chat-4491b5ecdfad96959f9a9ab32a5f127bbfa7eac5.tar.bz2
chat-4491b5ecdfad96959f9a9ab32a5f127bbfa7eac5.zip
Performance improvements for 40M posts (#7708)
* Optimizing get root posts SQL query * Setting session invalidation to be reliable * Adding app reciever to SessionHasPermissionToUser * Adding app reciever to SessionHasPermissionToTeam * Adding app reciever to SessionHasPermissionTo * Clear session cache if permission was denied * Fixing rebase issues * Revert "Optimizing get root posts SQL query" This reverts commit f364757e7015cfb4ec673d0a4fc3d57cd25d8dd7. * Fixing build
-rw-r--r--api/channel.go19
-rw-r--r--api/command.go17
-rw-r--r--api/context.go4
-rw-r--r--api/emoji.go2
-rw-r--r--api/general.go3
-rw-r--r--api/license.go3
-rw-r--r--api/oauth.go15
-rw-r--r--api/post.go6
-rw-r--r--api/team.go24
-rw-r--r--api/user.go34
-rw-r--r--api/webhook.go29
-rw-r--r--api4/brand.go3
-rw-r--r--api4/channel.go39
-rw-r--r--api4/cluster.go3
-rw-r--r--api4/command.go23
-rw-r--r--api4/compliance.go8
-rw-r--r--api4/context.go2
-rw-r--r--api4/elasticsearch.go5
-rw-r--r--api4/emoji.go2
-rw-r--r--api4/job.go11
-rw-r--r--api4/ldap.go5
-rw-r--r--api4/oauth.go28
-rw-r--r--api4/plugin.go11
-rw-r--r--api4/post.go13
-rw-r--r--api4/preference.go11
-rw-r--r--api4/reaction.go3
-rw-r--r--api4/saml.go14
-rw-r--r--api4/status.go3
-rw-r--r--api4/system.go27
-rw-r--r--api4/team.go48
-rw-r--r--api4/user.go66
-rw-r--r--api4/webhook.go37
-rw-r--r--app/authorization.go39
-rw-r--r--app/session.go2
34 files changed, 280 insertions, 279 deletions
diff --git a/api/channel.go b/api/channel.go
index 87fbf5d39..f41a588ee 100644
--- a/api/channel.go
+++ b/api/channel.go
@@ -9,7 +9,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/gorilla/mux"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -59,12 +58,12 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
channel.TeamId = c.TeamId
}
- if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
+ if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL)
return
}
- if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
+ if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL)
return
}
@@ -79,7 +78,7 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL)
return
}
@@ -101,7 +100,7 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL)
return
}
@@ -351,7 +350,7 @@ func getMoreChannelsPage(c *Context, w http.ResponseWriter, r *http.Request) {
}
// user is already in the team
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
return
}
@@ -403,7 +402,7 @@ func join(c *Context, w http.ResponseWriter, r *http.Request) {
}
if channel.Type == model.CHANNEL_OPEN {
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS)
return
}
@@ -714,7 +713,7 @@ func updateNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, userId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, userId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -736,7 +735,7 @@ func searchMoreChannels(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -759,7 +758,7 @@ func autocompleteChannels(c *Context, w http.ResponseWriter, r *http.Request) {
term := r.URL.Query().Get("term")
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api/command.go b/api/command.go
index 673683d6a..321a67dfc 100644
--- a/api/command.go
+++ b/api/command.go
@@ -10,7 +10,6 @@ import (
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -87,7 +86,7 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
@@ -126,13 +125,13 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
- if c.Session.UserId != oldCmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+ if c.Session.UserId != oldCmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
@@ -150,7 +149,7 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
}
func listTeamCommands(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
@@ -186,13 +185,13 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
- if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+ if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
@@ -229,13 +228,13 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
c.LogAudit("fail - inappropriate permissions")
return
}
- if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+ if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
c.LogAudit("fail - inappropriate permissions")
return
diff --git a/api/context.go b/api/context.go
index aa5f2a163..778df4625 100644
--- a/api/context.go
+++ b/api/context.go
@@ -347,7 +347,7 @@ func (c *Context) SystemAdminRequired() {
}
func (c *Context) IsSystemAdmin() bool {
- return app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
+ return c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
}
func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
@@ -466,7 +466,7 @@ func Handle404(w http.ResponseWriter, r *http.Request) {
func (c *Context) CheckTeamId() {
if c.TeamId != "" && c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if result := <-c.App.Srv.Store.Team().Get(c.TeamId); result.Err != nil {
c.Err = result.Err
c.Err.StatusCode = http.StatusBadRequest
diff --git a/api/emoji.go b/api/emoji.go
index 4a9995d64..8e89cf075 100644
--- a/api/emoji.go
+++ b/api/emoji.go
@@ -148,7 +148,7 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != emoji.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.Session.UserId != emoji.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.Err = model.NewAppError("deleteEmoji", "api.emoji.delete.permissions.app_error", nil, "user_id="+c.Session.UserId, http.StatusUnauthorized)
return
}
diff --git a/api/general.go b/api/general.go
index 5e7780fdb..3091c1169 100644
--- a/api/general.go
+++ b/api/general.go
@@ -10,7 +10,6 @@ import (
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -36,7 +35,7 @@ func logClient(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
forceToDebug = true
}
}
diff --git a/api/license.go b/api/license.go
index 371f4be02..06d4aa3a7 100644
--- a/api/license.go
+++ b/api/license.go
@@ -9,7 +9,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -85,7 +84,7 @@ func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getClientLicenceConfig(c *Context, w http.ResponseWriter, r *http.Request) {
- useSanitizedLicense := !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
+ useSanitizedLicense := !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
etag := utils.GetClientLicenseEtag(useSanitizedLicense)
if c.HandleEtag(etag, "Get Client License Config", w, r) {
diff --git a/api/oauth.go b/api/oauth.go
index 51a1828d1..c8a228a7b 100644
--- a/api/oauth.go
+++ b/api/oauth.go
@@ -8,7 +8,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/gorilla/mux"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -29,7 +28,7 @@ func (api *API) InitOAuth() {
}
func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
@@ -41,7 +40,7 @@ func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
oauthApp.IsTrusted = false
}
@@ -59,14 +58,14 @@ func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
var apps []*model.OAuthApp
var err *model.AppError
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
apps, err = c.App.GetOAuthApps(0, 100000)
} else {
apps, err = c.App.GetOAuthAppsByCreator(c.Session.UserId, 0, 100000)
@@ -203,7 +202,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("deleteOAuthApp", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
@@ -214,7 +213,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.LogAudit("fail - inappropriate permissions")
c.Err = model.NewAppError("deleteOAuthApp", "api.oauth.delete.permissions.app_error", nil, "user_id="+c.Session.UserId, http.StatusForbidden)
return
@@ -254,7 +253,7 @@ func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if oauthApp.CreatorId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.Err = model.NewAppError("regenerateOAuthSecret", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
diff --git a/api/post.go b/api/post.go
index e85b9870d..46c3b5439 100644
--- a/api/post.go
+++ b/api/post.go
@@ -58,7 +58,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
hasPermission = true
} else if channel, err := c.App.GetChannel(post.ChannelId); err == nil {
// Temporary permission check method until advanced permissions, please do not copy
- if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
+ if channel.Type == model.CHANNEL_OPEN && c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
hasPermission = true
}
}
@@ -68,7 +68,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if post.CreateAt != 0 && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
post.CreateAt = 0
}
@@ -175,7 +175,7 @@ func getFlaggedPosts(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
diff --git a/api/team.go b/api/team.go
index 9bb76af2a..7f53786d9 100644
--- a/api/team.go
+++ b/api/team.go
@@ -56,7 +56,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden)
return
}
@@ -121,7 +121,7 @@ func getAll(c *Context, w http.ResponseWriter, r *http.Request) {
func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) {
invites := model.InvitesFromJson(r.Body)
- if utils.IsLicensed() && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_INVITE_USER) {
+ if utils.IsLicensed() && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_INVITE_USER) {
errorId := ""
if *c.App.Config().TeamSettings.RestrictTeamInvite == model.PERMISSIONS_SYSTEM_ADMIN {
errorId = "api.team.invite_members.restricted_system_admin.app_error"
@@ -150,7 +150,7 @@ func addUserToTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
return
}
@@ -173,7 +173,7 @@ func removeUserFromTeam(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.UserId != userId {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) {
c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM)
return
}
@@ -238,7 +238,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
return
} else {
if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && c.Session.GetTeamByTeamId(team.Id) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -285,7 +285,7 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) {
team.Id = c.TeamId
- if !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_MANAGE_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
@@ -321,7 +321,7 @@ func updateMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES)
return
}
@@ -359,7 +359,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) {
func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -375,7 +375,7 @@ func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
}
func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_IMPORT_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_IMPORT_TEAM) {
c.SetPermissionError(model.PERMISSION_IMPORT_TEAM)
return
}
@@ -477,7 +477,7 @@ func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -502,7 +502,7 @@ func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -525,7 +525,7 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api/user.go b/api/user.go
index 9e31e68ec..82796a6a9 100644
--- a/api/user.go
+++ b/api/user.go
@@ -204,7 +204,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
id := params["user_id"]
- if !app.SessionHasPermissionToUser(c.Session, id) {
+ if !c.App.SessionHasPermissionToUser(c.Session, id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -300,7 +300,7 @@ func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) {
}
il.ClientCfg = utils.ClientCfg
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
il.LicenseCfg = utils.ClientLicense()
} else {
il.LicenseCfg = utils.GetSanitizedClientLicense()
@@ -406,7 +406,7 @@ func getProfilesInTeam(c *Context, w http.ResponseWriter, r *http.Request) {
teamId := params["team_id"]
if c.Session.GetTeamByTeamId(teamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
return
}
}
@@ -454,7 +454,7 @@ func getProfilesInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -478,7 +478,7 @@ func getProfilesNotInChannel(c *Context, w http.ResponseWriter, r *http.Request)
channelId := params["channel_id"]
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -513,7 +513,7 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
id := params["user_id"]
- if !app.SessionHasPermissionToUser(c.Session, id) {
+ if !c.App.SessionHasPermissionToUser(c.Session, id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -628,7 +628,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, user.Id) {
+ if !c.App.SessionHasPermissionToUser(c.Session, user.Id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -694,7 +694,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
c.SetPermissionError(model.PERMISSION_MANAGE_ROLES)
return
}
@@ -724,7 +724,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
// true when you're trying to de-activate yourself
isSelfDeactive := !active && userId == c.Session.UserId
- if !isSelfDeactive && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !isSelfDeactive && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.Err = model.NewAppError("updateActive", "api.user.update_active.permissions.app_error", nil, "userId="+userId, http.StatusForbidden)
return
}
@@ -791,7 +791,7 @@ func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, userId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, userId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1202,7 +1202,7 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
func sanitizeProfile(c *Context, user *model.User) *model.User {
options := c.App.Config().GetSanitizeOptions()
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
options["email"] = true
options["fullname"] = true
options["authservice"] = true
@@ -1238,7 +1238,7 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) {
searchOptions := map[string]bool{}
searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
hideEmail := !c.App.Config().PrivacySettings.ShowEmailAddress
@@ -1287,7 +1287,7 @@ func autocompleteUsersInChannel(c *Context, w http.ResponseWriter, r *http.Reque
term := r.URL.Query().Get("term")
if c.Session.GetTeamByTeamId(teamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
return
}
}
@@ -1300,7 +1300,7 @@ func autocompleteUsersInChannel(c *Context, w http.ResponseWriter, r *http.Reque
searchOptions := map[string]bool{}
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
- if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
@@ -1322,7 +1322,7 @@ func autocompleteUsersInTeam(c *Context, w http.ResponseWriter, r *http.Request)
term := r.URL.Query().Get("term")
if c.Session.GetTeamByTeamId(teamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
return
}
}
@@ -1330,7 +1330,7 @@ func autocompleteUsersInTeam(c *Context, w http.ResponseWriter, r *http.Request)
searchOptions := map[string]bool{}
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
- if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
@@ -1351,7 +1351,7 @@ func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
searchOptions := map[string]bool{}
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
- if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
diff --git a/api/webhook.go b/api/webhook.go
index b9ac9336d..3d0036aba 100644
--- a/api/webhook.go
+++ b/api/webhook.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -42,7 +41,7 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -84,12 +83,12 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != hook.UserId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -132,14 +131,14 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
c.LogAudit("attempt")
- if c.Session.UserId != hook.UserId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -156,7 +155,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -181,7 +180,7 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
hook.TeamId = c.TeamId
hook.CreatorId = c.Session.UserId
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -197,7 +196,7 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -231,13 +230,13 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != oldHook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != oldHook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -264,7 +263,7 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -275,7 +274,7 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -313,12 +312,12 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request)
return
}
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
diff --git a/api4/brand.go b/api4/brand.go
index ce9f32b6d..ee48953dd 100644
--- a/api4/brand.go
+++ b/api4/brand.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -55,7 +54,7 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/channel.go b/api4/channel.go
index 07e48b46f..84d64b1a9 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -56,12 +55,12 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
+ if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL)
return
}
- if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
+ if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL)
return
}
@@ -193,7 +192,7 @@ func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
teamId := channel.TeamId
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
@@ -242,12 +241,12 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL)
return
}
- if !allowed && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -284,7 +283,7 @@ func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) {
userIds = append(userIds, c.Session.UserId)
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL)
return
}
@@ -311,7 +310,7 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
if channel.Type == model.CHANNEL_OPEN {
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
return
}
@@ -332,7 +331,7 @@ func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -401,7 +400,7 @@ func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
return
}
@@ -421,7 +420,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
@@ -454,7 +453,7 @@ func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Re
}
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -473,12 +472,12 @@ func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Reques
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -506,7 +505,7 @@ func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
return
}
@@ -568,7 +567,7 @@ func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) {
}
if channel.Type == model.CHANNEL_OPEN {
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
return
}
@@ -674,12 +673,12 @@ func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
- if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -698,7 +697,7 @@ func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -766,7 +765,7 @@ func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.R
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
diff --git a/api4/cluster.go b/api4/cluster.go
index f79ef28a8..472b52f36 100644
--- a/api4/cluster.go
+++ b/api4/cluster.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -19,7 +18,7 @@ func (api *API) InitCluster() {
}
func getClusterStatus(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/command.go b/api4/command.go
index 33e6a6c0c..1a488b505 100644
--- a/api4/command.go
+++ b/api4/command.go
@@ -10,7 +10,6 @@ import (
"strings"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -41,7 +40,7 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
@@ -84,13 +83,13 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
- if c.Session.UserId != oldCmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+ if c.Session.UserId != oldCmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
@@ -121,13 +120,13 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
- if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+ if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
@@ -160,7 +159,7 @@ func listCommands(c *Context, w http.ResponseWriter, r *http.Request) {
commands := []*model.Command{}
err := &model.AppError{}
if customOnly {
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
@@ -171,7 +170,7 @@ func listCommands(c *Context, w http.ResponseWriter, r *http.Request) {
}
} else {
//User with no permission should see only system commands
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
commands, err = c.App.ListAutocompleteCommands(teamId, c.T)
if err != nil {
c.Err = err
@@ -219,7 +218,7 @@ func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) {
// if the slash command was used in a DM or GM, ensure that the user is a member of the specified team, so that
// they can't just execute slash commands against arbitrary teams
if c.Session.GetTeamByTeamId(commandArgs.TeamId) == nil {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_USE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_USE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_USE_SLASH_COMMANDS)
return
}
@@ -246,7 +245,7 @@ func listAutocompleteCommands(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -273,13 +272,13 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
- if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+ if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
diff --git a/api4/compliance.go b/api4/compliance.go
index 7d0708efe..91d00fdf4 100644
--- a/api4/compliance.go
+++ b/api4/compliance.go
@@ -30,7 +30,7 @@ func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request)
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -49,7 +49,7 @@ func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request)
}
func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -69,7 +69,7 @@ func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -89,7 +89,7 @@ func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/context.go b/api4/context.go
index 44334aabf..bf9794e4c 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -240,7 +240,7 @@ func (c *Context) LogDebug(err *model.AppError) {
}
func (c *Context) IsSystemAdmin() bool {
- return app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
+ return c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
}
func (c *Context) SessionRequired() {
diff --git a/api4/elasticsearch.go b/api4/elasticsearch.go
index eb5a09876..6640b0837 100644
--- a/api4/elasticsearch.go
+++ b/api4/elasticsearch.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -25,7 +24,7 @@ func testElasticsearch(c *Context, w http.ResponseWriter, r *http.Request) {
cfg = c.App.Config()
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -39,7 +38,7 @@ func testElasticsearch(c *Context, w http.ResponseWriter, r *http.Request) {
}
func purgeElasticsearchIndexes(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/emoji.go b/api4/emoji.go
index f2335b067..7a05e1ae1 100644
--- a/api4/emoji.go
+++ b/api4/emoji.go
@@ -102,7 +102,7 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != emoji.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.Session.UserId != emoji.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.Err = model.NewAppError("deleteImage", "api.emoji.delete.permissions.app_error", nil, "user_id="+c.Session.UserId, http.StatusUnauthorized)
return
}
diff --git a/api4/job.go b/api4/job.go
index 138c76c8f..2a5134cd3 100644
--- a/api4/job.go
+++ b/api4/job.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
)
@@ -27,7 +26,7 @@ func getJob(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
c.SetPermissionError(model.PERMISSION_MANAGE_JOBS)
return
}
@@ -47,7 +46,7 @@ func createJob(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
c.SetPermissionError(model.PERMISSION_MANAGE_JOBS)
return
}
@@ -66,7 +65,7 @@ func getJobs(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
c.SetPermissionError(model.PERMISSION_MANAGE_JOBS)
return
}
@@ -85,7 +84,7 @@ func getJobsByType(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
c.SetPermissionError(model.PERMISSION_MANAGE_JOBS)
return
}
@@ -104,7 +103,7 @@ func cancelJob(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) {
c.SetPermissionError(model.PERMISSION_MANAGE_JOBS)
return
}
diff --git a/api4/ldap.go b/api4/ldap.go
index 3c5eb5ede..66735c526 100644
--- a/api4/ldap.go
+++ b/api4/ldap.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -20,7 +19,7 @@ func (api *API) InitLdap() {
}
func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -31,7 +30,7 @@ func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) {
}
func testLdap(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/oauth.go b/api4/oauth.go
index 8933f0863..b11a070e4 100644
--- a/api4/oauth.go
+++ b/api4/oauth.go
@@ -53,12 +53,12 @@ func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
oauthApp.IsTrusted = false
}
@@ -81,7 +81,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
return
}
@@ -100,7 +100,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
return
}
@@ -117,16 +117,16 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
var apps []*model.OAuthApp
var err *model.AppError
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
apps, err = c.App.GetOAuthApps(c.Params.Page, c.Params.PerPage)
- } else if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ } else if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
apps, err = c.App.GetOAuthAppsByCreator(c.Session.UserId, c.Params.Page, c.Params.PerPage)
} else {
c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
@@ -147,7 +147,7 @@ func getOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
return
}
@@ -158,7 +158,7 @@ func getOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if oauthApp.CreatorId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
return
}
@@ -190,7 +190,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
return
}
@@ -201,7 +201,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
return
}
@@ -222,7 +222,7 @@ func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
return
}
@@ -233,7 +233,7 @@ func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ if oauthApp.CreatorId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
return
}
@@ -254,7 +254,7 @@ func getAuthorizedOAuthApps(c *Context, w http.ResponseWriter, r *http.Request)
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
diff --git a/api4/plugin.go b/api4/plugin.go
index 155a5c807..9ac6fdcf5 100644
--- a/api4/plugin.go
+++ b/api4/plugin.go
@@ -9,7 +9,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
)
@@ -37,7 +36,7 @@ func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -84,7 +83,7 @@ func getPlugins(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -109,7 +108,7 @@ func removePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -156,7 +155,7 @@ func activatePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -180,7 +179,7 @@ func deactivatePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/post.go b/api4/post.go
index feb6de8f9..6dc3564ff 100644
--- a/api4/post.go
+++ b/api4/post.go
@@ -10,7 +10,6 @@ import (
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -48,7 +47,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
hasPermission = true
} else if channel, err := c.App.GetChannel(post.ChannelId); err == nil {
// Temporary permission check method until advanced permissions, please do not copy
- if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
+ if channel.Type == model.CHANNEL_OPEN && c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
hasPermission = true
}
}
@@ -58,7 +57,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if post.CreateAt != 0 && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
post.CreateAt = 0
}
@@ -150,7 +149,7 @@ func getFlaggedPostsForUser(c *Context, w http.ResponseWriter, r *http.Request)
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -198,7 +197,7 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
if channel.Type == model.CHANNEL_OPEN {
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
return
}
@@ -264,7 +263,7 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
if channel.Type == model.CHANNEL_OPEN {
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
return
}
@@ -288,7 +287,7 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
diff --git a/api4/preference.go b/api4/preference.go
index 5ed83939a..ad1eca4c8 100644
--- a/api4/preference.go
+++ b/api4/preference.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -28,7 +27,7 @@ func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -48,7 +47,7 @@ func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -68,7 +67,7 @@ func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.R
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -88,7 +87,7 @@ func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -113,7 +112,7 @@ func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
diff --git a/api4/reaction.go b/api4/reaction.go
index edfb1619e..a19b2460a 100644
--- a/api4/reaction.go
+++ b/api4/reaction.go
@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -92,7 +91,7 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Params.UserId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/saml.go b/api4/saml.go
index 733e8eaaa..ba9ee9eec 100644
--- a/api4/saml.go
+++ b/api4/saml.go
@@ -62,7 +62,7 @@ func parseSamlCertificateRequest(r *http.Request) (*multipart.FileHeader, *model
}
func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -81,7 +81,7 @@ func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request
}
func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -100,7 +100,7 @@ func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Reques
}
func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -119,7 +119,7 @@ func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
}
func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -133,7 +133,7 @@ func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Requ
}
func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -147,7 +147,7 @@ func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Req
}
func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -161,7 +161,7 @@ func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request
}
func getSamlCertificateStatus(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/status.go b/api4/status.go
index 92f319273..c8690768d 100644
--- a/api4/status.go
+++ b/api4/status.go
@@ -8,7 +8,6 @@ import (
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -72,7 +71,7 @@ func updateUserStatus(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
diff --git a/api4/system.go b/api4/system.go
index aba19ca78..f3278a7b5 100644
--- a/api4/system.go
+++ b/api4/system.go
@@ -11,7 +11,6 @@ import (
"strconv"
l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -74,7 +73,7 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
cfg = c.App.Config()
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -89,7 +88,7 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -101,7 +100,7 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
}
func configReload(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -119,7 +118,7 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -139,7 +138,7 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -156,7 +155,7 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -167,7 +166,7 @@ func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) {
}
func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -183,7 +182,7 @@ func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -206,7 +205,7 @@ func postLog(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
forceToDebug = true
}
}
@@ -276,7 +275,7 @@ func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) {
var clientLicense map[string]string
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
clientLicense = utils.ClientLicense()
} else {
clientLicense = utils.GetSanitizedClientLicense()
@@ -289,7 +288,7 @@ func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) {
func addLicense(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -344,7 +343,7 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) {
func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -366,7 +365,7 @@ func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
name = "standard"
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
diff --git a/api4/team.go b/api4/team.go
index 2c60d40a1..ea39629c7 100644
--- a/api4/team.go
+++ b/api4/team.go
@@ -60,7 +60,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden)
return
}
@@ -87,7 +87,7 @@ func getTeam(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = err
return
} else {
- if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {
+ if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -109,7 +109,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = err
return
} else {
- if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {
+ if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -136,7 +136,7 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) {
team.Id = c.Params.TeamId
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
@@ -166,7 +166,7 @@ func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
@@ -190,7 +190,7 @@ func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
@@ -216,7 +216,7 @@ func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -237,7 +237,7 @@ func getTeamsUnreadForUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
@@ -260,7 +260,7 @@ func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -280,7 +280,7 @@ func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -300,7 +300,7 @@ func getTeamMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -327,7 +327,7 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -359,7 +359,7 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
return
}
@@ -429,7 +429,7 @@ func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
userIds = append(userIds, member.UserId)
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
return
}
@@ -452,7 +452,7 @@ func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.UserId != c.Params.UserId {
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) {
c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM)
return
}
@@ -472,12 +472,12 @@ func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -497,7 +497,7 @@ func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -525,7 +525,7 @@ func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES)
return
}
@@ -542,7 +542,7 @@ func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) {
var teams []*model.Team
var err *model.AppError
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
teams, err = c.App.GetAllTeamsPage(c.Params.Page, c.Params.PerPage)
} else {
teams, err = c.App.GetAllOpenTeamsPage(c.Params.Page, c.Params.PerPage)
@@ -573,7 +573,7 @@ func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) {
var teams []*model.Team
var err *model.AppError
- if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
teams, err = c.App.SearchAllTeams(props.Term)
} else {
teams, err = c.App.SearchOpenTeams(props.Term)
@@ -613,7 +613,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) {
c.SetPermissionError(model.PERMISSION_IMPORT_TEAM)
return
}
@@ -682,12 +682,12 @@ func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) {
c.SetPermissionError(model.PERMISSION_INVITE_USER)
return
}
- if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
c.SetPermissionError(model.PERMISSION_INVITE_USER)
return
}
diff --git a/api4/user.go b/api4/user.go
index 889681b54..8d5c792d6 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -232,7 +232,7 @@ func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -306,7 +306,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
if withoutTeamBool, _ := strconv.ParseBool(withoutTeam); withoutTeamBool {
// Use a special permission for now
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_LIST_USERS_WITHOUT_TEAM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_LIST_USERS_WITHOUT_TEAM) {
c.SetPermissionError(model.PERMISSION_LIST_USERS_WITHOUT_TEAM)
return
}
@@ -320,7 +320,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
profiles, err = c.App.GetUsersNotInChannelPage(inTeamId, notInChannelId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
} else if len(notInTeamId) > 0 {
- if !app.SessionHasPermissionToTeam(c.Session, notInTeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, notInTeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -332,7 +332,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
profiles, err = c.App.GetUsersNotInTeamPage(notInTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
} else if len(inTeamId) > 0 {
- if !app.SessionHasPermissionToTeam(c.Session, inTeamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, inTeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -441,12 +441,12 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if props.TeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.TeamId, model.PERMISSION_VIEW_TEAM) {
+ if props.TeamId != "" && !c.App.SessionHasPermissionToTeam(c.Session, props.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
- if props.NotInTeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.NotInTeamId, model.PERMISSION_VIEW_TEAM) {
+ if props.NotInTeamId != "" && !c.App.SessionHasPermissionToTeam(c.Session, props.NotInTeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -454,7 +454,7 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) {
searchOptions := map[string]bool{}
searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
hideEmail := !c.App.Config().PrivacySettings.ShowEmailAddress
@@ -486,7 +486,7 @@ func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
searchOptions := map[string]bool{}
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
- if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
@@ -502,7 +502,7 @@ func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
autocomplete.Users = result.InChannel
autocomplete.OutOfChannel = result.OutOfChannel
} else if len(teamId) > 0 {
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_VIEW_TEAM) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
@@ -535,7 +535,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, user.Id) {
+ if !c.App.SessionHasPermissionToUser(c.Session, user.Id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -575,7 +575,7 @@ func patchUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -611,7 +611,7 @@ func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
userId := c.Params.UserId
- if !app.SessionHasPermissionToUser(c.Session, userId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, userId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -646,7 +646,7 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
c.SetPermissionError(model.PERMISSION_MANAGE_ROLES)
return
}
@@ -678,7 +678,7 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) {
// true when you're trying to de-activate yourself
isSelfDeactive := !active && c.Params.UserId == c.Session.UserId
- if !isSelfDeactive && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ if !isSelfDeactive && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.Err = model.NewAppError("updateUserActive", "api.user.update_active.permissions.app_error", nil, "userId="+c.Params.UserId, http.StatusForbidden)
return
}
@@ -727,7 +727,7 @@ func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -772,7 +772,7 @@ func generateMfaSecret(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -810,7 +810,7 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
}
err = c.App.UpdatePasswordAsUser(c.Params.UserId, currentPassword, newPassword)
- } else if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+ } else if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
err = c.App.UpdatePasswordByUserIdSendEmail(c.Params.UserId, newPassword, c.T("api.user.reset_password.method"))
} else {
err = model.NewAppError("updatePassword", "api.user.update_password.context.app_error", nil, "", http.StatusForbidden)
@@ -932,7 +932,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -956,7 +956,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -995,7 +995,7 @@ func revokeAllSessionsForUser(c *Context, w http.ResponseWriter, r *http.Request
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1061,7 +1061,7 @@ func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1183,12 +1183,12 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("")
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) {
c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN)
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1213,12 +1213,12 @@ func getUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) {
c.SetPermissionError(model.PERMISSION_READ_USER_ACCESS_TOKEN)
return
}
- if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1238,7 +1238,7 @@ func getUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) {
c.SetPermissionError(model.PERMISSION_READ_USER_ACCESS_TOKEN)
return
}
@@ -1249,7 +1249,7 @@ func getUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1267,7 +1267,7 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("")
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) {
c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN)
return
}
@@ -1278,7 +1278,7 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1304,7 +1304,7 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request)
c.LogAudit("")
// No separate permission for this action for now
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) {
c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN)
return
}
@@ -1315,7 +1315,7 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request)
return
}
- if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
@@ -1341,7 +1341,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("")
// No separate permission for this action for now
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) {
c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN)
return
}
@@ -1352,7 +1352,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
+ if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
diff --git a/api4/webhook.go b/api4/webhook.go
index 1921659ce..4382bac94 100644
--- a/api4/webhook.go
+++ b/api4/webhook.go
@@ -10,7 +10,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/gorilla/mux"
- "github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
@@ -53,7 +52,7 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -105,12 +104,12 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != updatedHook.UserId && !app.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != updatedHook.UserId && !c.App.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -145,14 +144,14 @@ func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
var err *model.AppError
if len(teamId) > 0 {
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
hooks, err = c.App.GetIncomingWebhooksForTeamPage(teamId, c.Params.Page, c.Params.PerPage)
} else {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -190,7 +189,7 @@ func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) ||
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) ||
(channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, hook.ChannelId, model.PERMISSION_READ_CHANNEL)) {
c.LogAudit("fail - bad permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
@@ -224,7 +223,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) ||
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) ||
(channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, hook.ChannelId, model.PERMISSION_READ_CHANNEL)) {
c.LogAudit("fail - bad permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
@@ -256,7 +255,7 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
toUpdateHook.CreatorId = c.Session.UserId
- if !app.SessionHasPermissionToTeam(c.Session, toUpdateHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, toUpdateHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -267,7 +266,7 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if c.Session.UserId != oldHook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != oldHook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -294,7 +293,7 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
hook.CreatorId = c.Session.UserId
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -325,14 +324,14 @@ func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
hooks, err = c.App.GetOutgoingWebhooksForChannelPage(channelId, c.Params.Page, c.Params.PerPage)
} else if len(teamId) > 0 {
- if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
hooks, err = c.App.GetOutgoingWebhooksForTeamPage(teamId, c.Params.Page, c.Params.PerPage)
} else {
- if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
@@ -362,12 +361,12 @@ func getOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -391,12 +390,12 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request)
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
@@ -424,12 +423,12 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+ if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
- if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
+ if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
diff --git a/app/authorization.go b/app/authorization.go
index 01180e8d8..ed485e597 100644
--- a/app/authorization.go
+++ b/app/authorization.go
@@ -11,10 +11,16 @@ import (
"github.com/mattermost/mattermost-server/model"
)
-func SessionHasPermissionTo(session model.Session, permission *model.Permission) bool {
- return CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id)
+func (a *App) SessionHasPermissionTo(session model.Session, permission *model.Permission) bool {
+ if !CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) {
+ a.ClearSessionCacheForUser(session.UserId)
+ return false
+ }
+
+ return true
}
+/// DO NOT USE: LEGACY
func SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool {
if teamId == "" {
return false
@@ -27,7 +33,22 @@ func SessionHasPermissionToTeam(session model.Session, teamId string, permission
}
}
- return SessionHasPermissionTo(session, permission)
+ return CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id)
+}
+
+func (a *App) SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool {
+ if teamId == "" {
+ return false
+ }
+
+ teamMember := session.GetTeamByTeamId(teamId)
+ if teamMember != nil {
+ if CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) {
+ return true
+ }
+ }
+
+ return a.SessionHasPermissionTo(session, permission)
}
func (a *App) SessionHasPermissionToChannel(session model.Session, channelId string, permission *model.Permission) bool {
@@ -50,12 +71,12 @@ func (a *App) SessionHasPermissionToChannel(session model.Session, channelId str
channel, err := a.GetChannel(channelId)
if err == nil && channel.TeamId != "" {
- return SessionHasPermissionToTeam(session, channel.TeamId, permission)
+ return a.SessionHasPermissionToTeam(session, channel.TeamId, permission)
} else if err != nil && err.StatusCode == http.StatusNotFound {
return false
}
- return SessionHasPermissionTo(session, permission)
+ return a.SessionHasPermissionTo(session, permission)
}
func (a *App) SessionHasPermissionToChannelByPost(session model.Session, postId string, permission *model.Permission) bool {
@@ -70,13 +91,13 @@ func (a *App) SessionHasPermissionToChannelByPost(session model.Session, postId
if result := <-a.Srv.Store.Channel().GetForPost(postId); result.Err == nil {
channel := result.Data.(*model.Channel)
- return SessionHasPermissionToTeam(session, channel.TeamId, permission)
+ return a.SessionHasPermissionToTeam(session, channel.TeamId, permission)
}
- return SessionHasPermissionTo(session, permission)
+ return a.SessionHasPermissionTo(session, permission)
}
-func SessionHasPermissionToUser(session model.Session, userId string) bool {
+func (a *App) SessionHasPermissionToUser(session model.Session, userId string) bool {
if userId == "" {
return false
}
@@ -85,7 +106,7 @@ func SessionHasPermissionToUser(session model.Session, userId string) bool {
return true
}
- if SessionHasPermissionTo(session, model.PERMISSION_EDIT_OTHER_USERS) {
+ if a.SessionHasPermissionTo(session, model.PERMISSION_EDIT_OTHER_USERS) {
return true
}
diff --git a/app/session.go b/app/session.go
index 31f658e2f..209604dc5 100644
--- a/app/session.go
+++ b/app/session.go
@@ -124,7 +124,7 @@ func (a *App) ClearSessionCacheForUser(userId string) {
if a.Cluster != nil {
msg := &model.ClusterMessage{
Event: model.CLUSTER_EVENT_CLEAR_SESSION_CACHE_FOR_USER,
- SendType: model.CLUSTER_SEND_BEST_EFFORT,
+ SendType: model.CLUSTER_SEND_RELIABLE,
Data: userId,
}
a.Cluster.SendClusterMessage(msg)