diff options
| author | nickago <ngonella@calpoly.edu> | 2015-07-16 13:40:18 -0700 |
|---|---|---|
| committer | nickago <ngonella@calpoly.edu> | 2015-07-16 13:40:18 -0700 |
| commit | d31b3e413a71607f6f9593f414892cace955fb1a (patch) | |
| tree | 8d4b069aa786879e009df8496d4660c1149b1f5d | |
| parent | cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba (diff) | |
| download | chat-d31b3e413a71607f6f9593f414892cace955fb1a.tar.gz chat-d31b3e413a71607f6f9593f414892cace955fb1a.tar.bz2 chat-d31b3e413a71607f6f9593f414892cace955fb1a.zip | |
Moved admin checking into seperate function
| -rw-r--r-- | api/context.go | 10 | ||||
| -rw-r--r-- | api/post.go | 20 |
2 files changed, 17 insertions, 13 deletions
diff --git a/api/context.go b/api/context.go index bea0fbeff..0c9dee5c3 100644 --- a/api/context.go +++ b/api/context.go @@ -265,6 +265,16 @@ func (c *Context) IsSystemAdmin() bool { return false } +func (c *Context) IsTeamAdmin() bool { + if uresult := <-Srv.Store.User().Get(c.Session.UserId); uresult.Err != nil { + c.Err = uresult.Err + return false + } else { + user := uresult.Data.(*model.User) + return strings.Contains(user.Roles, model.ROLE_ADMIN) && user.TeamId == c.Session.TeamId + } +} + func (c *Context) RemoveSessionCookie(w http.ResponseWriter) { sessionCache.Remove(c.Session.Id) diff --git a/api/post.go b/api/post.go index 0a8b5a20b..214429bb9 100644 --- a/api/post.go +++ b/api/post.go @@ -619,23 +619,17 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, channelId, c.Session.UserId) pchan := Srv.Store.Post().Get(postId) - uchan := Srv.Store.User().Get(c.Session.UserId) - if uresult := <-uchan; uresult.Err != nil { - c.Err = uresult.Err + if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin(){ return - } else if presult := <-pchan; presult.Err != nil { - c.Err = presult.Err + } + + if result := <-pchan; result.Err != nil { + c.Err = result.Err return } else { - user := uresult.Data.(*model.User) - - if !c.HasPermissionsToChannel(cchan, "deletePost") && !strings.Contains(user.Roles,"admin"){ - return - } - - post := presult.Data.(*model.PostList).Posts[postId] + post := result.Data.(*model.PostList).Posts[postId] if post == nil { c.SetInvalidParam("deletePost", "postId") @@ -648,7 +642,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId && !strings.Contains(user.Roles,"admin") { + if post.UserId != c.Session.UserId && !strings.Contains(c.Session.Roles,model.ROLE_ADMIN) { c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "") c.Err.StatusCode = http.StatusForbidden return |