diff options
author | nickago <ngonella@calpoly.edu> | 2015-07-14 13:09:14 -0700 |
---|---|---|
committer | nickago <ngonella@calpoly.edu> | 2015-07-14 13:09:14 -0700 |
commit | cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba (patch) | |
tree | 21092457226138a45b0faff3743dd367475e25d1 | |
parent | b31327f072aa575d5ff97cc5e0786e50510ab456 (diff) | |
download | chat-cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba.tar.gz chat-cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba.tar.bz2 chat-cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba.zip |
Team admin can now delete any post
-rw-r--r-- | api/post.go | 21 | ||||
-rw-r--r-- | api/post_test.go | 14 | ||||
-rw-r--r-- | web/react/components/post_info.jsx | 3 |
3 files changed, 29 insertions, 9 deletions
diff --git a/api/post.go b/api/post.go index 650f47062..0a8b5a20b 100644 --- a/api/post.go +++ b/api/post.go @@ -619,16 +619,23 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, channelId, c.Session.UserId) pchan := Srv.Store.Post().Get(postId) + uchan := Srv.Store.User().Get(c.Session.UserId) - if !c.HasPermissionsToChannel(cchan, "deletePost") { + if uresult := <-uchan; uresult.Err != nil { + c.Err = uresult.Err return - } - - if result := <-pchan; result.Err != nil { - c.Err = result.Err + } else if presult := <-pchan; presult.Err != nil { + c.Err = presult.Err return } else { - post := result.Data.(*model.PostList).Posts[postId] + + user := uresult.Data.(*model.User) + + if !c.HasPermissionsToChannel(cchan, "deletePost") && !strings.Contains(user.Roles,"admin"){ + return + } + + post := presult.Data.(*model.PostList).Posts[postId] if post == nil { c.SetInvalidParam("deletePost", "postId") @@ -641,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId { + if post.UserId != c.Session.UserId && !strings.Contains(user.Roles,"admin") { c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/post_test.go b/api/post_test.go index 970307759..5009ff54d 100644 --- a/api/post_test.go +++ b/api/post_test.go @@ -483,6 +483,10 @@ func TestDeletePosts(t *testing.T) { team := &model.Team{Name: "Name", Domain: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + userAdmin := &model.User{TeamId: team.Id, Email: team.Email, FullName: "Corey Hulen", Password: "pwd"} + userAdmin = Client.Must(Client.CreateUser(userAdmin, "")).Data.(*model.User) + store.Must(Srv.Store.User().VerifyEmail(userAdmin.Id)) + user1 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", FullName: "Corey Hulen", Password: "pwd"} user1 = Client.Must(Client.CreateUser(user1, "")).Data.(*model.User) store.Must(Srv.Store.User().VerifyEmail(user1.Id)) @@ -521,8 +525,16 @@ func TestDeletePosts(t *testing.T) { r2 := Client.Must(Client.GetPosts(channel1.Id, 0, 10, "")).Data.(*model.PostList) if len(r2.Posts) != 4 { - t.Fatal("should have returned 5 items") + t.Fatal("should have returned 4 items") } + + time.Sleep(10 * time.Millisecond) + post4 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"} + post4 = Client.Must(Client.CreatePost(post4)).Data.(*model.Post) + + Client.LoginByEmail(team.Domain, userAdmin.Email, "pwd") + + Client.Must(Client.DeletePost(channel1.Id, post4.Id)) } func TestEmailMention(t *testing.T) { diff --git a/web/react/components/post_info.jsx b/web/react/components/post_info.jsx index cf01747f0..48efa95ba 100644 --- a/web/react/components/post_info.jsx +++ b/web/react/components/post_info.jsx @@ -11,6 +11,7 @@ module.exports = React.createClass({ render: function() { var post = this.props.post; var isOwner = UserStore.getCurrentId() == post.user_id; + var isAdmin = UserStore.getCurrentUser().roles.indexOf("admin") > -1 var type = "Post" if (post.root_id.length > 0) { @@ -36,7 +37,7 @@ module.exports = React.createClass({ <ul className="dropdown-menu" role="menu"> { isOwner ? <li role="presentation"><a href="#" role="menuitem" data-toggle="modal" data-target="#edit_post" data-title={type} data-message={post.message} data-postid={post.id} data-channelid={post.channel_id} data-comments={type === "Post" ? this.props.commentCount : 0}>Edit</a></li> : "" } - { isOwner ? <li role="presentation"><a href="#" role="menuitem" data-toggle="modal" data-target="#delete_post" data-title={type} data-postid={post.id} data-channelid={post.channel_id} data-comments={type === "Post" ? this.props.commentCount : 0}>Delete</a></li> + { isOwner || isAdmin ? <li role="presentation"><a href="#" role="menuitem" data-toggle="modal" data-target="#delete_post" data-title={type} data-postid={post.id} data-channelid={post.channel_id} data-comments={type === "Post" ? this.props.commentCount : 0}>Delete</a></li> : "" } { this.props.allowReply === "true" ? <li role="presentation"><a className="reply-link theme" href="#" onClick={this.props.handleCommentClick}>Reply</a></li> : "" } |