diff options
author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-06-27 04:05:50 +0800 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2017-06-26 21:05:50 +0100 |
commit | f2abb9d8eb4b35369d286749ede37916a8979e07 (patch) | |
tree | eab631042f86bdd4e21370e826d47a1f9d668168 | |
parent | ffaab0bf22952f4e4c43fab62955eb0cdc13612b (diff) | |
download | chat-f2abb9d8eb4b35369d286749ede37916a8979e07.tar.gz chat-f2abb9d8eb4b35369d286749ede37916a8979e07.tar.bz2 chat-f2abb9d8eb4b35369d286749ede37916a8979e07.zip |
fix permission app error with updatePost (#6749)
-rw-r--r-- | api4/post.go | 4 | ||||
-rw-r--r-- | api4/post_test.go | 2 | ||||
-rw-r--r-- | app/post.go | 5 |
3 files changed, 6 insertions, 5 deletions
diff --git a/api4/post.go b/api4/post.go index 7bfe5ad64..65a508df7 100644 --- a/api4/post.go +++ b/api4/post.go @@ -302,6 +302,10 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) { func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { c.RequirePostId() + if c.Err != nil { + return + } + post := model.PostFromJson(r.Body) if post == nil { diff --git a/api4/post_test.go b/api4/post_test.go index abfd83989..a2c0b065b 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -137,6 +137,8 @@ func TestUpdatePost(t *testing.T) { msg := "zz" + model.NewId() + " update post" rpost.Message = msg + rpost.UserId = "" + rupost, resp := Client.UpdatePost(rpost.Id, rpost) CheckNoError(t, resp) diff --git a/app/post.go b/app/post.go index baea6179f..01581c748 100644 --- a/app/post.go +++ b/app/post.go @@ -239,11 +239,6 @@ func UpdatePost(post *model.Post, safeUpdate bool) (*model.Post, *model.AppError return nil, err } - if oldPost.UserId != post.UserId { - err := model.NewAppError("UpdatePost", "api.post.update_post.permissions.app_error", nil, "oldUserId="+oldPost.UserId, http.StatusBadRequest) - return nil, err - } - if oldPost.DeleteAt != 0 { err := model.NewAppError("UpdatePost", "api.post.update_post.permissions_details.app_error", map[string]interface{}{"PostId": post.Id}, "", http.StatusBadRequest) return nil, err |