PLT-3105 Files table migration (#4068)

* Implemented initial changes for files table

* Removed *_benchmark_test.go files

* Re-implemented GetPublicFile and added support for old path

* Localization for files table

* Moved file system code into utils package

* Finished server-side changes and added initial upgrade script

* Added getPostFiles api

* Re-add Extension and HasPreviewImage fields to FileInfo

* Removed unused translation

* Fixed merge conflicts left over after permissions changes

* Forced FileInfo.extension to be lower case

* Changed FileUploadResponse to contain the FileInfos instead of FileIds

* Fixed permissions on getFile* calls

* Fixed notifications for file uploads

* Added initial version of client code for files changes

* Permanently added FileIds field to Post object and removed Post.HasFiles

* Updated PostStore.Update to be usable in more circumstances

* Re-added Filenames field and switched file migration to be entirely lazy-loaded

* Increased max listener count for FileStore

* Removed unused fileInfoCache

* Moved file system code back into api

* Removed duplicate test case

* Fixed unit test running on ports other than 8065

* Renamed HasPermissionToPostContext to HasPermissionToChannelByPostContext

* Refactored handleImages to make it more easily understandable

* Renamed getPostFiles to getFileInfosForPost

* Re-added pre-FileIds posts to analytics

* Changed files to be saved as their ids as opposed to id/filename.ext

* Renamed FileInfo.UserId to FileInfo.CreatorId

* Fixed detection of language in CodePreview

* Fixed switching between threads in the RHS not loading new files

* Add serverside protection against a rare bug where the client sends the same file twice for a single post

* Refactored the important parts of uploadFile api call into a function that can be called without a web context

1 files changed, 36 insertions, 0 deletions

diff --git a/api/authorization.go b/api/authorization.go
index fb04b069b..5badf244b 100644
--- a/api/authorization.go
+++ b/api/authorization.go
@@ -114,6 +114,42 @@ func HasPermissionToChannel(user *model.User, teamMember *model.TeamMember, chan
 	return HasPermissionToTeam(user, teamMember, permission)
 }
 
+func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool {
+	cmc := Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId)
+
+	var channelRoles []string
+	if cmcresult := <-cmc; cmcresult.Err == nil {
+		channelMember := cmcresult.Data.(*model.ChannelMember)
+		channelRoles = channelMember.GetRoles()
+
+		if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
+			return true
+		}
+	}
+
+	cc := Srv.Store.Channel().GetForPost(postId)
+	if ccresult := <-cc; ccresult.Err == nil {
+		channel := ccresult.Data.(*model.Channel)
+
+		if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
+			roles := teamMember.GetRoles()
+
+			if CheckIfRolesGrantPermission(roles, permission.Id) {
+				return true
+			}
+		}
+
+	}
+
+	if HasPermissionToContext(c, permission) {
+		return true
+	}
+
+	c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
+	c.Err.StatusCode = http.StatusForbidden
+	return false
+}
+
 func HasPermissionToUser(c *Context, userId string) bool {
 	// You are the user (users autmaticly have permissions to themselves)
 	if c.Session.UserId == userId {