diff options
| author | =Corey Hulen <corey@hulen.com> | 2016-02-04 08:03:42 -0800 |
|---|---|---|
| committer | =Corey Hulen <corey@hulen.com> | 2016-02-04 08:03:42 -0800 |
| commit | dffc5323ecd9c7bc1af0ea06ef4827078f9bcd52 (patch) | |
| tree | ba89623c1d1061135127431556466512662a0328 /api/command.go | |
| parent | 950e25df5af624a0b06d48f28e9979a0c47a081c (diff) | |
| download | chat-dffc5323ecd9c7bc1af0ea06ef4827078f9bcd52.tar.gz chat-dffc5323ecd9c7bc1af0ea06ef4827078f9bcd52.tar.bz2 chat-dffc5323ecd9c7bc1af0ea06ef4827078f9bcd52.zip | |
PLT-1429 Fixing code review comments
Diffstat (limited to 'api/command.go')
| -rw-r--r-- | api/command.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/api/command.go b/api/command.go index 390cc3770..a8573cdcc 100644 --- a/api/command.go +++ b/api/command.go @@ -318,7 +318,7 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { } else { cmd = result.Data.(*model.Command) - if c.Session.TeamId != cmd.TeamId && c.Session.UserId != cmd.CreatorId && !c.IsTeamAdmin() { + if c.Session.TeamId != cmd.TeamId || (c.Session.UserId != cmd.CreatorId && !c.IsTeamAdmin()) { c.LogAudit("fail - inappropriate permissions") c.Err = model.NewLocAppError("regenToken", "api.command.regen.app_error", nil, "user_id="+c.Session.UserId) return @@ -364,7 +364,7 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = result.Err return } else { - if c.Session.TeamId != result.Data.(*model.Command).TeamId && c.Session.UserId != result.Data.(*model.Command).CreatorId && !c.IsTeamAdmin() { + if c.Session.TeamId != result.Data.(*model.Command).TeamId || (c.Session.UserId != result.Data.(*model.Command).CreatorId && !c.IsTeamAdmin()) { c.LogAudit("fail - inappropriate permissions") c.Err = model.NewLocAppError("deleteCommand", "api.command.delete.app_error", nil, "user_id="+c.Session.UserId) return |