Move permissions code into app package (#5146)

* Move permissions code into app package * Revert getPosts permission
author: Joram Wilander <jwawilander@gmail.com> 2017-01-23 08:12:05 -0500
committer: GitHub <noreply@github.com> 2017-01-23 08:12:05 -0500
commit: e9c9688b343049c6d461260bd15fff3486238f92 (patch)
tree: a112e51de0e7f9989b173b7dbc4ad89080cc0e34 /api/command.go
parent: b064457c745ae6bf27e5e6933a0a7406f3f4921d (diff)
download: chat-e9c9688b343049c6d461260bd15fff3486238f92.tar.gz
chat-e9c9688b343049c6d461260bd15fff3486238f92.tar.bz2
chat-e9c9688b343049c6d461260bd15fff3486238f92.zip
1 files changed, 10 insertions, 9 deletions
diff --git a/api/command.go b/api/command.go
index 376cb1075..7e0a1e232 100644
--- a/api/command.go
+++ b/api/command.go
@@ -97,7 +97,8 @@ func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	if len(commandArgs.ChannelId) > 0 {
-		if !HasPermissionToChannelContext(c, commandArgs.ChannelId, model.PERMISSION_USE_SLASH_COMMANDS) {
+		if !app.SessionHasPermissionToChannel(c.Session, commandArgs.ChannelId, model.PERMISSION_USE_SLASH_COMMANDS) {
+			c.SetPermissionError(model.PERMISSION_USE_SLASH_COMMANDS)
 			return
 		}
 	}
@@ -260,7 +261,7 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+	if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
 		c.Err = model.NewLocAppError("createCommand", "api.command.admin_only.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -316,7 +317,7 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+	if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
 		c.Err = model.NewLocAppError("updateCommand", "api.command.admin_only.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -340,7 +341,7 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else {
 		oldCmd = result.Data.(*model.Command)
 
-		if c.Session.UserId != oldCmd.CreatorId && !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
+		if c.Session.UserId != oldCmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
 			c.LogAudit("fail - inappropriate permissions")
 			c.Err = model.NewLocAppError("updateCommand", "api.command.update.app_error", nil, "user_id="+c.Session.UserId)
 			return
@@ -375,7 +376,7 @@ func listTeamCommands(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+	if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
 		c.Err = model.NewLocAppError("listTeamCommands", "api.command.admin_only.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -397,7 +398,7 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+	if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
 		c.Err = model.NewLocAppError("regenCommandToken", "api.command.admin_only.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -420,7 +421,7 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else {
 		cmd = result.Data.(*model.Command)
 
-		if c.TeamId != cmd.TeamId || (c.Session.UserId != cmd.CreatorId && !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)) {
+		if c.TeamId != cmd.TeamId || (c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)) {
 			c.LogAudit("fail - inappropriate permissions")
 			c.Err = model.NewLocAppError("regenToken", "api.command.regen.app_error", nil, "user_id="+c.Session.UserId)
 			return
@@ -444,7 +445,7 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
+	if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
 		c.Err = model.NewLocAppError("deleteCommand", "api.command.admin_only.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -464,7 +465,7 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
 		c.Err = result.Err
 		return
 	} else {
-		if c.TeamId != result.Data.(*model.Command).TeamId || (c.Session.UserId != result.Data.(*model.Command).CreatorId && !HasPermissionToCurrentTeamContext(c, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)) {
+		if c.TeamId != result.Data.(*model.Command).TeamId || (c.Session.UserId != result.Data.(*model.Command).CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)) {
 			c.LogAudit("fail - inappropriate permissions")
 			c.Err = model.NewLocAppError("deleteCommand", "api.command.delete.app_error", nil, "user_id="+c.Session.UserId)
 			return
author	Joram Wilander <jwawilander@gmail.com>	2017-01-23 08:12:05 -0500
committer	GitHub <noreply@github.com>	2017-01-23 08:12:05 -0500
commit	e9c9688b343049c6d461260bd15fff3486238f92 (patch)
tree	a112e51de0e7f9989b173b7dbc4ad89080cc0e34 /api/command.go
parent	b064457c745ae6bf27e5e6933a0a7406f3f4921d (diff)
download	chat-e9c9688b343049c6d461260bd15fff3486238f92.tar.gz chat-e9c9688b343049c6d461260bd15fff3486238f92.tar.bz2 chat-e9c9688b343049c6d461260bd15fff3486238f92.zip