diff options
| author | Christopher Speller <crspeller@gmail.com> | 2016-09-13 12:42:48 -0400 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2016-09-13 12:42:48 -0400 |
| commit | 1e7985a87a72bea9a308cf1506dacc828c6e2e1c (patch) | |
| tree | d4251391dc74a9ff4628dd1bed551c34d806a1b6 /api/context.go | |
| parent | 05af5d14b8d07b010c70750ae1ac5ddf22c120a7 (diff) | |
| download | chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.gz chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.bz2 chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.zip | |
Modifying permissions system. (#3897)
Diffstat (limited to 'api/context.go')
| -rw-r--r-- | api/context.go | 92 |
1 files changed, 9 insertions, 83 deletions
diff --git a/api/context.go b/api/context.go index b63005d64..81a2c021d 100644 --- a/api/context.go +++ b/api/context.go @@ -16,7 +16,6 @@ import ( "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" - "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -77,6 +76,10 @@ func ApiAdminSystemRequired(h func(*Context, http.ResponseWriter, *http.Request) return &handler{h, true, true, true, false, false, false} } +func ApiAdminSystemRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{h, true, true, true, false, false, true} +} + func ApiAppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { return &handler{h, false, false, true, false, false, true} } @@ -202,10 +205,6 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { c.SystemAdminRequired() } - if c.Err == nil && len(c.TeamId) > 0 && !h.isTeamIndependent { - c.HasPermissionsToTeam(c.TeamId, "TeamRoute") - } - if c.Err == nil && h.isUserActivity && token != "" && len(c.Session.UserId) > 0 { SetStatusOnline(c.Session.UserId, c.Session.Id, false) } @@ -320,90 +319,13 @@ func (c *Context) SystemAdminRequired() { c.Err = model.NewLocAppError("", "api.context.session_expired.app_error", nil, "SystemAdminRequired") c.Err.StatusCode = http.StatusUnauthorized return - } else if !c.IsSystemAdmin() { + } else if !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM) { c.Err = model.NewLocAppError("", "api.context.permissions.app_error", nil, "AdminRequired") c.Err.StatusCode = http.StatusForbidden return } } -func (c *Context) HasPermissionsToUser(userId string, where string) bool { - - // You are the user - if c.Session.UserId == userId { - return true - } - - // You're a mattermost system admin and you're on the VPN - if c.IsSystemAdmin() { - return true - } - - c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+userId) - c.Err.StatusCode = http.StatusForbidden - return false -} - -func (c *Context) HasPermissionsToTeam(teamId string, where string) bool { - if c.IsSystemAdmin() { - return true - } - - for _, teamMember := range c.Session.TeamMembers { - if teamId == teamMember.TeamId { - return true - } - } - - c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+teamId) - c.Err.StatusCode = http.StatusForbidden - return false -} - -func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) bool { - if cresult := <-sc; cresult.Err != nil { - c.Err = cresult.Err - return false - } else if cresult.Data.(int64) != 1 { - c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+c.Session.UserId) - c.Err.StatusCode = http.StatusForbidden - return false - } - - return true -} - -func (c *Context) HasSystemAdminPermissions(where string) bool { - if c.IsSystemAdmin() { - return true - } - - c.Err = model.NewLocAppError(where, "api.context.system_permissions.app_error", nil, "userId="+c.Session.UserId) - c.Err.StatusCode = http.StatusForbidden - return false -} - -func (c *Context) IsSystemAdmin() bool { - if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { - return true - } - return false -} - -func (c *Context) IsTeamAdmin() bool { - - if c.IsSystemAdmin() { - return true - } - - teamMember := c.Session.GetTeamByTeamId(c.TeamId) - if teamMember == nil { - return false - } - - return teamMember.IsTeamAdmin() -} - func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) { cookie := &http.Cookie{ Name: model.SESSION_COOKIE_TOKEN, @@ -463,6 +385,10 @@ func (c *Context) GetSiteURL() string { return c.siteURL } +func (c *Context) GetCurrentTeamMember() *model.TeamMember { + return c.Session.GetTeamByTeamId(c.TeamId) +} + func IsApiCall(r *http.Request) bool { return strings.Index(r.URL.Path, "/api/") == 0 } |