diff options
author | Carlos Tadeu Panato Junior <ctadeu@gmail.com> | 2016-12-20 16:55:22 +0100 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2016-12-20 07:55:22 -0800 |
commit | b9092ca2f56b0fa2b8ec7719c2ec5cfe5a21a6c9 (patch) | |
tree | f9d8a0aee0937acca727786db077fa38039304db /api/context.go | |
parent | 92b2810d84bda78b87f23d5e3d8d04de1c3d9125 (diff) | |
download | chat-b9092ca2f56b0fa2b8ec7719c2ec5cfe5a21a6c9.tar.gz chat-b9092ca2f56b0fa2b8ec7719c2ec5cfe5a21a6c9.tar.bz2 chat-b9092ca2f56b0fa2b8ec7719c2ec5cfe5a21a6c9.zip |
Fix API Get channels for a user returns users' dm channels with blank teamid (#4748)
* fix API Get channels for a user returns users' dm channels with blank team ID
add check in the context.go
add suggestion
made adjustment per review and support from @joram
* update tests
* add check if needd user or admin permissions
* update per review
Diffstat (limited to 'api/context.go')
-rw-r--r-- | api/context.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/api/context.go b/api/context.go index 4042a7b0f..765bb502a 100644 --- a/api/context.go +++ b/api/context.go @@ -221,6 +221,11 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { SetStatusOnline(c.Session.UserId, c.Session.Id, false) } + if c.Err == nil && (h.requireUser || h.requireSystemAdmin) { + //check if teamId exist + c.CheckTeamId() + } + if c.Err == nil { h.handleFunc(c, w, r) } @@ -575,3 +580,18 @@ func InvalidateAllCaches() { store.ClearUserCaches() store.ClearPostCaches() } + +func (c *Context) CheckTeamId() { + if c.TeamId != "" && c.Session.GetTeamByTeamId(c.TeamId) == nil { + if HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM) { + if result := <-Srv.Store.Team().Get(c.TeamId); result.Err != nil { + c.Err = result.Err + c.Err.StatusCode = http.StatusBadRequest + return + } + } else { + // just return because it fail on the HasPermissionToContext and the error is already on the Context c.Err + return + } + } +} |