summaryrefslogtreecommitdiffstats
path: root/api/file.go
diff options
context:
space:
mode:
authorChristopher Speller <crspeller@gmail.com>2016-09-13 12:42:48 -0400
committerJoram Wilander <jwawilander@gmail.com>2016-09-13 12:42:48 -0400
commit1e7985a87a72bea9a308cf1506dacc828c6e2e1c (patch)
treed4251391dc74a9ff4628dd1bed551c34d806a1b6 /api/file.go
parent05af5d14b8d07b010c70750ae1ac5ddf22c120a7 (diff)
downloadchat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.gz
chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.bz2
chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.zip
Modifying permissions system. (#3897)
Diffstat (limited to 'api/file.go')
-rw-r--r--api/file.go22
1 files changed, 8 insertions, 14 deletions
diff --git a/api/file.go b/api/file.go
index 113666270..dd99a8caf 100644
--- a/api/file.go
+++ b/api/file.go
@@ -103,8 +103,6 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
-
files := m.File["files"]
resStruct := &model.FileUploadResponse{
@@ -115,7 +113,7 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
imageNameList := []string{}
imageDataList := [][]byte{}
- if !c.HasPermissionsToChannel(cchan, "uploadFile") {
+ if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_UPLOAD_FILE) {
return
}
@@ -318,7 +316,9 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
+ if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) {
+ return
+ }
path := "teams/" + c.TeamId + "/channels/" + channelId + "/users/" + userId + "/" + filename
var info *model.FileInfo
@@ -339,10 +339,6 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
- if !c.HasPermissionsToChannel(cchan, "getFileInfo") {
- return
- }
-
w.Header().Set("Cache-Control", "max-age=2592000, public")
w.Write([]byte(info.ToJson()))
@@ -356,7 +352,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
userId := params["user_id"]
filename := params["filename"]
- if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, c.Session.UserId), "getFile") {
+ if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) {
return
}
@@ -512,14 +508,12 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) {
userId := matches[0][2]
filename = matches[0][3]
- cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
-
- url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename)
-
- if !c.HasPermissionsToChannel(cchan, "getPublicLink") {
+ if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_GET_PUBLIC_LINK) {
return
}
+ url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename)
+
w.Write([]byte(model.StringToJson(url)))
}