diff options
| author | Christopher Speller <crspeller@gmail.com> | 2016-09-13 12:42:48 -0400 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2016-09-13 12:42:48 -0400 |
| commit | 1e7985a87a72bea9a308cf1506dacc828c6e2e1c (patch) | |
| tree | d4251391dc74a9ff4628dd1bed551c34d806a1b6 /api/file.go | |
| parent | 05af5d14b8d07b010c70750ae1ac5ddf22c120a7 (diff) | |
| download | chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.gz chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.bz2 chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.zip | |
Modifying permissions system. (#3897)
Diffstat (limited to 'api/file.go')
| -rw-r--r-- | api/file.go | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/api/file.go b/api/file.go index 113666270..dd99a8caf 100644 --- a/api/file.go +++ b/api/file.go @@ -103,8 +103,6 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { return } - cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId) - files := m.File["files"] resStruct := &model.FileUploadResponse{ @@ -115,7 +113,7 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { imageNameList := []string{} imageDataList := [][]byte{} - if !c.HasPermissionsToChannel(cchan, "uploadFile") { + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_UPLOAD_FILE) { return } @@ -318,7 +316,9 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { return } - cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId) + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) { + return + } path := "teams/" + c.TeamId + "/channels/" + channelId + "/users/" + userId + "/" + filename var info *model.FileInfo @@ -339,10 +339,6 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { } } - if !c.HasPermissionsToChannel(cchan, "getFileInfo") { - return - } - w.Header().Set("Cache-Control", "max-age=2592000, public") w.Write([]byte(info.ToJson())) @@ -356,7 +352,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { userId := params["user_id"] filename := params["filename"] - if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, c.Session.UserId), "getFile") { + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) { return } @@ -512,14 +508,12 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) { userId := matches[0][2] filename = matches[0][3] - cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId) - - url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename) - - if !c.HasPermissionsToChannel(cchan, "getPublicLink") { + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_GET_PUBLIC_LINK) { return } + url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename) + w.Write([]byte(model.StringToJson(url))) } |