diff options
author | Harrison Healey <harrisonmhealey@gmail.com> | 2016-07-08 17:03:28 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-08 17:03:28 -0400 |
commit | 2d1c0924eea25ceb5cf79a285511a7a577cbece0 (patch) | |
tree | 45ce02ddae317998235e3daf93ee1c0327629865 /api/file.go | |
parent | 968e8b04e1819037ea3c70e321dd4594fc6574b1 (diff) | |
download | chat-2d1c0924eea25ceb5cf79a285511a7a577cbece0.tar.gz chat-2d1c0924eea25ceb5cf79a285511a7a577cbece0.tar.bz2 chat-2d1c0924eea25ceb5cf79a285511a7a577cbece0.zip |
Fixed permissions when getting a file attachment to use the correct user id (#3535)
Diffstat (limited to 'api/file.go')
-rw-r--r-- | api/file.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/api/file.go b/api/file.go index 92bceaa80..5b08804da 100644 --- a/api/file.go +++ b/api/file.go @@ -356,7 +356,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { userId := params["user_id"] filename := params["filename"] - if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, userId), "getFile") { + if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, c.Session.UserId), "getFile") { return } |