Merge release-4.2

author: Christopher Speller <crspeller@gmail.com> 2017-09-06 20:43:18 -0700
committer: Christopher Speller <crspeller@gmail.com> 2017-09-06 20:43:18 -0700
commit: 77709ccdda86408d5135b8bc71462e2111992358 (patch)
tree: 5efc1631eb6cb31f8768fafeb58612557d98cb59 /api/general.go
parent: fd86a2490ea81eba8e12dcce76455710f182f81c (diff)
parent: e589accdaf38bb82cb5d3b5dd84eadf9bfb58b5c (diff)
download: chat-77709ccdda86408d5135b8bc71462e2111992358.tar.gz
chat-77709ccdda86408d5135b8bc71462e2111992358.tar.bz2
chat-77709ccdda86408d5135b8bc71462e2111992358.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/api/general.go b/api/general.go
index 16a739704..ceb0b209f 100644
--- a/api/general.go
+++ b/api/general.go
@@ -10,6 +10,7 @@ import (
 
 	l4g "github.com/alecthomas/log4go"
 
+	"github.com/mattermost/platform/app"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/utils"
 )
@@ -30,7 +31,14 @@ func logClient(c *Context, w http.ResponseWriter, r *http.Request) {
 	forceToDebug := false
 
 	if !*utils.Cfg.ServiceSettings.EnableDeveloper {
-		forceToDebug = true
+		if c.Session.UserId == "" {
+			c.Err = model.NewAppError("Permissions", "api.context.permissions.app_error", nil, "", http.StatusForbidden)
+			return
+		}
+
+		if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+			forceToDebug = true
+		}
 	}
 
 	m := model.MapFromJson(r.Body)
author	Christopher Speller <crspeller@gmail.com>	2017-09-06 20:43:18 -0700
committer	Christopher Speller <crspeller@gmail.com>	2017-09-06 20:43:18 -0700
commit	77709ccdda86408d5135b8bc71462e2111992358 (patch)
tree	5efc1631eb6cb31f8768fafeb58612557d98cb59 /api/general.go
parent	fd86a2490ea81eba8e12dcce76455710f182f81c (diff)
parent	e589accdaf38bb82cb5d3b5dd84eadf9bfb58b5c (diff)
download	chat-77709ccdda86408d5135b8bc71462e2111992358.tar.gz chat-77709ccdda86408d5135b8bc71462e2111992358.tar.bz2 chat-77709ccdda86408d5135b8bc71462e2111992358.zip