summaryrefslogtreecommitdiffstats
path: root/api/oauth.go
diff options
context:
space:
mode:
authorChristopher Speller <crspeller@gmail.com>2016-09-13 12:42:48 -0400
committerJoram Wilander <jwawilander@gmail.com>2016-09-13 12:42:48 -0400
commit1e7985a87a72bea9a308cf1506dacc828c6e2e1c (patch)
treed4251391dc74a9ff4628dd1bed551c34d806a1b6 /api/oauth.go
parent05af5d14b8d07b010c70750ae1ac5ddf22c120a7 (diff)
downloadchat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.gz
chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.tar.bz2
chat-1e7985a87a72bea9a308cf1506dacc828c6e2e1c.zip
Modifying permissions system. (#3897)
Diffstat (limited to 'api/oauth.go')
-rw-r--r--api/oauth.go54
1 files changed, 17 insertions, 37 deletions
diff --git a/api/oauth.go b/api/oauth.go
index b1c7675ff..18a9979f6 100644
--- a/api/oauth.go
+++ b/api/oauth.go
@@ -53,12 +53,10 @@ func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
- if !c.IsSystemAdmin() {
- c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
- return
- }
+ if !HasPermissionToContext(c, model.PERMISSION_MANAGE_OAUTH) {
+ c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "")
+ c.Err.StatusCode = http.StatusForbidden
+ return
}
app := model.OAuthAppFromJson(r.Body)
@@ -94,18 +92,14 @@ func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- isSystemAdmin := c.IsSystemAdmin()
-
- if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
- if !isSystemAdmin {
- c.Err = model.NewLocAppError("getOAuthAppsByUser", "api.command.admin_only.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
- return
- }
+ if !HasPermissionToContext(c, model.PERMISSION_MANAGE_OAUTH) {
+ c.Err = model.NewLocAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "")
+ c.Err.StatusCode = http.StatusForbidden
+ return
}
var ochan store.StoreChannel
- if isSystemAdmin {
+ if HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
ochan = Srv.Store.OAuth().GetApps()
} else {
ochan = Srv.Store.OAuth().GetAppByUser(c.Session.UserId)
@@ -872,14 +866,10 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- isSystemAdmin := c.IsSystemAdmin()
-
- if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
- if !isSystemAdmin {
- c.Err = model.NewLocAppError("deleteOAuthApp", "api.command.admin_only.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
- return
- }
+ if !HasPermissionToContext(c, model.PERMISSION_MANAGE_OAUTH) {
+ c.Err = model.NewLocAppError("deleteOAuthApp", "api.command.admin_only.app_error", nil, "")
+ c.Err.StatusCode = http.StatusForbidden
+ return
}
c.LogAudit("attempt")
@@ -896,7 +886,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = result.Err
return
} else {
- if c.Session.UserId != result.Data.(*model.OAuthApp).CreatorId && !isSystemAdmin {
+ if c.Session.UserId != result.Data.(*model.OAuthApp).CreatorId && !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.LogAudit("fail - inappropriate permissions")
c.Err = model.NewLocAppError("deleteOAuthApp", "api.oauth.delete.permissions.app_error", nil, "user_id="+c.Session.UserId)
return
@@ -964,16 +954,6 @@ func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- isSystemAdmin := c.IsSystemAdmin()
-
- if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
- if !isSystemAdmin {
- c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
- return
- }
- }
-
params := mux.Vars(r)
id := params["id"]
@@ -989,9 +969,9 @@ func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) {
} else {
app = result.Data.(*model.OAuthApp)
- //validate that is a System Admin or the same user that registered the app
- if !isSystemAdmin && app.CreatorId != c.Session.UserId {
- c.Err = model.NewLocAppError("regenerateOAuthSecret", "api.oauth.regenerate_secret.app_error", nil, "")
+ if app.CreatorId != c.Session.UserId && !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "")
+ c.Err.StatusCode = http.StatusForbidden
return
}