diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-11-01 13:23:26 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-11-01 13:23:26 -0400 |
commit | 98131a293a1a7013a717789317fa18e6f190abdb (patch) | |
tree | 56e152cdd2699c6f2931d2a765631742106540de /api/post.go | |
parent | b4002ba55f9a96ca2f21b3ad2afced37b47ac69e (diff) | |
download | chat-98131a293a1a7013a717789317fa18e6f190abdb.tar.gz chat-98131a293a1a7013a717789317fa18e6f190abdb.tar.bz2 chat-98131a293a1a7013a717789317fa18e6f190abdb.zip |
Fixing joining of channels via permalinks for system admins. (#4409)
Diffstat (limited to 'api/post.go')
-rw-r--r-- | api/post.go | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/api/post.go b/api/post.go index 35159693a..1a30dca14 100644 --- a/api/post.go +++ b/api/post.go @@ -1329,16 +1329,15 @@ func getPermalinkTmp(c *Context, w http.ResponseWriter, r *http.Request) { } post := list.Posts[list.Order[0]] - if !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_READ_CHANNEL) { - // If we don't have permissions attempt to join the channel to fix the problem - if err, _ := JoinChannelById(c, c.Session.UserId, post.ChannelId); err != nil { - // On error just return with permissions error - c.Err = err - return - } else { - // If we sucessfully joined the channel then clear the permissions error and continue - c.Err = nil - } + // Because we confuse permissions and membership in Mattermost's model, we have to just + // try to join the channel without checking if we already have permission to it. This is + // because system admins have permissions to every channel but are not nessisary a member + // of every channel. If we checked here then system admins would skip joining the channel and + // error when they tried to view it. + if err, _ := JoinChannelById(c, c.Session.UserId, post.ChannelId); err != nil { + // On error just return with permissions error + c.Err = err + return } if HandleEtag(list.Etag(), w, r) { |