diff options
author | Amit Yadav <iit.amit@gmail.com> | 2017-01-18 18:38:31 +0530 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2017-01-18 08:08:31 -0500 |
commit | 99cf08ac38bdee25d07f27a3d9bb5d74199d106c (patch) | |
tree | e85ca087c2ec1b6bfe859d509b0f9e5c1a991630 /api/post.go | |
parent | 8f0175e15c4d6bd08ca6795851455468811c3dc9 (diff) | |
download | chat-99cf08ac38bdee25d07f27a3d9bb5d74199d106c.tar.gz chat-99cf08ac38bdee25d07f27a3d9bb5d74199d106c.tar.bz2 chat-99cf08ac38bdee25d07f27a3d9bb5d74199d106c.zip |
Message Editing and Deleting permissions (#4692)
Diffstat (limited to 'api/post.go')
-rw-r--r-- | api/post.go | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/api/post.go b/api/post.go index bbdce78e8..0e3ad2aa5 100644 --- a/api/post.go +++ b/api/post.go @@ -91,6 +91,16 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { } func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { + + if utils.IsLicensed { + if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_NEVER { + c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, + c.T("api.post.update_post.permissions_denied.app_error")) + c.Err.StatusCode = http.StatusForbidden + return + } + } + post := model.PostFromJson(r.Body) if post == nil { @@ -135,6 +145,15 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { c.Err.StatusCode = http.StatusForbidden return } + + if utils.IsLicensed { + if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_TIME_LIMIT && model.GetMillis() > oldPost.CreateAt+int64(*utils.Cfg.ServiceSettings.PostEditTimeLimit*1000) { + c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, + c.T("api.post.update_post.permissions_time_limit.app_error", map[string]interface{}{"timeLimit": *utils.Cfg.ServiceSettings.PostEditTimeLimit})) + c.Err.StatusCode = http.StatusForbidden + return + } + } } newPost := &model.Post{} @@ -402,7 +421,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_EDIT_POST) { + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_DELETE_POST) { return } @@ -426,7 +445,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId && !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_EDIT_OTHERS_POSTS) { + if post.UserId != c.Session.UserId && !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_DELETE_OTHERS_POSTS) { c.Err = model.NewLocAppError("deletePost", "api.post.delete_post.permissions.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return |