diff options
author | nickago <ngonella@calpoly.edu> | 2015-07-14 13:09:14 -0700 |
---|---|---|
committer | nickago <ngonella@calpoly.edu> | 2015-07-14 13:09:14 -0700 |
commit | cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba (patch) | |
tree | 21092457226138a45b0faff3743dd367475e25d1 /api/post.go | |
parent | b31327f072aa575d5ff97cc5e0786e50510ab456 (diff) | |
download | chat-cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba.tar.gz chat-cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba.tar.bz2 chat-cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba.zip |
Team admin can now delete any post
Diffstat (limited to 'api/post.go')
-rw-r--r-- | api/post.go | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/api/post.go b/api/post.go index 650f47062..0a8b5a20b 100644 --- a/api/post.go +++ b/api/post.go @@ -619,16 +619,23 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, channelId, c.Session.UserId) pchan := Srv.Store.Post().Get(postId) + uchan := Srv.Store.User().Get(c.Session.UserId) - if !c.HasPermissionsToChannel(cchan, "deletePost") { + if uresult := <-uchan; uresult.Err != nil { + c.Err = uresult.Err return - } - - if result := <-pchan; result.Err != nil { - c.Err = result.Err + } else if presult := <-pchan; presult.Err != nil { + c.Err = presult.Err return } else { - post := result.Data.(*model.PostList).Posts[postId] + + user := uresult.Data.(*model.User) + + if !c.HasPermissionsToChannel(cchan, "deletePost") && !strings.Contains(user.Roles,"admin"){ + return + } + + post := presult.Data.(*model.PostList).Posts[postId] if post == nil { c.SetInvalidParam("deletePost", "postId") @@ -641,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId { + if post.UserId != c.Session.UserId && !strings.Contains(user.Roles,"admin") { c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "") c.Err.StatusCode = http.StatusForbidden return |