diff options
| author | Christopher Speller <crspeller@gmail.com> | 2016-04-27 16:02:58 -0400 |
|---|---|---|
| committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-04-27 16:02:58 -0400 |
| commit | fa807d8e436e87b8c1749ea54c293a15c67f7f29 (patch) | |
| tree | 9557bb5342425dffd3606cb03f1378de5f5cc032 /api/post.go | |
| parent | d962e175f838817f4db060227cf8b5e2258b887c (diff) | |
| download | chat-fa807d8e436e87b8c1749ea54c293a15c67f7f29.tar.gz chat-fa807d8e436e87b8c1749ea54c293a15c67f7f29.tar.bz2 chat-fa807d8e436e87b8c1749ea54c293a15c67f7f29.zip | |
Fixing permalinks to channels your not a memeber of (#2805)
Diffstat (limited to 'api/post.go')
| -rw-r--r-- | api/post.go | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/api/post.go b/api/post.go index 4eb87349e..7899145a6 100644 --- a/api/post.go +++ b/api/post.go @@ -27,6 +27,7 @@ func InitPost() { BaseRoutes.NeedTeam.Handle("/posts/search", ApiUserRequired(searchPosts)).Methods("GET") BaseRoutes.NeedTeam.Handle("/posts/{post_id}", ApiUserRequired(getPostById)).Methods("GET") + BaseRoutes.NeedTeam.Handle("/pltmp/{post_id}", ApiUserRequired(getPermalinkTmp)).Methods("GET") BaseRoutes.Posts.Handle("/create", ApiUserRequired(createPost)).Methods("POST") BaseRoutes.Posts.Handle("/update", ApiUserRequired(updatePost)).Methods("POST") @@ -1089,6 +1090,53 @@ func getPostById(c *Context, w http.ResponseWriter, r *http.Request) { } } +func getPermalinkTmp(c *Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + + postId := params["post_id"] + if len(postId) != 26 { + c.SetInvalidParam("getPermalinkTmp", "postId") + return + } + + if result := <-Srv.Store.Post().Get(postId); result.Err != nil { + c.Err = result.Err + return + } else { + list := result.Data.(*model.PostList) + + if len(list.Order) != 1 { + c.Err = model.NewLocAppError("getPermalinkTmp", "api.post_get_post_by_id.get.app_error", nil, "") + return + } + post := list.Posts[list.Order[0]] + + if !c.HasPermissionsToTeam(c.TeamId, "permalink") { + return + } + + cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, post.ChannelId, c.Session.UserId) + if !c.HasPermissionsToChannel(cchan, "getPermalinkTmp") { + // If we don't have permissions attempt to join the channel to fix the problem + if err, _ := JoinChannelById(c, c.Session.UserId, post.ChannelId); err != nil { + // On error just return with permissions error + c.Err = err + return + } else { + // If we sucessfully joined the channel then clear the permissions error and continue + c.Err = nil + } + } + + if HandleEtag(list.Etag(), w, r) { + return + } + + w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag()) + w.Write([]byte(list.ToJson())) + } +} + func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) |