EE: Add the ability to restrict the user roles that can send team invites (#3442)

1 files changed, 13 insertions, 1 deletions

diff --git a/api/team.go b/api/team.go
index 0f7298b57..cb942bb35 100644
--- a/api/team.go
+++ b/api/team.go
@@ -394,11 +394,23 @@ func revokeAllSessions(c *Context, w http.ResponseWriter, r *http.Request) {
 func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) {
 	invites := model.InvitesFromJson(r.Body)
 	if len(invites.Invites) == 0 {
-		c.Err = model.NewLocAppError("Team.InviteMembers", "api.team.invite_members.no_one.app_error", nil, "")
+		c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.no_one.app_error", nil, "")
 		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
+	if utils.IsLicensed {
+		if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.TEAM_INVITE_SYSTEM_ADMIN && !c.IsSystemAdmin() {
+			c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.restricted_system_admin.app_error", nil, "")
+			return
+		}
+
+		if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.TEAM_INVITE_TEAM_ADMIN && !c.IsTeamAdmin() {
+			c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.restricted_team_admin.app_error", nil, "")
+			return
+		}
+	}
+
 	tchan := Srv.Store.Team().Get(c.TeamId)
 	uchan := Srv.Store.User().Get(c.Session.UserId)