Adding checkout for system admin role

author: =Corey Hulen <corey@hulen.com> 2015-10-06 10:50:38 -0700
committer: =Corey Hulen <corey@hulen.com> 2015-10-06 10:50:38 -0700
commit: 3b4b79d99f8795a26c38b843ca822f38e27ddc23 (patch)
tree: d41300c2eec8dbaa7d02ec41695c78b83866461d /api/user.go
parent: 3d4220ce5ffc34186ef8f9e0f031507cd91b10fa (diff)
download: chat-3b4b79d99f8795a26c38b843ca822f38e27ddc23.tar.gz
chat-3b4b79d99f8795a26c38b843ca822f38e27ddc23.tar.bz2
chat-3b4b79d99f8795a26c38b843ca822f38e27ddc23.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/api/user.go b/api/user.go
index 2d7dd9ab1..78f8768a4 100644
--- a/api/user.go
+++ b/api/user.go
@@ -991,7 +991,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	if model.IsInRole(new_roles, model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() {
-		c.Err = model.NewAppError("updateRoles", "The system_admin role can only be set by another system admin", "")
+		c.Err = model.NewAppError("updateRoles", "The system admin role can only be set by another system admin", "")
 		c.Err.StatusCode = http.StatusForbidden
 		return
 	}
@@ -1014,6 +1014,12 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if user.IsInRole(model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() {
+		c.Err = model.NewAppError("updateRoles", "The system admin role can only by modified by another system admin", "")
+		c.Err.StatusCode = http.StatusForbidden
+		return
+	}
+
 	ruser := UpdateRoles(c, user, new_roles)
 	if c.Err != nil {
 		return
author	=Corey Hulen <corey@hulen.com>	2015-10-06 10:50:38 -0700
committer	=Corey Hulen <corey@hulen.com>	2015-10-06 10:50:38 -0700
commit	3b4b79d99f8795a26c38b843ca822f38e27ddc23 (patch)
tree	d41300c2eec8dbaa7d02ec41695c78b83866461d /api/user.go
parent	3d4220ce5ffc34186ef8f9e0f031507cd91b10fa (diff)
download	chat-3b4b79d99f8795a26c38b843ca822f38e27ddc23.tar.gz chat-3b4b79d99f8795a26c38b843ca822f38e27ddc23.tar.bz2 chat-3b4b79d99f8795a26c38b843ca822f38e27ddc23.zip