diff options
author | Christopher Speller <crspeller@gmail.com> | 2015-10-07 08:30:57 -0400 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2015-10-07 08:30:57 -0400 |
commit | cf9ce772c2d27e6d0c848d47c6bdb7aaa626abb4 (patch) | |
tree | 535c0d674dd9d00c1586af15ac4667483274dfcc /api/user.go | |
parent | 2cd546370fe633c2b323dba510c2d0ee8a2a1788 (diff) | |
parent | 3b4b79d99f8795a26c38b843ca822f38e27ddc23 (diff) | |
download | chat-cf9ce772c2d27e6d0c848d47c6bdb7aaa626abb4.tar.gz chat-cf9ce772c2d27e6d0c848d47c6bdb7aaa626abb4.tar.bz2 chat-cf9ce772c2d27e6d0c848d47c6bdb7aaa626abb4.zip |
Merge pull request #947 from mattermost/PLT-435
PLT-435 adding ability to demote system admin
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/api/user.go b/api/user.go index 2d7dd9ab1..78f8768a4 100644 --- a/api/user.go +++ b/api/user.go @@ -991,7 +991,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { } if model.IsInRole(new_roles, model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() { - c.Err = model.NewAppError("updateRoles", "The system_admin role can only be set by another system admin", "") + c.Err = model.NewAppError("updateRoles", "The system admin role can only be set by another system admin", "") c.Err.StatusCode = http.StatusForbidden return } @@ -1014,6 +1014,12 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } + if user.IsInRole(model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() { + c.Err = model.NewAppError("updateRoles", "The system admin role can only by modified by another system admin", "") + c.Err.StatusCode = http.StatusForbidden + return + } + ruser := UpdateRoles(c, user, new_roles) if c.Err != nil { return |