diff options
| author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-07-05 06:32:27 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-05 06:32:27 +0800 |
| commit | 8f8a978e84ec8bbeac22928e6112bc697fa7176d (patch) | |
| tree | a82993cfcd1aab059554feeeb1a6256d4640eab4 /api4/channel.go | |
| parent | 6d6ed309b9b7f2b77cd013583990c6eb88f18aff (diff) | |
| download | chat-8f8a978e84ec8bbeac22928e6112bc697fa7176d.tar.gz chat-8f8a978e84ec8bbeac22928e6112bc697fa7176d.tar.bz2 chat-8f8a978e84ec8bbeac22928e6112bc697fa7176d.zip | |
[PLT-6838] Restrict channel delete option per permission policy even for last channel member (#6706)
* channel delete option is hidden from the menu unless there is appropriate permissions as set in the policy page
* apply to public channel only and add restriction to API layer
* updated channel deletion
Diffstat (limited to 'api4/channel.go')
| -rw-r--r-- | api4/channel.go | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/api4/channel.go b/api4/channel.go index 26892bf2f..604c47464 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -428,7 +428,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques return } - if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page * c.Params.PerPage, c.Params.PerPage); err != nil { + if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { c.Err = err return } else { @@ -540,17 +540,15 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - // Allow delete if user is the only member left in channel - if memberCount > 1 { - if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { - c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) - return - } + if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) + return + } - if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { - c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) - return - } + // Allow delete if there's only one member left in a private channel + if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { + c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) + return } err = app.DeleteChannel(channel, c.Session.UserId) |