diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-06-26 08:16:57 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-26 08:16:57 -0400 |
| commit | 23ccfc845ca2350075f6027e16c6206fc7b71716 (patch) | |
| tree | 3fd1f896a5a24b43913be03b21c85638dd7c356e /api4/post.go | |
| parent | fe7e9d95b30ae2195fcba68db960866db91ce045 (diff) | |
| download | chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.gz chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.bz2 chat-23ccfc845ca2350075f6027e16c6206fc7b71716.zip | |
Move remaining actions over to use redux and v4 endpoints (#6720)
Diffstat (limited to 'api4/post.go')
| -rw-r--r-- | api4/post.go | 58 |
1 files changed, 50 insertions, 8 deletions
diff --git a/api4/post.go b/api4/post.go index f8e4cc54b..7bfe5ad64 100644 --- a/api4/post.go +++ b/api4/post.go @@ -167,15 +167,32 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + var post *model.Post + var err *model.AppError + if post, err = app.GetSinglePost(c.Params.PostId); err != nil { + c.Err = err return } - if post, err := app.GetSinglePost(c.Params.PostId); err != nil { + var channel *model.Channel + if channel, err = app.GetChannel(post.ChannelId); err != nil { c.Err = err return - } else if HandleEtag(post.Etag(), "Get Post", w, r) { + } + + if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + if channel.Type == model.CHANNEL_OPEN { + if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) + return + } + } else { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + } + + if HandleEtag(post.Etag(), "Get Post", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag()) @@ -208,15 +225,40 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + var list *model.PostList + var err *model.AppError + if list, err = app.GetPostThread(c.Params.PostId); err != nil { + c.Err = err + return + } + + var post *model.Post + if val, ok := list.Posts[c.Params.PostId]; ok { + post = val + } else { + c.SetInvalidUrlParam("post_id") return } - if list, err := app.GetPostThread(c.Params.PostId); err != nil { + var channel *model.Channel + if channel, err = app.GetChannel(post.ChannelId); err != nil { c.Err = err return - } else if HandleEtag(list.Etag(), "Get Post Thread", w, r) { + } + + if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + if channel.Type == model.CHANNEL_OPEN { + if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) + return + } + } else { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + } + + if HandleEtag(list.Etag(), "Get Post Thread", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag()) |