diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-07-31 12:59:32 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-07-31 12:59:32 -0400 |
commit | 59992ae4a4638006ec1489dd834151b258c1728c (patch) | |
tree | 8bc5c0fa8f6a4d6a40026c965bd865c1110af838 /api4/post.go | |
parent | ed62660e96528920b0ecb8c755265c6c8d2756c4 (diff) | |
download | chat-59992ae4a4638006ec1489dd834151b258c1728c.tar.gz chat-59992ae4a4638006ec1489dd834151b258c1728c.tar.bz2 chat-59992ae4a4638006ec1489dd834151b258c1728c.zip |
PLT-6763 Implement user access tokens and new roles (server-side) (#6972)
* Implement user access tokens and new roles
* Update config.json
* Add public post permission to apiv3
* Remove old comment
* Fix model unit test
* Updates to store per feedback
* Updates per feedback from CS
Diffstat (limited to 'api4/post.go')
-rw-r--r-- | api4/post.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/api4/post.go b/api4/post.go index 3d0c681d1..deaad1e1c 100644 --- a/api4/post.go +++ b/api4/post.go @@ -40,7 +40,17 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { post.UserId = c.Session.UserId - if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) { + hasPermission := false + if app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) { + hasPermission = true + } else if channel, err := app.GetChannel(post.ChannelId); err == nil { + // Temporary permission check method until advanced permissions, please do not copy + if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) { + hasPermission = true + } + } + + if !hasPermission { c.SetPermissionError(model.PERMISSION_CREATE_POST) return } |