#MM-12130 Added permission check for createServiceTerms API (#9556)

* #MM-12130 changes for custom service terms

* Fixed styling

* Added getServiceTerms API

* removed unnecessary panic

* removed custom service terms text from flat config

* reverted user sql store as those changes are no longer needed

* added tests

* Updated a config key to be more standard

* Added copyright info

* Loading service terms only if the feature is enabled

* Loading service terms only if the feature is enabled

* removed unused index

* added createservice termns API

* made a param to bool instead of string

* added createservice termns API

* review fixes

* fixed styling

* Minor refactoring

* removed saveConfig and loadConfig magic

* added empty service terms text check to createServiceTerms API

* refactoed some urls to be terms_of_service instead of service_terms

* removed check for support settings

* changed URLs in tests

* removed unused code

* fixed a bug

* added service termd id in conif

* fixed a test

* review fixes

* minor fixes

* Fixed TestCreateServiceTerms

* Fix incorrect key in en.json and changes some translations from service terms to terms of service

* Improved translated messages

* Added permission check in createServiceTerms API

2 files changed, 18 insertions, 4 deletions

diff --git a/api4/service_terms.go b/api4/service_terms.go
index 549bad0a1..ff953102d 100644
--- a/api4/service_terms.go
+++ b/api4/service_terms.go
@@ -25,6 +25,11 @@ func getServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func createServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
 	if license := c.App.License(); license == nil || !*license.Features.CustomTermsOfService {
 		c.Err = model.NewAppError("createServiceTerms", "api.create_service_terms.custom_service_terms_disabled.app_error", nil, "", http.StatusBadRequest)
 		return
diff --git a/api4/service_terms_test.go b/api4/service_terms_test.go
index 693388376..607c104a6 100644
--- a/api4/service_terms_test.go
+++ b/api4/service_terms_test.go
@@ -30,15 +30,24 @@ func TestCreateServiceTerms(t *testing.T) {
 	defer th.TearDown()
 	Client := th.Client
 
-	serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id)
+	_, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id)
+	CheckErrorMessage(t, resp, "api.context.permissions.app_error")
+}
+
+func TestCreateServiceTermsAdminUser(t *testing.T) {
+	th := Setup().InitSystemAdmin()
+	defer th.TearDown()
+	Client := th.SystemAdminClient
+
+	serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.SystemAdminUser.Id)
 	CheckErrorMessage(t, resp, "api.create_service_terms.custom_service_terms_disabled.app_error")
 
 	th.App.SetLicense(model.NewTestLicense("EnableCustomServiceTerms"))
 
-	serviceTerms, resp = Client.CreateServiceTerms("service terms new", th.BasicUser.Id)
+	serviceTerms, resp = Client.CreateServiceTerms("service terms new_2", th.SystemAdminUser.Id)
 	CheckNoError(t, resp)
 	assert.NotEmpty(t, serviceTerms.Id)
 	assert.NotEmpty(t, serviceTerms.CreateAt)
-	assert.Equal(t, "service terms new", serviceTerms.Text)
-	assert.Equal(t, th.BasicUser.Id, serviceTerms.UserId)
+	assert.Equal(t, "service terms new_2", serviceTerms.Text)
+	assert.Equal(t, th.SystemAdminUser.Id, serviceTerms.UserId)
 }