Merge release branch 'release-1.0.0'

author: Christopher Speller <crspeller@gmail.com> 2015-09-30 15:38:15 -0400
committer: Christopher Speller <crspeller@gmail.com> 2015-09-30 15:38:15 -0400
commit: 2d3ddfd467036935bc983cd77b4ab1243ac58cb6 (patch)
tree: ed74e719e3d14857808a2dae5c5a08ebc35ed18d /api
parent: 46f86e7076a1dec6717a959299a08289a5cc54ac (diff)
parent: ad92a90b02fdcea3846376747cedf8c81e5a2d22 (diff)
download: chat-2d3ddfd467036935bc983cd77b4ab1243ac58cb6.tar.gz
chat-2d3ddfd467036935bc983cd77b4ab1243ac58cb6.tar.bz2
chat-2d3ddfd467036935bc983cd77b4ab1243ac58cb6.zip
6 files changed, 22 insertions, 25 deletions
diff --git a/api/context.go b/api/context.go
index d90fbd9ee..02c3dc902 100644
--- a/api/context.go
+++ b/api/context.go
@@ -292,14 +292,6 @@ func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) b
 	return true
 }
 
-func (c *Context) IsSystemAdmin() bool {
-	// TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress)
-	if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) {
-		return true
-	}
-	return false
-}
-
 func (c *Context) HasSystemAdminPermissions(where string) bool {
 	if c.IsSystemAdmin() {
 		return true
@@ -310,14 +302,19 @@ func (c *Context) HasSystemAdminPermissions(where string) bool {
 	return false
 }
 
-func (c *Context) IsTeamAdmin(userId string) bool {
-	if uresult := <-Srv.Store.User().Get(userId); uresult.Err != nil {
-		c.Err = uresult.Err
-		return false
-	} else {
-		user := uresult.Data.(*model.User)
-		return model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && user.TeamId == c.Session.TeamId
+func (c *Context) IsSystemAdmin() bool {
+	// TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress)
+	if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) {
+		return true
+	}
+	return false
+}
+
+func (c *Context) IsTeamAdmin() bool {
+	if model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) || c.IsSystemAdmin() {
+		return true
 	}
+	return false
 }
 
 func (c *Context) RemoveSessionCookie(w http.ResponseWriter) {
diff --git a/api/file.go b/api/file.go
index be8fc5456..5dc1db650 100644
--- a/api/file.go
+++ b/api/file.go
@@ -488,7 +488,7 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func getExport(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) {
+	if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() {
 		c.Err = model.NewAppError("getExport", "Only a team admin can retrieve exported data.", "userId="+c.Session.UserId)
 		c.Err.StatusCode = http.StatusForbidden
 		return
diff --git a/api/post.go b/api/post.go
index 0379f6af5..2b683fb7d 100644
--- a/api/post.go
+++ b/api/post.go
@@ -633,7 +633,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
 
 		post := result.Data.(*model.PostList).Posts[postId]
 
-		if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin(post.UserId) {
+		if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin() {
 			return
 		}
 
@@ -648,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		if post.UserId != c.Session.UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
+		if post.UserId != c.Session.UserId && !c.IsTeamAdmin() {
 			c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "")
 			c.Err.StatusCode = http.StatusForbidden
 			return
diff --git a/api/team.go b/api/team.go
index fba4b41c6..8e5d634aa 100644
--- a/api/team.go
+++ b/api/team.go
@@ -509,7 +509,7 @@ func InviteMembers(c *Context, team *model.Team, user *model.User, invites []str
 			sender := user.GetDisplayName()
 
 			senderRole := ""
-			if model.IsInRole(user.Roles, model.ROLE_TEAM_ADMIN) || model.IsInRole(user.Roles, model.ROLE_SYSTEM_ADMIN) {
+			if c.IsTeamAdmin() {
 				senderRole = "administrator"
 			} else {
 				senderRole = "member"
@@ -569,7 +569,7 @@ func updateTeamDisplayName(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
+	if !c.IsTeamAdmin() {
 		c.Err = model.NewAppError("updateTeamDisplayName", "You do not have the appropriate permissions", "userId="+c.Session.UserId)
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -603,7 +603,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin(c.Session.UserId) {
+	if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin() {
 		c.Err = model.NewAppError("importTeam", "Only a team admin can import data.", "userId="+c.Session.UserId)
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -670,7 +670,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func exportTeam(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) {
+	if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() {
 		c.Err = model.NewAppError("exportTeam", "Only a team admin can export data.", "userId="+c.Session.UserId)
 		c.Err.StatusCode = http.StatusForbidden
 		return
diff --git a/api/user.go b/api/user.go
index e140bc8cf..ed3576a30 100644
--- a/api/user.go
+++ b/api/user.go
@@ -973,7 +973,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() {
+	if !c.IsTeamAdmin() {
 		c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id)
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -1070,7 +1070,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() {
+	if !c.IsTeamAdmin() {
 		c.Err = model.NewAppError("updateActive", "You do not have the appropriate permissions", "userId="+user_id)
 		c.Err.StatusCode = http.StatusForbidden
 		return
diff --git a/api/webhook.go b/api/webhook.go
index b67655ff5..e694b202c 100644
--- a/api/webhook.go
+++ b/api/webhook.go
@@ -86,7 +86,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
 		c.Err = result.Err
 		return
 	} else {
-		if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
+		if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !c.IsTeamAdmin() {
 			c.LogAudit("fail - inappropriate conditions")
 			c.Err = model.NewAppError("deleteIncomingHook", "Inappropriate permissions to delete incoming webhook", "user_id="+c.Session.UserId)
 			return
author	Christopher Speller <crspeller@gmail.com>	2015-09-30 15:38:15 -0400
committer	Christopher Speller <crspeller@gmail.com>	2015-09-30 15:38:15 -0400
commit	2d3ddfd467036935bc983cd77b4ab1243ac58cb6 (patch)
tree	ed74e719e3d14857808a2dae5c5a08ebc35ed18d /api
parent	46f86e7076a1dec6717a959299a08289a5cc54ac (diff)
parent	ad92a90b02fdcea3846376747cedf8c81e5a2d22 (diff)
download	chat-2d3ddfd467036935bc983cd77b4ab1243ac58cb6.tar.gz chat-2d3ddfd467036935bc983cd77b4ab1243ac58cb6.tar.bz2 chat-2d3ddfd467036935bc983cd77b4ab1243ac58cb6.zip