diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-07-31 12:59:32 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-31 12:59:32 -0400 |
| commit | 59992ae4a4638006ec1489dd834151b258c1728c (patch) | |
| tree | 8bc5c0fa8f6a4d6a40026c965bd865c1110af838 /api | |
| parent | ed62660e96528920b0ecb8c755265c6c8d2756c4 (diff) | |
| download | chat-59992ae4a4638006ec1489dd834151b258c1728c.tar.gz chat-59992ae4a4638006ec1489dd834151b258c1728c.tar.bz2 chat-59992ae4a4638006ec1489dd834151b258c1728c.zip | |
PLT-6763 Implement user access tokens and new roles (server-side) (#6972)
* Implement user access tokens and new roles
* Update config.json
* Add public post permission to apiv3
* Remove old comment
* Fix model unit test
* Updates to store per feedback
* Updates per feedback from CS
Diffstat (limited to 'api')
| -rw-r--r-- | api/context.go | 8 | ||||
| -rw-r--r-- | api/post.go | 12 |
2 files changed, 17 insertions, 3 deletions
diff --git a/api/context.go b/api/context.go index 09cb1e583..d0036d077 100644 --- a/api/context.go +++ b/api/context.go @@ -308,9 +308,13 @@ func (c *Context) LogDebug(err *model.AppError) { } func (c *Context) UserRequired() { + if !*utils.Cfg.ServiceSettings.EnableUserAccessTokens && c.Session.Props[model.SESSION_PROP_TYPE] == model.SESSION_TYPE_USER_ACCESS_TOKEN { + c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "UserAccessToken", http.StatusUnauthorized) + return + } + if len(c.Session.UserId) == 0 { - c.Err = model.NewLocAppError("", "api.context.session_expired.app_error", nil, "UserRequired") - c.Err.StatusCode = http.StatusUnauthorized + c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "UserRequired", http.StatusUnauthorized) return } } diff --git a/api/post.go b/api/post.go index 192b01bd5..367696ec1 100644 --- a/api/post.go +++ b/api/post.go @@ -51,7 +51,17 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { post.UserId = c.Session.UserId - if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) { + hasPermission := false + if app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) { + hasPermission = true + } else if channel, err := app.GetChannel(post.ChannelId); err == nil { + // Temporary permission check method until advanced permissions, please do not copy + if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) { + hasPermission = true + } + } + + if !hasPermission { c.SetPermissionError(model.PERMISSION_CREATE_POST) return } |