diff options
author | Martin Kraft <martinkraft@gmail.com> | 2018-05-16 14:45:46 -0400 |
---|---|---|
committer | Martin Kraft <martinkraft@gmail.com> | 2018-05-16 14:45:46 -0400 |
commit | f1a830ce9aea87fbeab7e54a6b2b56423e5fed45 (patch) | |
tree | 613bb2cb29cca3016d6b6ac75602aad26303f4f7 /app/command_invite.go | |
parent | 16bbbc2abca7c2e5dc2e6876da0dba2bae9eed04 (diff) | |
parent | 02f8c18f40cd0e973e4c75b751e8fcbbbd019728 (diff) | |
download | chat-f1a830ce9aea87fbeab7e54a6b2b56423e5fed45.tar.gz chat-f1a830ce9aea87fbeab7e54a6b2b56423e5fed45.tar.bz2 chat-f1a830ce9aea87fbeab7e54a6b2b56423e5fed45.zip |
Merge remote-tracking branch 'origin/master' into advanced-permissions-phase-2
Diffstat (limited to 'app/command_invite.go')
-rw-r--r-- | app/command_invite.go | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/command_invite.go b/app/command_invite.go index 4b76c0c45..54cf2da02 100644 --- a/app/command_invite.go +++ b/app/command_invite.go @@ -79,10 +79,18 @@ func (me *InviteProvider) DoCommand(a *App, args *model.CommandArgs, message str return &model.CommandResponse{Text: args.T("api.command_invite.permission.app_error", map[string]interface{}{"User": userProfile.Username, "Channel": channelToJoin.Name}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} } - if channelToJoin.Type == model.CHANNEL_PRIVATE && !a.SessionHasPermissionToChannel(args.Session, channelToJoin.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { + // Check if the user who wants to add another is trying to add in a pvt channel, but does not have permission + // but is in the channel + _, err = a.GetChannelMember(channelToJoin.Id, args.UserId) + if channelToJoin.Type == model.CHANNEL_PRIVATE && !a.SessionHasPermissionToChannel(args.Session, channelToJoin.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) && err == nil { return &model.CommandResponse{Text: args.T("api.command_invite.permission.app_error", map[string]interface{}{"User": userProfile.Username, "Channel": channelToJoin.Name}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} } + // In this case just check if is a pvt channel and user has permission + if channelToJoin.Type == model.CHANNEL_PRIVATE && !a.SessionHasPermissionToChannel(args.Session, channelToJoin.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { + return &model.CommandResponse{Text: args.T("api.command_invite.private_channel.app_error", map[string]interface{}{"Channel": channelToJoin.Name}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + } + // Check if user is already in the channel _, err = a.GetChannelMember(channelToJoin.Id, userProfile.Id) if err == nil { |