MM-11172: Don't allow reacting in read-only town square. (#9106)

1 files changed, 38 insertions, 0 deletions

diff --git a/app/reaction.go b/app/reaction.go
index db00ce2ad..082d28f0d 100644
--- a/app/reaction.go
+++ b/app/reaction.go
@@ -4,6 +4,8 @@
 package app
 
 import (
+	"net/http"
+
 	"github.com/mattermost/mattermost-server/model"
 )
 
@@ -13,6 +15,24 @@ func (a *App) SaveReactionForPost(reaction *model.Reaction) (*model.Reaction, *m
 		return nil, err
 	}
 
+	if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly {
+		var channel *model.Channel
+		if channel, err = a.GetChannel(post.ChannelId); err != nil {
+			return nil, err
+		}
+
+		if channel.Name == model.DEFAULT_CHANNEL {
+			var user *model.User
+			if user, err = a.GetUser(reaction.UserId); err != nil {
+				return nil, err
+			}
+
+			if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
+				return nil, model.NewAppError("saveReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden)
+			}
+		}
+	}
+
 	if result := <-a.Srv.Store.Reaction().Save(reaction); result.Err != nil {
 		return nil, result.Err
 	} else {
@@ -40,6 +60,24 @@ func (a *App) DeleteReactionForPost(reaction *model.Reaction) *model.AppError {
 		return err
 	}
 
+	if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly {
+		var channel *model.Channel
+		if channel, err = a.GetChannel(post.ChannelId); err != nil {
+			return err
+		}
+
+		if channel.Name == model.DEFAULT_CHANNEL {
+			var user *model.User
+			if user, err = a.GetUser(reaction.UserId); err != nil {
+				return err
+			}
+
+			if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
+				return model.NewAppError("deleteReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden)
+			}
+		}
+	}
+
 	hasReactions := true
 	if reactions, _ := a.GetReactionsForPost(post.Id); len(reactions) <= 1 {
 		hasReactions = false