diff options
author | Joram Wilander <jwawilander@gmail.com> | 2018-04-20 08:44:18 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-20 08:44:18 -0400 |
commit | 283f34b9c6d207f0a103e7b4c7f6da2c7481c3ef (patch) | |
tree | 9a9d0dfb9f536d37e9817e3407c32e7ec0c11cdf /app/web_conn.go | |
parent | 7987c95fcd7f7a9e6d4d174be403bf170f7b9115 (diff) | |
download | chat-283f34b9c6d207f0a103e7b4c7f6da2c7481c3ef.tar.gz chat-283f34b9c6d207f0a103e7b4c7f6da2c7481c3ef.tar.bz2 chat-283f34b9c6d207f0a103e7b4c7f6da2c7481c3ef.zip |
MM-10007 Send an admin and regular WS events when a user is updated (#8588)
* Add user.DeepCopy() function
* Add omit admins/non-admins to WS broadcast and use for updating users
* Updates per feedback and adding unit test for ShouldSendEvent
Diffstat (limited to 'app/web_conn.go')
-rw-r--r-- | app/web_conn.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/app/web_conn.go b/app/web_conn.go index 33c285af3..9ae5505b2 100644 --- a/app/web_conn.go +++ b/app/web_conn.go @@ -287,6 +287,28 @@ func (webCon *WebConn) ShouldSendEvent(msg *model.WebSocketEvent) bool { return false } + // If the event contains sanitized data, only send to users that don't have permission to + // see sensitive data. Prevents admin clients from receiving events with bad data + var hasReadPrivateDataPermission *bool + if msg.Broadcast.ContainsSanitizedData { + hasReadPrivateDataPermission = model.NewBool(webCon.App.RolesGrantPermission(webCon.GetSession().GetUserRoles(), model.PERMISSION_MANAGE_SYSTEM.Id)) + + if *hasReadPrivateDataPermission { + return false + } + } + + // If the event contains sensitive data, only send to users with permission to see it + if msg.Broadcast.ContainsSensitiveData { + if hasReadPrivateDataPermission == nil { + hasReadPrivateDataPermission = model.NewBool(webCon.App.RolesGrantPermission(webCon.GetSession().GetUserRoles(), model.PERMISSION_MANAGE_SYSTEM.Id)) + } + + if !*hasReadPrivateDataPermission { + return false + } + } + // If the event is destined to a specific user if len(msg.Broadcast.UserId) > 0 { if webCon.UserId == msg.Broadcast.UserId { |