summaryrefslogtreecommitdiffstats
path: root/api/authorization.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/authorization.go')
-rw-r--r--api/authorization.go188
1 files changed, 0 insertions, 188 deletions
diff --git a/api/authorization.go b/api/authorization.go
deleted file mode 100644
index ac50d45ff..000000000
--- a/api/authorization.go
+++ /dev/null
@@ -1,188 +0,0 @@
-// Copyright (c) 2016 Mattermost, Inc. All Rights Reserved.
-// See License.txt for license information.
-
-package api
-
-import (
- "net/http"
- "strings"
-
- l4g "github.com/alecthomas/log4go"
- "github.com/mattermost/platform/app"
- "github.com/mattermost/platform/model"
-)
-
-func HasPermissionToContext(c *Context, permission *model.Permission) bool {
- userRoles := c.Session.GetUserRoles()
- if !CheckIfRolesGrantPermission(userRoles, permission.Id) {
- c.Err = model.NewLocAppError("HasPermissionToContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+c.TeamId+" permission="+permission.Id+" "+model.RoleIdsToString(userRoles))
- c.Err.StatusCode = http.StatusForbidden
- return false
- }
-
- return true
-}
-
-func HasPermissionTo(user *model.User, permission *model.Permission) bool {
- roles := user.GetRoles()
-
- return CheckIfRolesGrantPermission(roles, permission.Id)
-}
-
-func HasPermissionToCurrentTeamContext(c *Context, permission *model.Permission) bool {
- return HasPermissionToTeamContext(c, c.TeamId, permission)
-}
-
-func HasPermissionToTeamContext(c *Context, teamId string, permission *model.Permission) bool {
- teamMember := c.Session.GetTeamByTeamId(teamId)
- if teamMember != nil {
- roles := teamMember.GetRoles()
-
- if CheckIfRolesGrantPermission(roles, permission.Id) {
- return true
- }
- }
-
- if HasPermissionToContext(c, permission) {
- return true
- }
-
- c.Err = model.NewLocAppError("HasPermissionToTeamContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+c.TeamId+" permission="+permission.Id)
- c.Err.StatusCode = http.StatusForbidden
- return false
-}
-
-func HasPermissionToTeam(user *model.User, teamMember *model.TeamMember, permission *model.Permission) bool {
- if teamMember == nil {
- return false
- }
-
- roles := teamMember.GetRoles()
-
- if CheckIfRolesGrantPermission(roles, permission.Id) {
- return true
- }
-
- return HasPermissionTo(user, permission)
-}
-
-func HasPermissionToChannelContext(c *Context, channelId string, permission *model.Permission) bool {
- cmc := app.Srv.Store.Channel().GetAllChannelMembersForUser(c.Session.UserId, true)
-
- var channelRoles []string
- if cmcresult := <-cmc; cmcresult.Err == nil {
- ids := cmcresult.Data.(map[string]string)
- if roles, ok := ids[channelId]; ok {
- channelRoles = strings.Fields(roles)
- if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
- return true
- }
- }
- }
-
- cc := app.Srv.Store.Channel().Get(channelId, true)
- if ccresult := <-cc; ccresult.Err == nil {
- channel := ccresult.Data.(*model.Channel)
-
- if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
- roles := teamMember.GetRoles()
-
- if CheckIfRolesGrantPermission(roles, permission.Id) {
- return true
- }
- }
-
- }
-
- if HasPermissionToContext(c, permission) {
- return true
- }
-
- c.Err = model.NewLocAppError("HasPermissionToChannelContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
- c.Err.StatusCode = http.StatusForbidden
- return false
-}
-
-func HasPermissionToChannel(user *model.User, teamMember *model.TeamMember, channelMember *model.ChannelMember, permission *model.Permission) bool {
- if channelMember == nil {
- return false
- }
-
- roles := channelMember.GetRoles()
-
- if CheckIfRolesGrantPermission(roles, permission.Id) {
- return true
- }
-
- return HasPermissionToTeam(user, teamMember, permission)
-}
-
-func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool {
- cmc := app.Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId)
-
- var channelRoles []string
- if cmcresult := <-cmc; cmcresult.Err == nil {
- channelMember := cmcresult.Data.(*model.ChannelMember)
- channelRoles = channelMember.GetRoles()
-
- if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
- return true
- }
- }
-
- cc := app.Srv.Store.Channel().GetForPost(postId)
- if ccresult := <-cc; ccresult.Err == nil {
- channel := ccresult.Data.(*model.Channel)
-
- if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
- roles := teamMember.GetRoles()
-
- if CheckIfRolesGrantPermission(roles, permission.Id) {
- return true
- }
- }
-
- }
-
- if HasPermissionToContext(c, permission) {
- return true
- }
-
- c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
- c.Err.StatusCode = http.StatusForbidden
- return false
-}
-
-func HasPermissionToUser(c *Context, userId string) bool {
- // You are the user (users autmaticly have permissions to themselves)
- if c.Session.UserId == userId {
- return true
- }
-
- // You have permission
- if HasPermissionToContext(c, model.PERMISSION_EDIT_OTHER_USERS) {
- return true
- }
-
- c.Err = model.NewLocAppError("HasPermissionToUser", "api.context.permissions.app_error", nil, "userId="+userId)
- c.Err.StatusCode = http.StatusForbidden
- return false
-}
-
-func CheckIfRolesGrantPermission(roles []string, permissionId string) bool {
- for _, roleId := range roles {
- if role, ok := model.BuiltInRoles[roleId]; !ok {
- l4g.Debug("Bad role in system " + roleId)
- return false
- } else {
- permissions := role.Permissions
- for _, permission := range permissions {
- if permission == permissionId {
- return true
- }
- }
- }
- }
-
- return false
-}