diff options
Diffstat (limited to 'api/channel.go')
-rw-r--r-- | api/channel.go | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/api/channel.go b/api/channel.go index b63e44017..9d36dd2eb 100644 --- a/api/channel.go +++ b/api/channel.go @@ -188,6 +188,7 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(channel.Id) cmc := Srv.Store.Channel().GetMember(channel.Id, c.Session.UserId) + tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) if cresult := <-sc; cresult.Err != nil { c.Err = cresult.Err @@ -195,14 +196,19 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if cmcresult := <-cmc; cmcresult.Err != nil { c.Err = cmcresult.Err return + } else if tmcresult := <-tmc; cmcresult.Err != nil { + c.Err = tmcresult.Err + return } else { oldChannel := cresult.Data.(*model.Channel) channelMember := cmcresult.Data.(model.ChannelMember) + teamMember := tmcresult.Data.(model.TeamMember) + if !c.HasPermissionsToTeam(oldChannel.TeamId, "updateChannel") { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { c.Err = model.NewLocAppError("updateChannel", "api.channel.update_channel.permission.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return @@ -576,6 +582,7 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(id) uc := Srv.Store.User().Get(c.Session.UserId) + ccm := Srv.Store.Channel().GetMemberCount(id) if cresult := <-sc; cresult.Err != nil { c.Err = cresult.Err @@ -583,9 +590,13 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) { } else if uresult := <-uc; uresult.Err != nil { c.Err = cresult.Err return + } else if ccmresult := <-ccm; ccmresult.Err != nil { + c.Err = ccmresult.Err + return } else { channel := cresult.Data.(*model.Channel) user := uresult.Data.(*model.User) + membersCount := ccmresult.Data.(int64) if !c.HasPermissionsToTeam(channel.TeamId, "leave") { return @@ -597,6 +608,12 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) { return } + if channel.Type == model.CHANNEL_PRIVATE && membersCount == 1 { + c.Err = model.NewLocAppError("leave", "api.channel.leave.last_member.app_error", nil, "userId="+user.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } + if channel.Name == model.DEFAULT_CHANNEL { c.Err = model.NewLocAppError("leave", "api.channel.leave.default.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "") c.Err.StatusCode = http.StatusBadRequest @@ -625,6 +642,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(id) scm := Srv.Store.Channel().GetMember(id, c.Session.UserId) + tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) uc := Srv.Store.User().Get(c.Session.UserId) ihc := Srv.Store.Webhook().GetIncomingByChannel(id) ohc := Srv.Store.Webhook().GetOutgoingByChannel(id) @@ -638,6 +656,9 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if scmresult := <-scm; scmresult.Err != nil { c.Err = scmresult.Err return + } else if tmcresult := <-tmc; tmcresult.Err != nil { + c.Err = tmcresult.Err + return } else if ihcresult := <-ihc; ihcresult.Err != nil { c.Err = ihcresult.Err return @@ -648,6 +669,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { channel := cresult.Data.(*model.Channel) user := uresult.Data.(*model.User) channelMember := scmresult.Data.(model.ChannelMember) + teamMember := tmcresult.Data.(model.TeamMember) incomingHooks := ihcresult.Data.([]*model.IncomingWebhook) outgoingHooks := ohcresult.Data.([]*model.OutgoingWebhook) @@ -655,7 +677,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { c.Err = model.NewLocAppError("deleteChannel", "api.channel.delete_channel.permissions.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return |