summaryrefslogtreecommitdiffstats
path: root/api/context.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/context.go')
-rw-r--r--api/context.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/api/context.go b/api/context.go
index aaf304e2c..d97295e5e 100644
--- a/api/context.go
+++ b/api/context.go
@@ -106,6 +106,9 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if !h.isApi {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Content-Security-Policy", "frame-ancestors none")
+ } else {
+ // All api response bodies will be JSON formatted
+ w.Header().Set("Content-Type", "application/json")
}
sessionId := ""
@@ -285,7 +288,8 @@ func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) b
}
func (c *Context) IsSystemAdmin() bool {
- if strings.Contains(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) && IsPrivateIpAddress(c.IpAddress) {
+ // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress)
+ if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) {
return true
}
return false
@@ -297,7 +301,7 @@ func (c *Context) IsTeamAdmin(userId string) bool {
return false
} else {
user := uresult.Data.(*model.User)
- return strings.Contains(c.Session.Roles, model.ROLE_ADMIN) && user.TeamId == c.Session.TeamId
+ return model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && user.TeamId == c.Session.TeamId
}
}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-18 01:18:20 +0000