diff options
Diffstat (limited to 'api/context.go')
-rw-r--r-- | api/context.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/api/context.go b/api/context.go index aaf304e2c..d97295e5e 100644 --- a/api/context.go +++ b/api/context.go @@ -106,6 +106,9 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { if !h.isApi { w.Header().Set("X-Frame-Options", "DENY") w.Header().Set("Content-Security-Policy", "frame-ancestors none") + } else { + // All api response bodies will be JSON formatted + w.Header().Set("Content-Type", "application/json") } sessionId := "" @@ -285,7 +288,8 @@ func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) b } func (c *Context) IsSystemAdmin() bool { - if strings.Contains(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) && IsPrivateIpAddress(c.IpAddress) { + // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) + if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { return true } return false @@ -297,7 +301,7 @@ func (c *Context) IsTeamAdmin(userId string) bool { return false } else { user := uresult.Data.(*model.User) - return strings.Contains(c.Session.Roles, model.ROLE_ADMIN) && user.TeamId == c.Session.TeamId + return model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && user.TeamId == c.Session.TeamId } } |