summaryrefslogtreecommitdiffstats
path: root/api/post.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/post.go')
-rw-r--r--api/post.go23
1 files changed, 21 insertions, 2 deletions
diff --git a/api/post.go b/api/post.go
index bbdce78e8..0e3ad2aa5 100644
--- a/api/post.go
+++ b/api/post.go
@@ -91,6 +91,16 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
}
func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
+
+ if utils.IsLicensed {
+ if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_NEVER {
+ c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
+ c.T("api.post.update_post.permissions_denied.app_error"))
+ c.Err.StatusCode = http.StatusForbidden
+ return
+ }
+ }
+
post := model.PostFromJson(r.Body)
if post == nil {
@@ -135,6 +145,15 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err.StatusCode = http.StatusForbidden
return
}
+
+ if utils.IsLicensed {
+ if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_TIME_LIMIT && model.GetMillis() > oldPost.CreateAt+int64(*utils.Cfg.ServiceSettings.PostEditTimeLimit*1000) {
+ c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
+ c.T("api.post.update_post.permissions_time_limit.app_error", map[string]interface{}{"timeLimit": *utils.Cfg.ServiceSettings.PostEditTimeLimit}))
+ c.Err.StatusCode = http.StatusForbidden
+ return
+ }
+ }
}
newPost := &model.Post{}
@@ -402,7 +421,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_EDIT_POST) {
+ if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_DELETE_POST) {
return
}
@@ -426,7 +445,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if post.UserId != c.Session.UserId && !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_EDIT_OTHERS_POSTS) {
+ if post.UserId != c.Session.UserId && !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_DELETE_OTHERS_POSTS) {
c.Err = model.NewLocAppError("deletePost", "api.post.delete_post.permissions.app_error", nil, "")
c.Err.StatusCode = http.StatusForbidden
return
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-28 01:23:58 +0000