diff options
Diffstat (limited to 'api/post.go')
-rw-r--r-- | api/post.go | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/api/post.go b/api/post.go index bbdce78e8..0e3ad2aa5 100644 --- a/api/post.go +++ b/api/post.go @@ -91,6 +91,16 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { } func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { + + if utils.IsLicensed { + if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_NEVER { + c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, + c.T("api.post.update_post.permissions_denied.app_error")) + c.Err.StatusCode = http.StatusForbidden + return + } + } + post := model.PostFromJson(r.Body) if post == nil { @@ -135,6 +145,15 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { c.Err.StatusCode = http.StatusForbidden return } + + if utils.IsLicensed { + if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_TIME_LIMIT && model.GetMillis() > oldPost.CreateAt+int64(*utils.Cfg.ServiceSettings.PostEditTimeLimit*1000) { + c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, + c.T("api.post.update_post.permissions_time_limit.app_error", map[string]interface{}{"timeLimit": *utils.Cfg.ServiceSettings.PostEditTimeLimit})) + c.Err.StatusCode = http.StatusForbidden + return + } + } } newPost := &model.Post{} @@ -402,7 +421,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_EDIT_POST) { + if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_DELETE_POST) { return } @@ -426,7 +445,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId && !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_EDIT_OTHERS_POSTS) { + if post.UserId != c.Session.UserId && !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_DELETE_OTHERS_POSTS) { c.Err = model.NewLocAppError("deletePost", "api.post.delete_post.permissions.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return |