diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/context.go | 27 | ||||
-rw-r--r-- | api/file.go | 2 | ||||
-rw-r--r-- | api/post.go | 4 | ||||
-rw-r--r-- | api/team.go | 8 | ||||
-rw-r--r-- | api/user.go | 4 | ||||
-rw-r--r-- | api/webhook.go | 2 |
6 files changed, 22 insertions, 25 deletions
diff --git a/api/context.go b/api/context.go index d90fbd9ee..02c3dc902 100644 --- a/api/context.go +++ b/api/context.go @@ -292,14 +292,6 @@ func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) b return true } -func (c *Context) IsSystemAdmin() bool { - // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) - if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { - return true - } - return false -} - func (c *Context) HasSystemAdminPermissions(where string) bool { if c.IsSystemAdmin() { return true @@ -310,14 +302,19 @@ func (c *Context) HasSystemAdminPermissions(where string) bool { return false } -func (c *Context) IsTeamAdmin(userId string) bool { - if uresult := <-Srv.Store.User().Get(userId); uresult.Err != nil { - c.Err = uresult.Err - return false - } else { - user := uresult.Data.(*model.User) - return model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && user.TeamId == c.Session.TeamId +func (c *Context) IsSystemAdmin() bool { + // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) + if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { + return true + } + return false +} + +func (c *Context) IsTeamAdmin() bool { + if model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) || c.IsSystemAdmin() { + return true } + return false } func (c *Context) RemoveSessionCookie(w http.ResponseWriter) { diff --git a/api/file.go b/api/file.go index 1cb05e81b..5ed422811 100644 --- a/api/file.go +++ b/api/file.go @@ -507,7 +507,7 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) { } func getExport(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() { c.Err = model.NewAppError("getExport", "Only a team admin can retrieve exported data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/post.go b/api/post.go index 0379f6af5..2b683fb7d 100644 --- a/api/post.go +++ b/api/post.go @@ -633,7 +633,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { post := result.Data.(*model.PostList).Posts[postId] - if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin(post.UserId) { + if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin() { return } @@ -648,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if post.UserId != c.Session.UserId && !c.IsTeamAdmin() { c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/team.go b/api/team.go index 4794b66df..cff34390a 100644 --- a/api/team.go +++ b/api/team.go @@ -506,7 +506,7 @@ func InviteMembers(c *Context, team *model.Team, user *model.User, invites []str sender := user.GetDisplayName() senderRole := "" - if model.IsInRole(user.Roles, model.ROLE_TEAM_ADMIN) || model.IsInRole(user.Roles, model.ROLE_SYSTEM_ADMIN) { + if c.IsTeamAdmin() { senderRole = "administrator" } else { senderRole = "member" @@ -566,7 +566,7 @@ func updateTeamDisplayName(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateTeamDisplayName", "You do not have the appropriate permissions", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return @@ -600,7 +600,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) { } func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin() { c.Err = model.NewAppError("importTeam", "Only a team admin can import data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return @@ -667,7 +667,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { } func exportTeam(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() { c.Err = model.NewAppError("exportTeam", "Only a team admin can export data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/user.go b/api/user.go index 92a77e68a..a5c3fca2b 100644 --- a/api/user.go +++ b/api/user.go @@ -969,7 +969,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return @@ -1066,7 +1066,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateActive", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/webhook.go b/api/webhook.go index b67655ff5..e694b202c 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -86,7 +86,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = result.Err return } else { - if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !c.IsTeamAdmin() { c.LogAudit("fail - inappropriate conditions") c.Err = model.NewAppError("deleteIncomingHook", "Inappropriate permissions to delete incoming webhook", "user_id="+c.Session.UserId) return |