From 1e7985a87a72bea9a308cf1506dacc828c6e2e1c Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Tue, 13 Sep 2016 12:42:48 -0400
Subject: Modifying permissions system. (#3897)

---
 api/file.go | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

(limited to 'api/file.go')

diff --git a/api/file.go b/api/file.go
index 113666270..dd99a8caf 100644
--- a/api/file.go
+++ b/api/file.go
@@ -103,8 +103,6 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
-
 	files := m.File["files"]
 
 	resStruct := &model.FileUploadResponse{
@@ -115,7 +113,7 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
 	imageNameList := []string{}
 	imageDataList := [][]byte{}
 
-	if !c.HasPermissionsToChannel(cchan, "uploadFile") {
+	if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_UPLOAD_FILE) {
 		return
 	}
 
@@ -318,7 +316,9 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
+	if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) {
+		return
+	}
 
 	path := "teams/" + c.TeamId + "/channels/" + channelId + "/users/" + userId + "/" + filename
 	var info *model.FileInfo
@@ -339,10 +339,6 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	if !c.HasPermissionsToChannel(cchan, "getFileInfo") {
-		return
-	}
-
 	w.Header().Set("Cache-Control", "max-age=2592000, public")
 
 	w.Write([]byte(info.ToJson()))
@@ -356,7 +352,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
 	userId := params["user_id"]
 	filename := params["filename"]
 
-	if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, c.Session.UserId), "getFile") {
+	if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_READ_CHANNEL) {
 		return
 	}
 
@@ -512,14 +508,12 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) {
 	userId := matches[0][2]
 	filename = matches[0][3]
 
-	cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
-
-	url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename)
-
-	if !c.HasPermissionsToChannel(cchan, "getPublicLink") {
+	if !HasPermissionToChannelContext(c, channelId, model.PERMISSION_GET_PUBLIC_LINK) {
 		return
 	}
 
+	url := generatePublicLink(c.GetSiteURL(), c.TeamId, channelId, userId, filename)
+
 	w.Write([]byte(model.StringToJson(url)))
 }
 
-- 
cgit v1.2.3-1-g7c22