From d38328976e2c8bb0fab91e656042a0d8ac37bc76 Mon Sep 17 00:00:00 2001
From: JoramWilander <jwawilander@gmail.com>
Date: Wed, 6 Sep 2017 16:24:34 -0400
Subject: Various patches

---
 api/general.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'api/general.go')

diff --git a/api/general.go b/api/general.go
index 16a739704..ceb0b209f 100644
--- a/api/general.go
+++ b/api/general.go
@@ -10,6 +10,7 @@ import (
 
 	l4g "github.com/alecthomas/log4go"
 
+	"github.com/mattermost/platform/app"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/utils"
 )
@@ -30,7 +31,14 @@ func logClient(c *Context, w http.ResponseWriter, r *http.Request) {
 	forceToDebug := false
 
 	if !*utils.Cfg.ServiceSettings.EnableDeveloper {
-		forceToDebug = true
+		if c.Session.UserId == "" {
+			c.Err = model.NewAppError("Permissions", "api.context.permissions.app_error", nil, "", http.StatusForbidden)
+			return
+		}
+
+		if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+			forceToDebug = true
+		}
 	}
 
 	m := model.MapFromJson(r.Body)
-- 
cgit v1.2.3-1-g7c22