From 1e7985a87a72bea9a308cf1506dacc828c6e2e1c Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Tue, 13 Sep 2016 12:42:48 -0400 Subject: Modifying permissions system. (#3897) --- api/oauth.go | 54 +++++++++++++++++------------------------------------- 1 file changed, 17 insertions(+), 37 deletions(-) (limited to 'api/oauth.go') diff --git a/api/oauth.go b/api/oauth.go index b1c7675ff..18a9979f6 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -53,12 +53,10 @@ func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { - if !c.IsSystemAdmin() { - c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden - return - } + if !HasPermissionToContext(c, model.PERMISSION_MANAGE_OAUTH) { + c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "") + c.Err.StatusCode = http.StatusForbidden + return } app := model.OAuthAppFromJson(r.Body) @@ -94,18 +92,14 @@ func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) { return } - isSystemAdmin := c.IsSystemAdmin() - - if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { - if !isSystemAdmin { - c.Err = model.NewLocAppError("getOAuthAppsByUser", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden - return - } + if !HasPermissionToContext(c, model.PERMISSION_MANAGE_OAUTH) { + c.Err = model.NewLocAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "") + c.Err.StatusCode = http.StatusForbidden + return } var ochan store.StoreChannel - if isSystemAdmin { + if HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { ochan = Srv.Store.OAuth().GetApps() } else { ochan = Srv.Store.OAuth().GetAppByUser(c.Session.UserId) @@ -872,14 +866,10 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - isSystemAdmin := c.IsSystemAdmin() - - if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { - if !isSystemAdmin { - c.Err = model.NewLocAppError("deleteOAuthApp", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden - return - } + if !HasPermissionToContext(c, model.PERMISSION_MANAGE_OAUTH) { + c.Err = model.NewLocAppError("deleteOAuthApp", "api.command.admin_only.app_error", nil, "") + c.Err.StatusCode = http.StatusForbidden + return } c.LogAudit("attempt") @@ -896,7 +886,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = result.Err return } else { - if c.Session.UserId != result.Data.(*model.OAuthApp).CreatorId && !isSystemAdmin { + if c.Session.UserId != result.Data.(*model.OAuthApp).CreatorId && !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { c.LogAudit("fail - inappropriate permissions") c.Err = model.NewLocAppError("deleteOAuthApp", "api.oauth.delete.permissions.app_error", nil, "user_id="+c.Session.UserId) return @@ -964,16 +954,6 @@ func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) { return } - isSystemAdmin := c.IsSystemAdmin() - - if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { - if !isSystemAdmin { - c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "") - c.Err.StatusCode = http.StatusForbidden - return - } - } - params := mux.Vars(r) id := params["id"] @@ -989,9 +969,9 @@ func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) { } else { app = result.Data.(*model.OAuthApp) - //validate that is a System Admin or the same user that registered the app - if !isSystemAdmin && app.CreatorId != c.Session.UserId { - c.Err = model.NewLocAppError("regenerateOAuthSecret", "api.oauth.regenerate_secret.app_error", nil, "") + if app.CreatorId != c.Session.UserId && !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "") + c.Err.StatusCode = http.StatusForbidden return } -- cgit v1.2.3-1-g7c22