From 98131a293a1a7013a717789317fa18e6f190abdb Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Tue, 1 Nov 2016 13:23:26 -0400 Subject: Fixing joining of channels via permalinks for system admins. (#4409) --- api/post.go | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'api/post.go') diff --git a/api/post.go b/api/post.go index 35159693a..1a30dca14 100644 --- a/api/post.go +++ b/api/post.go @@ -1329,16 +1329,15 @@ func getPermalinkTmp(c *Context, w http.ResponseWriter, r *http.Request) { } post := list.Posts[list.Order[0]] - if !HasPermissionToChannelContext(c, post.ChannelId, model.PERMISSION_READ_CHANNEL) { - // If we don't have permissions attempt to join the channel to fix the problem - if err, _ := JoinChannelById(c, c.Session.UserId, post.ChannelId); err != nil { - // On error just return with permissions error - c.Err = err - return - } else { - // If we sucessfully joined the channel then clear the permissions error and continue - c.Err = nil - } + // Because we confuse permissions and membership in Mattermost's model, we have to just + // try to join the channel without checking if we already have permission to it. This is + // because system admins have permissions to every channel but are not nessisary a member + // of every channel. If we checked here then system admins would skip joining the channel and + // error when they tried to view it. + if err, _ := JoinChannelById(c, c.Session.UserId, post.ChannelId); err != nil { + // On error just return with permissions error + c.Err = err + return } if HandleEtag(list.Etag(), w, r) { -- cgit v1.2.3-1-g7c22