From f0c672e3ad64f0daf023d9ef70de940b3354e133 Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Mon, 22 Aug 2016 20:08:09 -0400
Subject: Changed /teams/all api to only return teams the current user is a
 member of if they're not an admin (#3853)

---
 api/team.go | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'api/team.go')

diff --git a/api/team.go b/api/team.go
index 7f84f8263..834d722ce 100644
--- a/api/team.go
+++ b/api/team.go
@@ -17,6 +17,7 @@ import (
 	"github.com/gorilla/mux"
 
 	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 )
 
@@ -410,8 +411,17 @@ func GetAllTeamListings(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// Gets all teams which the current user can has access to. If the user is a System Admin, this will be all teams
+// on the server. Otherwise, it will only be the teams of which the user is a member.
 func getAll(c *Context, w http.ResponseWriter, r *http.Request) {
-	if result := <-Srv.Store.Team().GetAll(); result.Err != nil {
+	var tchan store.StoreChannel
+	if c.IsSystemAdmin() {
+		tchan = Srv.Store.Team().GetAll()
+	} else {
+		tchan = Srv.Store.Team().GetTeamsByUserId(c.Session.UserId)
+	}
+
+	if result := <-tchan; result.Err != nil {
 		c.Err = result.Err
 		return
 	} else {
@@ -419,9 +429,6 @@ func getAll(c *Context, w http.ResponseWriter, r *http.Request) {
 		m := make(map[string]*model.Team)
 		for _, v := range teams {
 			m[v.Id] = v
-			if !c.IsSystemAdmin() {
-				m[v.Id].SanitizeForNotLoggedIn()
-			}
 		}
 
 		w.Write([]byte(model.TeamMapToJson(m)))
-- 
cgit v1.2.3-1-g7c22