From 8f8a978e84ec8bbeac22928e6112bc697fa7176d Mon Sep 17 00:00:00 2001
From: Saturnino Abril <saturnino.abril@gmail.com>
Date: Wed, 5 Jul 2017 06:32:27 +0800
Subject: [PLT-6838] Restrict channel delete option per permission policy even
 for last channel member (#6706)

* channel delete option is hidden from the menu unless there is appropriate permissions as set in the policy page

* apply to public channel only and add restriction to API layer

* updated channel deletion
---
 api4/channel.go | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

(limited to 'api4/channel.go')

diff --git a/api4/channel.go b/api4/channel.go
index 26892bf2f..604c47464 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -428,7 +428,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page * c.Params.PerPage, c.Params.PerPage); err != nil {
+	if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil {
 		c.Err = err
 		return
 	} else {
@@ -540,17 +540,15 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Allow delete if user is the only member left in channel
-	if memberCount > 1 {
-		if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
-			c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
-			return
-		}
+	if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
+		return
+	}
 
-		if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
-			c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
-			return
-		}
+	// Allow delete if there's only one member left in a private channel
+	if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
+		return
 	}
 
 	err = app.DeleteChannel(channel, c.Session.UserId)
-- 
cgit v1.2.3-1-g7c22