From 23ccfc845ca2350075f6027e16c6206fc7b71716 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 26 Jun 2017 08:16:57 -0400
Subject: Move remaining actions over to use redux and v4 endpoints (#6720)

---
 api4/post.go | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 50 insertions(+), 8 deletions(-)

(limited to 'api4/post.go')

diff --git a/api4/post.go b/api4/post.go
index f8e4cc54b..7bfe5ad64 100644
--- a/api4/post.go
+++ b/api4/post.go
@@ -167,15 +167,32 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+	var post *model.Post
+	var err *model.AppError
+	if post, err = app.GetSinglePost(c.Params.PostId); err != nil {
+		c.Err = err
 		return
 	}
 
-	if post, err := app.GetSinglePost(c.Params.PostId); err != nil {
+	var channel *model.Channel
+	if channel, err = app.GetChannel(post.ChannelId); err != nil {
 		c.Err = err
 		return
-	} else if HandleEtag(post.Etag(), "Get Post", w, r) {
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		if channel.Type == model.CHANNEL_OPEN {
+			if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+				c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
+				return
+			}
+		} else {
+			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+			return
+		}
+	}
+
+	if HandleEtag(post.Etag(), "Get Post", w, r) {
 		return
 	} else {
 		w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag())
@@ -208,15 +225,40 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+	var list *model.PostList
+	var err *model.AppError
+	if list, err = app.GetPostThread(c.Params.PostId); err != nil {
+		c.Err = err
+		return
+	}
+
+	var post *model.Post
+	if val, ok := list.Posts[c.Params.PostId]; ok {
+		post = val
+	} else {
+		c.SetInvalidUrlParam("post_id")
 		return
 	}
 
-	if list, err := app.GetPostThread(c.Params.PostId); err != nil {
+	var channel *model.Channel
+	if channel, err = app.GetChannel(post.ChannelId); err != nil {
 		c.Err = err
 		return
-	} else if HandleEtag(list.Etag(), "Get Post Thread", w, r) {
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		if channel.Type == model.CHANNEL_OPEN {
+			if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) {
+				c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL)
+				return
+			}
+		} else {
+			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+			return
+		}
+	}
+
+	if HandleEtag(list.Etag(), "Get Post Thread", w, r) {
 		return
 	} else {
 		w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())
-- 
cgit v1.2.3-1-g7c22