From 2d1c0924eea25ceb5cf79a285511a7a577cbece0 Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Fri, 8 Jul 2016 17:03:28 -0400
Subject: Fixed permissions when getting a file attachment to use the correct
 user id (#3535)

---
 api/file.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'api')

diff --git a/api/file.go b/api/file.go
index 92bceaa80..5b08804da 100644
--- a/api/file.go
+++ b/api/file.go
@@ -356,7 +356,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
 	userId := params["user_id"]
 	filename := params["filename"]
 
-	if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, userId), "getFile") {
+	if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, c.Session.UserId), "getFile") {
 		return
 	}
 
-- 
cgit v1.2.3-1-g7c22