From 0896b5c64ef224f0f8835b9727d1c1b94cbe7c29 Mon Sep 17 00:00:00 2001
From: George Goldberg <george@gberg.me>
Date: Fri, 6 Jul 2018 09:07:36 +0100
Subject: MM-11106: Allow systeadmin webook to post to read only town square.
 (#9051)

---
 app/webhook.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'app/webhook.go')

diff --git a/app/webhook.go b/app/webhook.go
index c887fec97..8926c94a8 100644
--- a/app/webhook.go
+++ b/app/webhook.go
@@ -587,6 +587,8 @@ func (a *App) HandleIncomingWebhook(hookId string, req *model.IncomingWebhookReq
 		hook = result.Data.(*model.IncomingWebhook)
 	}
 
+	uchan := a.Srv.Store.User().Get(hook.UserId)
+
 	if len(req.Props) == 0 {
 		req.Props = make(model.StringInterface)
 	}
@@ -637,8 +639,15 @@ func (a *App) HandleIncomingWebhook(hookId string, req *model.IncomingWebhookReq
 		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel_locked.app_error", nil, "", http.StatusForbidden)
 	}
 
+	var user *model.User
+	if result := <-uchan; result.Err != nil {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.user.app_error", nil, "err="+result.Err.Message, http.StatusForbidden)
+	} else {
+		user = result.Data.(*model.User)
+	}
+
 	if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly &&
-		channel.Name == model.DEFAULT_CHANNEL {
+		channel.Name == model.DEFAULT_CHANNEL && !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
 		return model.NewAppError("HandleIncomingWebhook", "api.post.create_post.town_square_read_only", nil, "", http.StatusForbidden)
 	}
 
-- 
cgit v1.2.3-1-g7c22