func HasPermissionToContext(c *Context, permission *model.Permission) bool { userRoles := c.Session.GetUserRoles() if !CheckIfRolesGrantPermission(userRoles, permission.Id) { c.Err = model.NewLocAppError("HasPermissionToContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+c.TeamId+" permission="+permission.Id+" "+model.RoleIdsToString(userRoles)) c.Err.StatusCode = http.StatusForbidden return false } return true }
func HasPermissionToChannelContext(c *Context, channelId string, permission *model.Permission) bool { cmc := app.Srv.Store.Channel().GetAllChannelMembersForUser(c.Session.UserId, true) var channelRoles []string if cmcresult := <-cmc; cmcresult.Err == nil { ids := cmcresult.Data.(map[string]string) if roles, ok := ids[channelId]; ok { channelRoles = strings.Fields(roles) if CheckIfRolesGrantPermission(channelRoles, permission.Id) { return true } } } cc := app.Srv.Store.Channel().Get(channelId, true) if ccresult := <-cc; ccresult.Err == nil { channel := ccresult.Data.(*model.Channel) if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil { roles := teamMember.GetRoles() if CheckIfRolesGrantPermission(roles, permission.Id) { return true } } } if HasPermissionToContext(c, permission) { return true } c.Err = model.NewLocAppError("HasPermissionToChannelContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles)) c.Err.StatusCode = http.StatusForbidden return false }
func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool { cmc := app.Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId) var channelRoles []string if cmcresult := <-cmc; cmcresult.Err == nil { channelMember := cmcresult.Data.(*model.ChannelMember) channelRoles = channelMember.GetRoles() if CheckIfRolesGrantPermission(channelRoles, permission.Id) { return true } } cc := app.Srv.Store.Channel().GetForPost(postId) if ccresult := <-cc; ccresult.Err == nil { channel := ccresult.Data.(*model.Channel) if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil { roles := teamMember.GetRoles() if CheckIfRolesGrantPermission(roles, permission.Id) { return true } } } if HasPermissionToContext(c, permission) { return true } c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles)) c.Err.StatusCode = http.StatusForbidden return false }