Пример #1
0
func HasPermissionToContext(c *Context, permission *model.Permission) bool {
	userRoles := c.Session.GetUserRoles()
	if !CheckIfRolesGrantPermission(userRoles, permission.Id) {
		c.Err = model.NewLocAppError("HasPermissionToContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+c.TeamId+" permission="+permission.Id+" "+model.RoleIdsToString(userRoles))
		c.Err.StatusCode = http.StatusForbidden
		return false
	}

	return true
}
Пример #2
0
func HasPermissionToChannelContext(c *Context, channelId string, permission *model.Permission) bool {
	cmc := app.Srv.Store.Channel().GetAllChannelMembersForUser(c.Session.UserId, true)

	var channelRoles []string
	if cmcresult := <-cmc; cmcresult.Err == nil {
		ids := cmcresult.Data.(map[string]string)
		if roles, ok := ids[channelId]; ok {
			channelRoles = strings.Fields(roles)
			if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
				return true
			}
		}
	}

	cc := app.Srv.Store.Channel().Get(channelId, true)
	if ccresult := <-cc; ccresult.Err == nil {
		channel := ccresult.Data.(*model.Channel)

		if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
			roles := teamMember.GetRoles()

			if CheckIfRolesGrantPermission(roles, permission.Id) {
				return true
			}
		}

	}

	if HasPermissionToContext(c, permission) {
		return true
	}

	c.Err = model.NewLocAppError("HasPermissionToChannelContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
	c.Err.StatusCode = http.StatusForbidden
	return false
}
Пример #3
0
func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool {
	cmc := app.Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId)

	var channelRoles []string
	if cmcresult := <-cmc; cmcresult.Err == nil {
		channelMember := cmcresult.Data.(*model.ChannelMember)
		channelRoles = channelMember.GetRoles()

		if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
			return true
		}
	}

	cc := app.Srv.Store.Channel().GetForPost(postId)
	if ccresult := <-cc; ccresult.Err == nil {
		channel := ccresult.Data.(*model.Channel)

		if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
			roles := teamMember.GetRoles()

			if CheckIfRolesGrantPermission(roles, permission.Id) {
				return true
			}
		}

	}

	if HasPermissionToContext(c, permission) {
		return true
	}

	c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
	c.Err.StatusCode = http.StatusForbidden
	return false
}