func HasPermissionToContext(c *Context, permission *model.Permission) bool {
userRoles := c.Session.GetUserRoles()
if !CheckIfRolesGrantPermission(userRoles, permission.Id) {
c.Err = model.NewLocAppError("HasPermissionToContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+c.TeamId+" permission="+permission.Id+" "+model.RoleIdsToString(userRoles))
c.Err.StatusCode = http.StatusForbidden
return false
}
return true
}
func HasPermissionToChannelContext(c *Context, channelId string, permission *model.Permission) bool {
cmc := app.Srv.Store.Channel().GetAllChannelMembersForUser(c.Session.UserId, true)
var channelRoles []string
if cmcresult := <-cmc; cmcresult.Err == nil {
ids := cmcresult.Data.(map[string]string)
if roles, ok := ids[channelId]; ok {
channelRoles = strings.Fields(roles)
if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
return true
}
}
}
cc := app.Srv.Store.Channel().Get(channelId, true)
if ccresult := <-cc; ccresult.Err == nil {
channel := ccresult.Data.(*model.Channel)
if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
roles := teamMember.GetRoles()
if CheckIfRolesGrantPermission(roles, permission.Id) {
return true
}
}
}
if HasPermissionToContext(c, permission) {
return true
}
c.Err = model.NewLocAppError("HasPermissionToChannelContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
c.Err.StatusCode = http.StatusForbidden
return false
}
func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool {
cmc := app.Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId)
var channelRoles []string
if cmcresult := <-cmc; cmcresult.Err == nil {
channelMember := cmcresult.Data.(*model.ChannelMember)
channelRoles = channelMember.GetRoles()
if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
return true
}
}
cc := app.Srv.Store.Channel().GetForPost(postId)
if ccresult := <-cc; ccresult.Err == nil {
channel := ccresult.Data.(*model.Channel)
if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil {
roles := teamMember.GetRoles()
if CheckIfRolesGrantPermission(roles, permission.Id) {
return true
}
}
}
if HasPermissionToContext(c, permission) {
return true
}
c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles))
c.Err.StatusCode = http.StatusForbidden
return false
}