mirror of
https://github.com/mattermost/mattermost.git
synced 2026-04-13 04:57:45 -04:00
dad9cab483
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres with binary parameters (push) Blocked by required conditions
Server CI / Postgres (shard 0) (push) Blocked by required conditions
Server CI / Postgres (shard 1) (push) Blocked by required conditions
Server CI / Postgres (shard 2) (push) Blocked by required conditions
Server CI / Postgres (shard 3) (push) Blocked by required conditions
Server CI / Merge Postgres Test Results (push) Blocked by required conditions
Server CI / Postgres (FIPS) (push) Blocked by required conditions
Server CI / Generate Test Coverage (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-external-links (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
86 lines
2.8 KiB
Go
86 lines
2.8 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/mattermost/mattermost/server/v8/channels/app"
|
|
)
|
|
|
|
func userCreatePostPermissionCheckWithContext(c *Context, channelId string) {
|
|
hasPermission := false
|
|
if ok, _ := c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channelId, model.PermissionCreatePost); ok {
|
|
hasPermission = true
|
|
} else if channel, err := c.App.GetChannel(c.AppContext, channelId); err == nil {
|
|
// Temporary permission check method until advanced permissions, please do not copy
|
|
if channel.Type == model.ChannelTypeOpen && c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionCreatePostPublic) {
|
|
hasPermission = true
|
|
}
|
|
}
|
|
|
|
if !hasPermission {
|
|
c.SetPermissionError(model.PermissionCreatePost)
|
|
return
|
|
}
|
|
}
|
|
|
|
func postHardenedModeCheckWithContext(where string, c *Context, props model.StringInterface) {
|
|
isIntegration := c.AppContext.Session().IsIntegration()
|
|
|
|
if appErr := app.PostHardenedModeCheckWithApp(c.App, isIntegration, props); appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
func postPriorityCheckWithContext(where string, c *Context, priority *model.PostPriority, rootId string) {
|
|
appErr := app.PostPriorityCheckWithApp(where, c.App, c.AppContext.Session().UserId, priority, rootId)
|
|
if appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
func postCardTypeCheckWithContext(where string, c *Context, postType string) {
|
|
if appErr := app.PostCardTypeCheckWithApp(where, c.App, postType); appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
func postBurnOnReadCheckWithContext(where string, c *Context, post *model.Post, channel *model.Channel) {
|
|
appErr := app.PostBurnOnReadCheckWithApp(where, c.App, c.AppContext, post.UserId, post.ChannelId, post.Type, channel)
|
|
if appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
// checkUploadFilePermissionForNewFiles checks upload_file permission only when
|
|
// adding new files to a post, preventing permission bypass via cross-channel file attachments.
|
|
func checkUploadFilePermissionForNewFiles(c *Context, newFileIds []string, originalPost *model.Post) {
|
|
if len(newFileIds) == 0 {
|
|
return
|
|
}
|
|
|
|
originalFileIDsMap := make(map[string]bool, len(originalPost.FileIds))
|
|
for _, fileID := range originalPost.FileIds {
|
|
originalFileIDsMap[fileID] = true
|
|
}
|
|
|
|
hasNewFiles := false
|
|
for _, fileID := range newFileIds {
|
|
if !originalFileIDsMap[fileID] {
|
|
hasNewFiles = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if hasNewFiles {
|
|
if ok, _ := c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), originalPost.ChannelId, model.PermissionUploadFile); !ok {
|
|
c.SetPermissionError(model.PermissionUploadFile)
|
|
return
|
|
}
|
|
}
|
|
}
|