mirror of
https://github.com/mattermost/mattermost.git
synced 2026-05-28 04:35:04 -04:00
9e955bf683
* Implemented edit file permission * lint fixes * Updated snapshot * Updated tests * Updated test * CI * Permission reordering and tooltip text update * Made a geneeric function
98 lines
3.4 KiB
Go
98 lines
3.4 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/mattermost/mattermost/server/v8/channels/app"
|
|
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
|
)
|
|
|
|
func userCreatePostPermissionCheckWithContext(c *Context, channelId string) {
|
|
hasPermission := false
|
|
if ok, _ := c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channelId, model.PermissionCreatePost); ok {
|
|
hasPermission = true
|
|
} else if channel, err := c.App.GetChannel(c.AppContext, channelId); err == nil {
|
|
// Temporary permission check method until advanced permissions, please do not copy
|
|
if channel.Type == model.ChannelTypeOpen && c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionCreatePostPublic) {
|
|
hasPermission = true
|
|
}
|
|
}
|
|
|
|
if !hasPermission {
|
|
c.SetPermissionError(model.PermissionCreatePost)
|
|
return
|
|
}
|
|
}
|
|
|
|
func postHardenedModeCheckWithContext(where string, c *Context, props model.StringInterface) {
|
|
isIntegration := c.AppContext.Session().IsIntegration()
|
|
|
|
if appErr := app.PostHardenedModeCheckWithApp(c.App, isIntegration, props); appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
func postPriorityCheckWithContext(where string, c *Context, priority *model.PostPriority, rootId string) {
|
|
appErr := app.PostPriorityCheckWithApp(where, c.App, c.AppContext.Session().UserId, priority, rootId)
|
|
if appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
func postCardTypeCheckWithContext(where string, c *Context, postType string) {
|
|
if appErr := app.PostCardTypeCheckWithApp(where, c.App, postType); appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
func postBurnOnReadCheckWithContext(where string, c *Context, post *model.Post, channel *model.Channel) {
|
|
appErr := app.PostBurnOnReadCheckWithApp(where, c.App, c.AppContext, post.UserId, post.ChannelId, post.Type, channel)
|
|
if appErr != nil {
|
|
appErr.Where = where
|
|
c.Err = appErr
|
|
}
|
|
}
|
|
|
|
// checkUploadFilePermissionForNewFiles checks upload_file permission only when
|
|
// adding new files to a post, preventing permission bypass via cross-channel file attachments.
|
|
func checkUploadFilePermissionForNewFiles(c *Context, newFileIds []string, originalPost *model.Post) {
|
|
if len(newFileIds) == 0 {
|
|
return
|
|
}
|
|
|
|
originalFileIDsMap := make(map[string]bool, len(originalPost.FileIds))
|
|
for _, fileID := range originalPost.FileIds {
|
|
originalFileIDsMap[fileID] = true
|
|
}
|
|
|
|
hasNewFiles := false
|
|
for _, fileID := range newFileIds {
|
|
if !originalFileIDsMap[fileID] {
|
|
hasNewFiles = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if hasNewFiles {
|
|
if ok, _ := c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), originalPost.ChannelId, model.PermissionUploadFile); !ok {
|
|
c.SetPermissionError(model.PermissionUploadFile)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
// checkEditFileAttachmentPermission checks edit_file_attachment permission
|
|
// when file IDs are being changed (files added or removed) during post edit.
|
|
func checkEditFileAttachmentPermission(c *Context, newFileIds []string, originalPost *model.Post) {
|
|
if utils.SliceEqualUnordered(newFileIds, originalPost.FileIds) {
|
|
return
|
|
}
|
|
if ok, _ := c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), originalPost.ChannelId, model.PermissionEditFileAttachment); !ok {
|
|
c.SetPermissionError(model.PermissionEditFileAttachment)
|
|
}
|
|
}
|