diff options
| author | Harrison Healey <harrisonmhealey@gmail.com> | 2017-10-09 13:30:59 -0400 |
|---|---|---|
| committer | Chris <ccbrown112@gmail.com> | 2017-10-09 10:30:59 -0700 |
| commit | e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67 (patch) | |
| tree | 1c3f07497661fb18bdd6506ff3746777a09e0816 /api/team.go | |
| parent | 9adaf53e110e0e806b21903111aacb93129668cb (diff) | |
| download | chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.gz chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.bz2 chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.zip | |
PLT-7811 Standardized team sanitization flow (#7586)
* post-4.3 commit (#7581)
* reduce store boiler plate (#7585)
* fix GetPostsByIds error (#7591)
* PLT-7811 Standardized team sanitization flow
* Fixed TestGetAllTeamListings
* Stopped sanitizing teams for team admins
* Removed debug logging
* Added TearDown to sanitization tests that needed it
Diffstat (limited to 'api/team.go')
| -rw-r--r-- | api/team.go | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/api/team.go b/api/team.go index 8a8d3c935..49b20686d 100644 --- a/api/team.go +++ b/api/team.go @@ -67,6 +67,8 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + // Don't sanitize the team here since the user will be a team admin and their session won't reflect that yet + w.Write([]byte(rteam.ToJson())) } @@ -82,11 +84,10 @@ func GetAllTeamListings(c *Context, w http.ResponseWriter, r *http.Request) { m := make(map[string]*model.Team) for _, v := range teams { m[v.Id] = v - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { - m[v.Id].Sanitize() - } } + sanitizeTeamMap(c.Session, m) + w.Write([]byte(model.TeamMapToJson(m))) } @@ -112,6 +113,8 @@ func getAll(c *Context, w http.ResponseWriter, r *http.Request) { m[v.Id] = v } + sanitizeTeamMap(c.Session, m) + w.Write([]byte(model.TeamMapToJson(m))) } @@ -207,7 +210,7 @@ func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) return } - team.Sanitize() + app.SanitizeTeam(c.Session, team) w.Write([]byte(team.ToJson())) } @@ -241,6 +244,8 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { } } + app.SanitizeTeam(c.Session, team) + w.Write([]byte(team.ToJson())) return } @@ -294,6 +299,8 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + app.SanitizeTeam(c.Session, updatedTeam) + w.Write([]byte(updatedTeam.ToJson())) } @@ -342,6 +349,9 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, team.Etag()) + + app.SanitizeTeam(c.Session, team) + w.Write([]byte(team.ToJson())) return } @@ -529,3 +539,9 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { return } } + +func sanitizeTeamMap(session model.Session, teams map[string]*model.Team) { + for _, team := range teams { + app.SanitizeTeam(session, team) + } +} |