diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-09-22 08:31:38 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-09-22 08:31:38 -0400 |
commit | efdb0dfa0b422b24a6fbed2c4752484494a78857 (patch) | |
tree | de94d8ae0f9e6c9bc91e504d93dc7f55219da52f /api/team.go | |
parent | de79343b9aa9dc601e5633cef329e1a83452aa1a (diff) | |
download | chat-efdb0dfa0b422b24a6fbed2c4752484494a78857.tar.gz chat-efdb0dfa0b422b24a6fbed2c4752484494a78857.tar.bz2 chat-efdb0dfa0b422b24a6fbed2c4752484494a78857.zip |
Fixing update roles API (#4060)
Diffstat (limited to 'api/team.go')
-rw-r--r-- | api/team.go | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/api/team.go b/api/team.go index 83367f31f..0f3475098 100644 --- a/api/team.go +++ b/api/team.go @@ -35,6 +35,7 @@ func InitTeam() { BaseRoutes.NeedTeam.Handle("/me", ApiUserRequired(getMyTeam)).Methods("GET") BaseRoutes.NeedTeam.Handle("/update", ApiUserRequired(updateTeam)).Methods("POST") + BaseRoutes.NeedTeam.Handle("/update_member_roles", ApiUserRequired(updateMemberRoles)).Methods("POST") BaseRoutes.NeedTeam.Handle("/invite_members", ApiUserRequired(inviteMembers)).Methods("POST") @@ -784,6 +785,62 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(oldTeam.ToJson())) } +func updateMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.MapFromJson(r.Body) + + userId := props["user_id"] + if len(userId) != 26 { + c.SetInvalidParam("updateMemberRoles", "user_id") + return + } + + mchan := Srv.Store.Team().GetTeamsForUser(userId) + + teamId := c.TeamId + + newRoles := props["new_roles"] + if !(model.IsValidUserRoles(newRoles)) { + c.SetInvalidParam("updateMemberRoles", "new_roles") + return + } + + if !HasPermissionToTeamContext(c, teamId, model.PERMISSION_MANAGE_ROLES) { + return + } + + var member *model.TeamMember + if result := <-mchan; result.Err != nil { + c.Err = result.Err + return + } else { + members := result.Data.([]*model.TeamMember) + for _, m := range members { + if m.TeamId == teamId { + member = m + } + } + } + + if member == nil { + c.Err = model.NewLocAppError("updateMemberRoles", "api.team.update_member_roles.not_a_member", nil, "userId="+userId+" teamId="+teamId) + c.Err.StatusCode = http.StatusBadRequest + return + } + + member.Roles = newRoles + + if result := <-Srv.Store.Team().UpdateMember(member); result.Err != nil { + c.Err = result.Err + return + } + + RemoveAllSessionsForUserId(userId) + + rdata := map[string]string{} + rdata["status"] = "ok" + w.Write([]byte(model.MapToJson(rdata))) +} + func PermanentDeleteTeam(c *Context, team *model.Team) *model.AppError { l4g.Warn(utils.T("api.team.permanent_delete_team.attempting.warn"), team.Name, team.Id) c.Path = "/teams/permanent_delete" |