diff options
author | Harrison Healey <harrisonmhealey@gmail.com> | 2016-08-22 20:08:09 -0400 |
---|---|---|
committer | enahum <nahumhbl@gmail.com> | 2016-08-22 21:08:09 -0300 |
commit | f0c672e3ad64f0daf023d9ef70de940b3354e133 (patch) | |
tree | 6cdbb84c914589bb229b02b1ccb0cefdc741cda1 /api/team.go | |
parent | 3c50442d04238eedd0e867a19674d4e01c5a1bb7 (diff) | |
download | chat-f0c672e3ad64f0daf023d9ef70de940b3354e133.tar.gz chat-f0c672e3ad64f0daf023d9ef70de940b3354e133.tar.bz2 chat-f0c672e3ad64f0daf023d9ef70de940b3354e133.zip |
Changed /teams/all api to only return teams the current user is a member of if they're not an admin (#3853)
Diffstat (limited to 'api/team.go')
-rw-r--r-- | api/team.go | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/api/team.go b/api/team.go index 7f84f8263..834d722ce 100644 --- a/api/team.go +++ b/api/team.go @@ -17,6 +17,7 @@ import ( "github.com/gorilla/mux" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -410,8 +411,17 @@ func GetAllTeamListings(c *Context, w http.ResponseWriter, r *http.Request) { } } +// Gets all teams which the current user can has access to. If the user is a System Admin, this will be all teams +// on the server. Otherwise, it will only be the teams of which the user is a member. func getAll(c *Context, w http.ResponseWriter, r *http.Request) { - if result := <-Srv.Store.Team().GetAll(); result.Err != nil { + var tchan store.StoreChannel + if c.IsSystemAdmin() { + tchan = Srv.Store.Team().GetAll() + } else { + tchan = Srv.Store.Team().GetTeamsByUserId(c.Session.UserId) + } + + if result := <-tchan; result.Err != nil { c.Err = result.Err return } else { @@ -419,9 +429,6 @@ func getAll(c *Context, w http.ResponseWriter, r *http.Request) { m := make(map[string]*model.Team) for _, v := range teams { m[v.Id] = v - if !c.IsSystemAdmin() { - m[v.Id].SanitizeForNotLoggedIn() - } } w.Write([]byte(model.TeamMapToJson(m))) |