diff options
author | =Corey Hulen <corey@hulen.com> | 2015-07-06 11:20:40 -0800 |
---|---|---|
committer | =Corey Hulen <corey@hulen.com> | 2015-07-06 11:20:40 -0800 |
commit | e3ab0a4e3ddb4b1bfacd2b82073c4a48e58751d6 (patch) | |
tree | 1bb90df1b0e35e420d3bafb4c4d586586ba88b3c /api/user.go | |
parent | 10b625ba1740c6177cfe5c06484f4a14867523bd (diff) | |
download | chat-e3ab0a4e3ddb4b1bfacd2b82073c4a48e58751d6.tar.gz chat-e3ab0a4e3ddb4b1bfacd2b82073c4a48e58751d6.tar.bz2 chat-e3ab0a4e3ddb4b1bfacd2b82073c4a48e58751d6.zip |
team code review
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/api/user.go b/api/user.go index 292d2b61b..da6a24ab4 100644 --- a/api/user.go +++ b/api/user.go @@ -289,7 +289,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { if !model.ComparePassword(user.Password, props["password"]) { c.LogAuditWithUserId(user.Id, "fail") c.Err = model.NewAppError("login", "Login failed because of invalid password", extraInfo) - c.Err.StatusCode = http.StatusBadRequest + c.Err.StatusCode = http.StatusForbidden return } @@ -417,7 +417,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) id := params["id"] - if !c.HasPermissionsToUser(id, "getAudits") { + if !c.HasPermissionsToUser(id, "getSessions") { return } @@ -740,7 +740,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.HasPermissionsToUser(user.Id, "updateUsers") { + if !c.HasPermissionsToUser(user.Id, "updateUser") { return } @@ -813,12 +813,13 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { if !model.ComparePassword(user.Password, currentPassword) { c.Err = model.NewAppError("updatePassword", "Update password failed because of invalid password", "") - c.Err.StatusCode = http.StatusBadRequest + c.Err.StatusCode = http.StatusForbidden return } if uresult := <-Srv.Store.User().UpdatePassword(c.Session.UserId, model.HashPassword(newPassword)); uresult.Err != nil { - c.Err = uresult.Err + c.Err = model.NewAppError("updatePassword", "Update password failed", uresult.Err.Error()) + c.Err.StatusCode = http.StatusForbidden return } else { c.LogAudit("completed") |