diff options
author | Saturnino Abril <saturnino.abril@gmail.com> | 2018-08-21 20:53:32 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-21 20:53:32 +0800 |
commit | f16687f83cea20f1ed3682226b60011097c85648 (patch) | |
tree | 2f0e331da8931c8f97dcdd93ff7c1634397311b3 /api4/channel.go | |
parent | cea1796f0698956e4fab57a0015b292854bbbcf3 (diff) | |
download | chat-f16687f83cea20f1ed3682226b60011097c85648.tar.gz chat-f16687f83cea20f1ed3682226b60011097c85648.tar.bz2 chat-f16687f83cea20f1ed3682226b60011097c85648.zip |
[MM-11593] Prevent user to remove from a direct channel (#9251)
* prevent user to remove from a direct channel
* only allow removing of a member in private or public channel
Diffstat (limited to 'api4/channel.go')
-rw-r--r-- | api4/channel.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/api4/channel.go b/api4/channel.go index f21b45d56..1599b6e70 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -1069,6 +1069,11 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { + c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) + return + } + if c.Params.UserId != c.Session.UserId { if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) |