diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-04-04 15:17:47 -0400 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2017-04-04 15:17:47 -0400 |
commit | 97de1d0982ddb4818f5e41527f4d7da2234e829f (patch) | |
tree | cd48347c553b954eea8cca6daec689cbe02249f4 /api4/post.go | |
parent | 1fa3f2351c98e4d1b9c198e357d90ac0d436dcaa (diff) | |
download | chat-97de1d0982ddb4818f5e41527f4d7da2234e829f.tar.gz chat-97de1d0982ddb4818f5e41527f4d7da2234e829f.tar.bz2 chat-97de1d0982ddb4818f5e41527f4d7da2234e829f.zip |
Fix blanking out of FileIds and backwards compatability issue with v3 (#5950)
Diffstat (limited to 'api4/post.go')
-rw-r--r-- | api4/post.go | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/api4/post.go b/api4/post.go index 67cd325d9..5cbfeae92 100644 --- a/api4/post.go +++ b/api4/post.go @@ -238,9 +238,14 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - post.UserId = c.Session.UserId + if !app.SessionHasPermissionToPost(c.Session, c.Params.PostId, model.PERMISSION_EDIT_OTHERS_POSTS) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHERS_POSTS) + return + } + + post.Id = c.Params.PostId - rpost, err := app.UpdatePost(post) + rpost, err := app.UpdatePost(post, false) if err != nil { c.Err = err return @@ -262,6 +267,11 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_EDIT_POST) { + c.SetPermissionError(model.PERMISSION_EDIT_POST) + return + } + if !app.SessionHasPermissionToPost(c.Session, c.Params.PostId, model.PERMISSION_EDIT_OTHERS_POSTS) { c.SetPermissionError(model.PERMISSION_EDIT_OTHERS_POSTS) return |