diff options
author | George Goldberg <george@gberg.me> | 2018-02-08 16:07:40 +0000 |
---|---|---|
committer | Jesús Espino <jespinog@gmail.com> | 2018-02-08 17:07:40 +0100 |
commit | fa5cba9cc79b3bdc48ad42f276652bc699795a39 (patch) | |
tree | 39549319db989cd3429d82ab41766e1b73c7dcb3 /api4/role.go | |
parent | a735725d116c3e8dca2b4d1cad3425bcd473311c (diff) | |
download | chat-fa5cba9cc79b3bdc48ad42f276652bc699795a39.tar.gz chat-fa5cba9cc79b3bdc48ad42f276652bc699795a39.tar.bz2 chat-fa5cba9cc79b3bdc48ad42f276652bc699795a39.zip |
XYZ-76: Add license check to patchRoles endpoint. (#8224)
Diffstat (limited to 'api4/role.go')
-rw-r--r-- | api4/role.go | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/api4/role.go b/api4/role.go index a401a8034..ac9364c35 100644 --- a/api4/role.go +++ b/api4/role.go @@ -7,6 +7,7 @@ import ( "net/http" "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/utils" ) func (api *API) InitRole() { @@ -85,6 +86,31 @@ func patchRole(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !utils.IsLicensed() && patch.Permissions != nil { + allowedPermissions := []string{ + model.PERMISSION_CREATE_TEAM.Id, + model.PERMISSION_MANAGE_WEBHOOKS.Id, + model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, + model.PERMISSION_MANAGE_OAUTH.Id, + model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, + } + + changedPermissions := model.PermissionsChangedByPatch(oldRole, patch) + for _, permission := range changedPermissions { + allowed := false + for _, allowedPermission := range allowedPermissions { + if permission == allowedPermission { + allowed = true + } + } + + if !allowed { + c.Err = model.NewAppError("Api4.PatchRoles", "api.roles.patch_roles.license.error", nil, "", http.StatusNotImplemented) + return + } + } + } + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return |