diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-10-20 20:26:12 -0400 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2017-10-20 17:26:12 -0700 |
commit | 9d9c73741477632fc5222a0a27d28c14d43b3fbd (patch) | |
tree | fdcd4bae38f2b3ed2e86f08202b2a318859f6ad7 /api4/system.go | |
parent | 18ee37586027e5672446a6f23c05a8ccb2b35896 (diff) | |
download | chat-9d9c73741477632fc5222a0a27d28c14d43b3fbd.tar.gz chat-9d9c73741477632fc5222a0a27d28c14d43b3fbd.tar.bz2 chat-9d9c73741477632fc5222a0a27d28c14d43b3fbd.zip |
Update v4 POST log endpoint to match v3 permissions (#7653)
Diffstat (limited to 'api4/system.go')
-rw-r--r-- | api4/system.go | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/api4/system.go b/api4/system.go index 920e9a63d..aba19ca78 100644 --- a/api4/system.go +++ b/api4/system.go @@ -36,7 +36,7 @@ func (api *API) InitSystem() { api.BaseRoutes.ApiRoot.Handle("/caches/invalidate", api.ApiSessionRequired(invalidateCaches)).Methods("POST") api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiSessionRequired(getLogs)).Methods("GET") - api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiSessionRequired(postLog)).Methods("POST") + api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiHandler(postLog)).Methods("POST") api.BaseRoutes.ApiRoot.Handle("/analytics/old", api.ApiSessionRequired(getAnalytics)).Methods("GET") } @@ -198,9 +198,17 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { } func postLog(c *Context, w http.ResponseWriter, r *http.Request) { - if !*c.App.Config().ServiceSettings.EnableDeveloper && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { - c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) - return + forceToDebug := false + + if !*c.App.Config().ServiceSettings.EnableDeveloper { + if c.Session.UserId == "" { + c.Err = model.NewAppError("postLog", "api.context.permissions.app_error", nil, "", http.StatusForbidden) + return + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + forceToDebug = true + } } m := model.MapFromJson(r.Body) @@ -211,7 +219,7 @@ func postLog(c *Context, w http.ResponseWriter, r *http.Request) { msg = msg[0:399] } - if lvl == "ERROR" { + if !forceToDebug && lvl == "ERROR" { err := &model.AppError{} err.Message = msg err.Id = msg |