diff options
author | Martin Kraft <martinkraft@gmail.com> | 2018-03-27 09:01:42 -0400 |
---|---|---|
committer | Martin Kraft <martinkraft@gmail.com> | 2018-03-27 09:01:42 -0400 |
commit | e13e64711f7a7e8ceadb8cbc6af72c4022c95b36 (patch) | |
tree | fe0e956b1d660cd08d41757d25c8adcb3463568c /api4/team.go | |
parent | d8b42070186c12f6320fe54ea1c405149846404c (diff) | |
parent | 9e6db178b09387e21ac19ce85369cf1ca7a443e8 (diff) | |
download | chat-e13e64711f7a7e8ceadb8cbc6af72c4022c95b36.tar.gz chat-e13e64711f7a7e8ceadb8cbc6af72c4022c95b36.tar.bz2 chat-e13e64711f7a7e8ceadb8cbc6af72c4022c95b36.zip |
Merge remote-tracking branch 'origin/master' into advanced-permissions-phase-1
Diffstat (limited to 'api4/team.go')
-rw-r--r-- | api4/team.go | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/api4/team.go b/api4/team.go index f8a1c556c..33cd57fbb 100644 --- a/api4/team.go +++ b/api4/team.go @@ -741,15 +741,16 @@ func getTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { - c.SetPermissionError(model.PERMISSION_VIEW_TEAM) - return - } - if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { c.Err = err return } else { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) && + (team.Type != model.TEAM_OPEN || team.AllowOpenInvite) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + etag := strconv.FormatInt(team.LastTeamIconUpdate, 10) if c.HandleEtag(etag, "Get Team Icon", w, r) { |