diff options
author | George Goldberg <george@gberg.me> | 2018-09-12 15:32:05 +0100 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2018-09-12 10:32:05 -0400 |
commit | 0a5f792d2d6ceaa6c9bdb3050acbc4050c0c02f5 (patch) | |
tree | 37bf6f899abffe926c7c42337a19d67050382e50 /app/command_channel_header.go | |
parent | fba0f8e8b2e869654b3970396ed6fb0647e8910f (diff) | |
download | chat-0a5f792d2d6ceaa6c9bdb3050acbc4050c0c02f5.tar.gz chat-0a5f792d2d6ceaa6c9bdb3050acbc4050c0c02f5.tar.bz2 chat-0a5f792d2d6ceaa6c9bdb3050acbc4050c0c02f5.zip |
MM-11230: Make permissions checks in commands failsafe. (#9392)
Also add additional unit tests to make sure the permissions tests are
completely solid.
Diffstat (limited to 'app/command_channel_header.go')
-rw-r--r-- | app/command_channel_header.go | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/app/command_channel_header.go b/app/command_channel_header.go index 100135f48..db92f68b2 100644 --- a/app/command_channel_header.go +++ b/app/command_channel_header.go @@ -4,9 +4,9 @@ package app import ( - "github.com/mattermost/mattermost-server/model" - goi18n "github.com/nicksnyder/go-i18n/i18n" + + "github.com/mattermost/mattermost-server/model" ) type HeaderProvider struct { @@ -37,33 +37,51 @@ func (me *HeaderProvider) GetCommand(a *App, T goi18n.TranslateFunc) *model.Comm func (me *HeaderProvider) DoCommand(a *App, args *model.CommandArgs, message string) *model.CommandResponse { channel, err := a.GetChannel(args.ChannelId) if err != nil { - return &model.CommandResponse{Text: args.T("api.command_channel_header.channel.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.channel.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } switch channel.Type { case model.CHANNEL_OPEN: if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES) { - return &model.CommandResponse{Text: args.T("api.command_channel_header.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.permission.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } case model.CHANNEL_PRIVATE: if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES) { - return &model.CommandResponse{Text: args.T("api.command_channel_header.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.permission.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } case model.CHANNEL_GROUP, model.CHANNEL_DIRECT: // Modifying the header is not linked to any specific permission for group/dm channels, so just check for membership. channelMember, err := a.GetChannelMember(args.ChannelId, args.Session.UserId) if err != nil || channelMember == nil { - return &model.CommandResponse{Text: args.T("api.command_channel_header.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.permission.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } default: - return &model.CommandResponse{Text: args.T("api.command_channel_header.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.permission.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } if len(message) == 0 { - return &model.CommandResponse{Text: args.T("api.command_channel_header.message.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.message.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } patch := &model.ChannelPatch{ @@ -73,7 +91,10 @@ func (me *HeaderProvider) DoCommand(a *App, args *model.CommandArgs, message str _, err = a.PatchChannel(channel, patch, args.UserId) if err != nil { - return &model.CommandResponse{Text: args.T("api.command_channel_header.update_channel.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + return &model.CommandResponse{ + Text: args.T("api.command_channel_header.update_channel.app_error"), + ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, + } } return &model.CommandResponse{} |