diff options
author | George Goldberg <george@gberg.me> | 2018-07-16 13:04:52 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-16 13:04:52 +0100 |
commit | 9d9fcd9ac5d10a6ff1050477d527385d6af2f6bf (patch) | |
tree | 034047530a94301369accb0174a8146cdf554895 /app/reaction.go | |
parent | 10f571784b55509a7995093b36f28ed4b848dd53 (diff) | |
download | chat-9d9fcd9ac5d10a6ff1050477d527385d6af2f6bf.tar.gz chat-9d9fcd9ac5d10a6ff1050477d527385d6af2f6bf.tar.bz2 chat-9d9fcd9ac5d10a6ff1050477d527385d6af2f6bf.zip |
MM-11172: Don't allow reacting in read-only town square. (#9106)
Diffstat (limited to 'app/reaction.go')
-rw-r--r-- | app/reaction.go | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/app/reaction.go b/app/reaction.go index db00ce2ad..082d28f0d 100644 --- a/app/reaction.go +++ b/app/reaction.go @@ -4,6 +4,8 @@ package app import ( + "net/http" + "github.com/mattermost/mattermost-server/model" ) @@ -13,6 +15,24 @@ func (a *App) SaveReactionForPost(reaction *model.Reaction) (*model.Reaction, *m return nil, err } + if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly { + var channel *model.Channel + if channel, err = a.GetChannel(post.ChannelId); err != nil { + return nil, err + } + + if channel.Name == model.DEFAULT_CHANNEL { + var user *model.User + if user, err = a.GetUser(reaction.UserId); err != nil { + return nil, err + } + + if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) { + return nil, model.NewAppError("saveReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden) + } + } + } + if result := <-a.Srv.Store.Reaction().Save(reaction); result.Err != nil { return nil, result.Err } else { @@ -40,6 +60,24 @@ func (a *App) DeleteReactionForPost(reaction *model.Reaction) *model.AppError { return err } + if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly { + var channel *model.Channel + if channel, err = a.GetChannel(post.ChannelId); err != nil { + return err + } + + if channel.Name == model.DEFAULT_CHANNEL { + var user *model.User + if user, err = a.GetUser(reaction.UserId); err != nil { + return err + } + + if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) { + return model.NewAppError("deleteReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden) + } + } + } + hasReactions := true if reactions, _ := a.GetReactionsForPost(post.Id); len(reactions) <= 1 { hasReactions = false |