diff options
Diffstat (limited to 'api/context.go')
-rw-r--r-- | api/context.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/api/context.go b/api/context.go index 4042a7b0f..765bb502a 100644 --- a/api/context.go +++ b/api/context.go @@ -221,6 +221,11 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { SetStatusOnline(c.Session.UserId, c.Session.Id, false) } + if c.Err == nil && (h.requireUser || h.requireSystemAdmin) { + //check if teamId exist + c.CheckTeamId() + } + if c.Err == nil { h.handleFunc(c, w, r) } @@ -575,3 +580,18 @@ func InvalidateAllCaches() { store.ClearUserCaches() store.ClearPostCaches() } + +func (c *Context) CheckTeamId() { + if c.TeamId != "" && c.Session.GetTeamByTeamId(c.TeamId) == nil { + if HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM) { + if result := <-Srv.Store.Team().Get(c.TeamId); result.Err != nil { + c.Err = result.Err + c.Err.StatusCode = http.StatusBadRequest + return + } + } else { + // just return because it fail on the HasPermissionToContext and the error is already on the Context c.Err + return + } + } +} |