diff options
Diffstat (limited to 'api4/post.go')
-rw-r--r-- | api4/post.go | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/api4/post.go b/api4/post.go index 67cd325d9..5cbfeae92 100644 --- a/api4/post.go +++ b/api4/post.go @@ -238,9 +238,14 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - post.UserId = c.Session.UserId + if !app.SessionHasPermissionToPost(c.Session, c.Params.PostId, model.PERMISSION_EDIT_OTHERS_POSTS) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHERS_POSTS) + return + } + + post.Id = c.Params.PostId - rpost, err := app.UpdatePost(post) + rpost, err := app.UpdatePost(post, false) if err != nil { c.Err = err return @@ -262,6 +267,11 @@ func patchPost(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_EDIT_POST) { + c.SetPermissionError(model.PERMISSION_EDIT_POST) + return + } + if !app.SessionHasPermissionToPost(c.Session, c.Params.PostId, model.PERMISSION_EDIT_OTHERS_POSTS) { c.SetPermissionError(model.PERMISSION_EDIT_OTHERS_POSTS) return |