diff options
Diffstat (limited to 'api4/team.go')
-rw-r--r-- | api4/team.go | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/api4/team.go b/api4/team.go index f8a1c556c..33cd57fbb 100644 --- a/api4/team.go +++ b/api4/team.go @@ -741,15 +741,16 @@ func getTeamIcon(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { - c.SetPermissionError(model.PERMISSION_VIEW_TEAM) - return - } - if team, err := c.App.GetTeam(c.Params.TeamId); err != nil { c.Err = err return } else { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) && + (team.Type != model.TEAM_OPEN || team.AllowOpenInvite) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + etag := strconv.FormatInt(team.LastTeamIconUpdate, 10) if c.HandleEtag(etag, "Get Team Icon", w, r) { |