diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/brand.go | 3 | ||||
-rw-r--r-- | api4/channel.go | 39 | ||||
-rw-r--r-- | api4/cluster.go | 3 | ||||
-rw-r--r-- | api4/command.go | 23 | ||||
-rw-r--r-- | api4/compliance.go | 8 | ||||
-rw-r--r-- | api4/context.go | 2 | ||||
-rw-r--r-- | api4/elasticsearch.go | 5 | ||||
-rw-r--r-- | api4/emoji.go | 2 | ||||
-rw-r--r-- | api4/job.go | 11 | ||||
-rw-r--r-- | api4/ldap.go | 5 | ||||
-rw-r--r-- | api4/oauth.go | 28 | ||||
-rw-r--r-- | api4/plugin.go | 11 | ||||
-rw-r--r-- | api4/post.go | 13 | ||||
-rw-r--r-- | api4/preference.go | 11 | ||||
-rw-r--r-- | api4/reaction.go | 3 | ||||
-rw-r--r-- | api4/saml.go | 14 | ||||
-rw-r--r-- | api4/status.go | 3 | ||||
-rw-r--r-- | api4/system.go | 27 | ||||
-rw-r--r-- | api4/team.go | 48 | ||||
-rw-r--r-- | api4/user.go | 66 | ||||
-rw-r--r-- | api4/webhook.go | 37 |
21 files changed, 174 insertions, 188 deletions
diff --git a/api4/brand.go b/api4/brand.go index ce9f32b6d..ee48953dd 100644 --- a/api4/brand.go +++ b/api4/brand.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -55,7 +54,7 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/channel.go b/api4/channel.go index 07e48b46f..84d64b1a9 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -56,12 +55,12 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { + if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL) return } - if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { + if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) { c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL) return } @@ -193,7 +192,7 @@ func restoreChannel(c *Context, w http.ResponseWriter, r *http.Request) { } teamId := channel.TeamId - if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM) { c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) return } @@ -242,12 +241,12 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { } } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL) return } - if !allowed && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !allowed && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -284,7 +283,7 @@ func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) { userIds = append(userIds, c.Session.UserId) } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) { c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL) return } @@ -311,7 +310,7 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { } if channel.Type == model.CHANNEL_OPEN { - if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) return } @@ -332,7 +331,7 @@ func getChannelUnread(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -401,7 +400,7 @@ func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) return } @@ -421,7 +420,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) return } @@ -454,7 +453,7 @@ func getPublicChannelsByIdsForTeam(c *Context, w http.ResponseWriter, r *http.Re } } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -473,12 +472,12 @@ func getChannelsForTeamForUser(c *Context, w http.ResponseWriter, r *http.Reques return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -506,7 +505,7 @@ func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) { c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS) return } @@ -568,7 +567,7 @@ func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { } if channel.Type == model.CHANNEL_OPEN { - if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) return } @@ -674,12 +673,12 @@ func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } - if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { + if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -698,7 +697,7 @@ func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -766,7 +765,7 @@ func updateChannelMemberNotifyProps(c *Context, w http.ResponseWriter, r *http.R return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } diff --git a/api4/cluster.go b/api4/cluster.go index f79ef28a8..472b52f36 100644 --- a/api4/cluster.go +++ b/api4/cluster.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -19,7 +18,7 @@ func (api *API) InitCluster() { } func getClusterStatus(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/command.go b/api4/command.go index 33e6a6c0c..1a488b505 100644 --- a/api4/command.go +++ b/api4/command.go @@ -10,7 +10,6 @@ import ( "strings" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -41,7 +40,7 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) return } @@ -84,13 +83,13 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) return } - if c.Session.UserId != oldCmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + if c.Session.UserId != oldCmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) return @@ -121,13 +120,13 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) return } - if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) return @@ -160,7 +159,7 @@ func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { commands := []*model.Command{} err := &model.AppError{} if customOnly { - if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) return } @@ -171,7 +170,7 @@ func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { } } else { //User with no permission should see only system commands - if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { commands, err = c.App.ListAutocompleteCommands(teamId, c.T) if err != nil { c.Err = err @@ -219,7 +218,7 @@ func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) { // if the slash command was used in a DM or GM, ensure that the user is a member of the specified team, so that // they can't just execute slash commands against arbitrary teams if c.Session.GetTeamByTeamId(commandArgs.TeamId) == nil { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_USE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_USE_SLASH_COMMANDS) { c.SetPermissionError(model.PERMISSION_USE_SLASH_COMMANDS) return } @@ -246,7 +245,7 @@ func listAutocompleteCommands(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -273,13 +272,13 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) return } - if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) return diff --git a/api4/compliance.go b/api4/compliance.go index 7d0708efe..91d00fdf4 100644 --- a/api4/compliance.go +++ b/api4/compliance.go @@ -30,7 +30,7 @@ func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -49,7 +49,7 @@ func createComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) } func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -69,7 +69,7 @@ func getComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -89,7 +89,7 @@ func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/context.go b/api4/context.go index 44334aabf..bf9794e4c 100644 --- a/api4/context.go +++ b/api4/context.go @@ -240,7 +240,7 @@ func (c *Context) LogDebug(err *model.AppError) { } func (c *Context) IsSystemAdmin() bool { - return app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) + return c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) } func (c *Context) SessionRequired() { diff --git a/api4/elasticsearch.go b/api4/elasticsearch.go index eb5a09876..6640b0837 100644 --- a/api4/elasticsearch.go +++ b/api4/elasticsearch.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -25,7 +24,7 @@ func testElasticsearch(c *Context, w http.ResponseWriter, r *http.Request) { cfg = c.App.Config() } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -39,7 +38,7 @@ func testElasticsearch(c *Context, w http.ResponseWriter, r *http.Request) { } func purgeElasticsearchIndexes(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/emoji.go b/api4/emoji.go index f2335b067..7a05e1ae1 100644 --- a/api4/emoji.go +++ b/api4/emoji.go @@ -102,7 +102,7 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != emoji.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.Session.UserId != emoji.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.Err = model.NewAppError("deleteImage", "api.emoji.delete.permissions.app_error", nil, "user_id="+c.Session.UserId, http.StatusUnauthorized) return } diff --git a/api4/job.go b/api4/job.go index 138c76c8f..2a5134cd3 100644 --- a/api4/job.go +++ b/api4/job.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" ) @@ -27,7 +26,7 @@ func getJob(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { c.SetPermissionError(model.PERMISSION_MANAGE_JOBS) return } @@ -47,7 +46,7 @@ func createJob(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { c.SetPermissionError(model.PERMISSION_MANAGE_JOBS) return } @@ -66,7 +65,7 @@ func getJobs(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { c.SetPermissionError(model.PERMISSION_MANAGE_JOBS) return } @@ -85,7 +84,7 @@ func getJobsByType(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { c.SetPermissionError(model.PERMISSION_MANAGE_JOBS) return } @@ -104,7 +103,7 @@ func cancelJob(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_JOBS) { c.SetPermissionError(model.PERMISSION_MANAGE_JOBS) return } diff --git a/api4/ldap.go b/api4/ldap.go index 3c5eb5ede..66735c526 100644 --- a/api4/ldap.go +++ b/api4/ldap.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -20,7 +19,7 @@ func (api *API) InitLdap() { } func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -31,7 +30,7 @@ func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) { } func testLdap(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/oauth.go b/api4/oauth.go index 8933f0863..b11a070e4 100644 --- a/api4/oauth.go +++ b/api4/oauth.go @@ -53,12 +53,12 @@ func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { oauthApp.IsTrusted = false } @@ -81,7 +81,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) return } @@ -100,7 +100,7 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) return } @@ -117,16 +117,16 @@ func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { } func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden) return } var apps []*model.OAuthApp var err *model.AppError - if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { apps, err = c.App.GetOAuthApps(c.Params.Page, c.Params.PerPage) - } else if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + } else if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { apps, err = c.App.GetOAuthAppsByCreator(c.Session.UserId, c.Params.Page, c.Params.PerPage) } else { c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) @@ -147,7 +147,7 @@ func getOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) return } @@ -158,7 +158,7 @@ func getOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + if oauthApp.CreatorId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) return } @@ -190,7 +190,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) return } @@ -201,7 +201,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) return } @@ -222,7 +222,7 @@ func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) return } @@ -233,7 +233,7 @@ func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request return } - if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + if oauthApp.CreatorId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) return } @@ -254,7 +254,7 @@ func getAuthorizedOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } diff --git a/api4/plugin.go b/api4/plugin.go index 155a5c807..9ac6fdcf5 100644 --- a/api4/plugin.go +++ b/api4/plugin.go @@ -9,7 +9,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" ) @@ -37,7 +36,7 @@ func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -84,7 +83,7 @@ func getPlugins(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -109,7 +108,7 @@ func removePlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -156,7 +155,7 @@ func activatePlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -180,7 +179,7 @@ func deactivatePlugin(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/post.go b/api4/post.go index feb6de8f9..6dc3564ff 100644 --- a/api4/post.go +++ b/api4/post.go @@ -10,7 +10,6 @@ import ( l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -48,7 +47,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { hasPermission = true } else if channel, err := c.App.GetChannel(post.ChannelId); err == nil { // Temporary permission check method until advanced permissions, please do not copy - if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) { + if channel.Type == model.CHANNEL_OPEN && c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) { hasPermission = true } } @@ -58,7 +57,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if post.CreateAt != 0 && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { post.CreateAt = 0 } @@ -150,7 +149,7 @@ func getFlaggedPostsForUser(c *Context, w http.ResponseWriter, r *http.Request) return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -198,7 +197,7 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) { if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { if channel.Type == model.CHANNEL_OPEN { - if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) return } @@ -264,7 +263,7 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) { if !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { if channel.Type == model.CHANNEL_OPEN { - if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) return } @@ -288,7 +287,7 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } diff --git a/api4/preference.go b/api4/preference.go index 5ed83939a..ad1eca4c8 100644 --- a/api4/preference.go +++ b/api4/preference.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -28,7 +27,7 @@ func getPreferences(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -48,7 +47,7 @@ func getPreferencesByCategory(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -68,7 +67,7 @@ func getPreferenceByCategoryAndName(c *Context, w http.ResponseWriter, r *http.R return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -88,7 +87,7 @@ func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -113,7 +112,7 @@ func deletePreferences(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } diff --git a/api4/reaction.go b/api4/reaction.go index edfb1619e..a19b2460a 100644 --- a/api4/reaction.go +++ b/api4/reaction.go @@ -7,7 +7,6 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -92,7 +91,7 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Params.UserId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/saml.go b/api4/saml.go index 733e8eaaa..ba9ee9eec 100644 --- a/api4/saml.go +++ b/api4/saml.go @@ -62,7 +62,7 @@ func parseSamlCertificateRequest(r *http.Request) (*multipart.FileHeader, *model } func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -81,7 +81,7 @@ func addSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request } func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -100,7 +100,7 @@ func addSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Reques } func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -119,7 +119,7 @@ func addSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { } func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -133,7 +133,7 @@ func removeSamlPublicCertificate(c *Context, w http.ResponseWriter, r *http.Requ } func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -147,7 +147,7 @@ func removeSamlPrivateCertificate(c *Context, w http.ResponseWriter, r *http.Req } func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -161,7 +161,7 @@ func removeSamlIdpCertificate(c *Context, w http.ResponseWriter, r *http.Request } func getSamlCertificateStatus(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/status.go b/api4/status.go index 92f319273..c8690768d 100644 --- a/api4/status.go +++ b/api4/status.go @@ -8,7 +8,6 @@ import ( l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -72,7 +71,7 @@ func updateUserStatus(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } diff --git a/api4/system.go b/api4/system.go index aba19ca78..f3278a7b5 100644 --- a/api4/system.go +++ b/api4/system.go @@ -11,7 +11,6 @@ import ( "strconv" l4g "github.com/alecthomas/log4go" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -74,7 +73,7 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) { cfg = c.App.Config() } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -89,7 +88,7 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) { } func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -101,7 +100,7 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { } func configReload(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -119,7 +118,7 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -139,7 +138,7 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { } func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -156,7 +155,7 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -167,7 +166,7 @@ func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) { } func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -183,7 +182,7 @@ func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) { } func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -206,7 +205,7 @@ func postLog(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { forceToDebug = true } } @@ -276,7 +275,7 @@ func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) { var clientLicense map[string]string - if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { clientLicense = utils.ClientLicense() } else { clientLicense = utils.GetSanitizedClientLicense() @@ -289,7 +288,7 @@ func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) { func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -344,7 +343,7 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -366,7 +365,7 @@ func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) { name = "standard" } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } diff --git a/api4/team.go b/api4/team.go index 2c60d40a1..ea39629c7 100644 --- a/api4/team.go +++ b/api4/team.go @@ -60,7 +60,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) { c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden) return } @@ -87,7 +87,7 @@ func getTeam(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } else { - if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { + if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -109,7 +109,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } else { - if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { + if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -136,7 +136,7 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) { team.Id = c.Params.TeamId - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) return } @@ -166,7 +166,7 @@ func patchTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) return } @@ -190,7 +190,7 @@ func deleteTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM) { c.SetPermissionError(model.PERMISSION_MANAGE_TEAM) return } @@ -216,7 +216,7 @@ func getTeamsForUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -237,7 +237,7 @@ func getTeamsUnreadForUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != c.Params.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.Session.UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return } @@ -260,7 +260,7 @@ func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -280,7 +280,7 @@ func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -300,7 +300,7 @@ func getTeamMembersForUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -327,7 +327,7 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -359,7 +359,7 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) return } @@ -429,7 +429,7 @@ func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { userIds = append(userIds, member.UserId) } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) return } @@ -452,7 +452,7 @@ func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { } if c.Session.UserId != c.Params.UserId { - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) { c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM) return } @@ -472,12 +472,12 @@ func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -497,7 +497,7 @@ func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -525,7 +525,7 @@ func updateTeamMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_MANAGE_TEAM_ROLES) { c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES) return } @@ -542,7 +542,7 @@ func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) { var teams []*model.Team var err *model.AppError - if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { teams, err = c.App.GetAllTeamsPage(c.Params.Page, c.Params.PerPage) } else { teams, err = c.App.GetAllOpenTeamsPage(c.Params.Page, c.Params.PerPage) @@ -573,7 +573,7 @@ func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) { var teams []*model.Team var err *model.AppError - if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { teams, err = c.App.SearchAllTeams(props.Term) } else { teams, err = c.App.SearchOpenTeams(props.Term) @@ -613,7 +613,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_IMPORT_TEAM) { c.SetPermissionError(model.PERMISSION_IMPORT_TEAM) return } @@ -682,12 +682,12 @@ func inviteUsersToTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_INVITE_USER) { c.SetPermissionError(model.PERMISSION_INVITE_USER) return } - if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { c.SetPermissionError(model.PERMISSION_INVITE_USER) return } diff --git a/api4/user.go b/api4/user.go index 889681b54..8d5c792d6 100644 --- a/api4/user.go +++ b/api4/user.go @@ -232,7 +232,7 @@ func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -306,7 +306,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) { if withoutTeamBool, _ := strconv.ParseBool(withoutTeam); withoutTeamBool { // Use a special permission for now - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_LIST_USERS_WITHOUT_TEAM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_LIST_USERS_WITHOUT_TEAM) { c.SetPermissionError(model.PERMISSION_LIST_USERS_WITHOUT_TEAM) return } @@ -320,7 +320,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) { profiles, err = c.App.GetUsersNotInChannelPage(inTeamId, notInChannelId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin()) } else if len(notInTeamId) > 0 { - if !app.SessionHasPermissionToTeam(c.Session, notInTeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, notInTeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -332,7 +332,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) { profiles, err = c.App.GetUsersNotInTeamPage(notInTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin()) } else if len(inTeamId) > 0 { - if !app.SessionHasPermissionToTeam(c.Session, inTeamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, inTeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -441,12 +441,12 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) { return } - if props.TeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.TeamId, model.PERMISSION_VIEW_TEAM) { + if props.TeamId != "" && !c.App.SessionHasPermissionToTeam(c.Session, props.TeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } - if props.NotInTeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.NotInTeamId, model.PERMISSION_VIEW_TEAM) { + if props.NotInTeamId != "" && !c.App.SessionHasPermissionToTeam(c.Session, props.NotInTeamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -454,7 +454,7 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) { searchOptions := map[string]bool{} searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { hideFullName := !c.App.Config().PrivacySettings.ShowFullName hideEmail := !c.App.Config().PrivacySettings.ShowEmailAddress @@ -486,7 +486,7 @@ func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) { searchOptions := map[string]bool{} hideFullName := !c.App.Config().PrivacySettings.ShowFullName - if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true } else { searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true @@ -502,7 +502,7 @@ func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) { autocomplete.Users = result.InChannel autocomplete.OutOfChannel = result.OutOfChannel } else if len(teamId) > 0 { - if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_VIEW_TEAM) { + if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_VIEW_TEAM) { c.SetPermissionError(model.PERMISSION_VIEW_TEAM) return } @@ -535,7 +535,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, user.Id) { + if !c.App.SessionHasPermissionToUser(c.Session, user.Id) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -575,7 +575,7 @@ func patchUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -611,7 +611,7 @@ func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) { userId := c.Params.UserId - if !app.SessionHasPermissionToUser(c.Session, userId) { + if !c.App.SessionHasPermissionToUser(c.Session, userId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -646,7 +646,7 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) { c.SetPermissionError(model.PERMISSION_MANAGE_ROLES) return } @@ -678,7 +678,7 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { // true when you're trying to de-activate yourself isSelfDeactive := !active && c.Params.UserId == c.Session.UserId - if !isSelfDeactive && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + if !isSelfDeactive && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.Err = model.NewAppError("updateUserActive", "api.user.update_active.permissions.app_error", nil, "userId="+c.Params.UserId, http.StatusForbidden) return } @@ -727,7 +727,7 @@ func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -772,7 +772,7 @@ func generateMfaSecret(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -810,7 +810,7 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { } err = c.App.UpdatePasswordAsUser(c.Params.UserId, currentPassword, newPassword) - } else if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + } else if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { err = c.App.UpdatePasswordByUserIdSendEmail(c.Params.UserId, newPassword, c.T("api.user.reset_password.method")) } else { err = model.NewAppError("updatePassword", "api.user.update_password.context.app_error", nil, "", http.StatusForbidden) @@ -932,7 +932,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -956,7 +956,7 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -995,7 +995,7 @@ func revokeAllSessionsForUser(c *Context, w http.ResponseWriter, r *http.Request return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1061,7 +1061,7 @@ func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1183,12 +1183,12 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("") - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) { c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN) return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1213,12 +1213,12 @@ func getUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) { c.SetPermissionError(model.PERMISSION_READ_USER_ACCESS_TOKEN) return } - if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, c.Params.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1238,7 +1238,7 @@ func getUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_READ_USER_ACCESS_TOKEN) { c.SetPermissionError(model.PERMISSION_READ_USER_ACCESS_TOKEN) return } @@ -1249,7 +1249,7 @@ func getUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1267,7 +1267,7 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("") - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) { c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) return } @@ -1278,7 +1278,7 @@ func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1304,7 +1304,7 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) c.LogAudit("") // No separate permission for this action for now - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) { c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) return } @@ -1315,7 +1315,7 @@ func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) return } - if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } @@ -1341,7 +1341,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("") // No separate permission for this action for now - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_USER_ACCESS_TOKEN) { c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN) return } @@ -1352,7 +1352,7 @@ func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToUser(c.Session, accessToken.UserId) { + if !c.App.SessionHasPermissionToUser(c.Session, accessToken.UserId) { c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) return } diff --git a/api4/webhook.go b/api4/webhook.go index 1921659ce..4382bac94 100644 --- a/api4/webhook.go +++ b/api4/webhook.go @@ -10,7 +10,6 @@ import ( l4g "github.com/alecthomas/log4go" "github.com/gorilla/mux" - "github.com/mattermost/mattermost-server/app" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" ) @@ -53,7 +52,7 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } @@ -105,12 +104,12 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if c.Session.UserId != updatedHook.UserId && !app.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + if c.Session.UserId != updatedHook.UserId && !c.App.SessionHasPermissionToTeam(c.Session, updatedHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return @@ -145,14 +144,14 @@ func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) { var err *model.AppError if len(teamId) > 0 { - if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } hooks, err = c.App.GetIncomingWebhooksForTeamPage(teamId, c.Params.Page, c.Params.PerPage) } else { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } @@ -190,7 +189,7 @@ func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) || + if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) || (channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, hook.ChannelId, model.PERMISSION_READ_CHANNEL)) { c.LogAudit("fail - bad permissions") c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) @@ -224,7 +223,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) || + if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) || (channel.Type != model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, hook.ChannelId, model.PERMISSION_READ_CHANNEL)) { c.LogAudit("fail - bad permissions") c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) @@ -256,7 +255,7 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { toUpdateHook.CreatorId = c.Session.UserId - if !app.SessionHasPermissionToTeam(c.Session, toUpdateHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, toUpdateHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } @@ -267,7 +266,7 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if c.Session.UserId != oldHook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + if c.Session.UserId != oldHook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return @@ -294,7 +293,7 @@ func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { hook.CreatorId = c.Session.UserId - if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } @@ -325,14 +324,14 @@ func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) { hooks, err = c.App.GetOutgoingWebhooksForChannelPage(channelId, c.Params.Page, c.Params.PerPage) } else if len(teamId) > 0 { - if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } hooks, err = c.App.GetOutgoingWebhooksForTeamPage(teamId, c.Params.Page, c.Params.PerPage) } else { - if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } @@ -362,12 +361,12 @@ func getOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return @@ -391,12 +390,12 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) c.LogAudit("attempt") - if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return @@ -424,12 +423,12 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + if !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + if c.Session.UserId != hook.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return |