diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/emoji.go | 6 | ||||
-rw-r--r-- | api/emoji_test.go | 31 |
2 files changed, 10 insertions, 27 deletions
diff --git a/api/emoji.go b/api/emoji.go index 24989924a..d84996230 100644 --- a/api/emoji.go +++ b/api/emoji.go @@ -16,6 +16,7 @@ import ( l4g "github.com/alecthomas/log4go" "github.com/gorilla/mux" + "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" ) @@ -32,7 +33,7 @@ func InitEmoji() { BaseRoutes.Emoji.Handle("/list", ApiUserRequired(getEmoji)).Methods("GET") BaseRoutes.Emoji.Handle("/create", ApiUserRequired(createEmoji)).Methods("POST") BaseRoutes.Emoji.Handle("/delete", ApiUserRequired(deleteEmoji)).Methods("POST") - BaseRoutes.Emoji.Handle("/{id:[A-Za-z0-9_]+}", ApiUserRequired(getEmojiImage)).Methods("GET") + BaseRoutes.Emoji.Handle("/{id:[A-Za-z0-9_]+}", ApiUserRequiredTrustRequester(getEmojiImage)).Methods("GET") } func getEmoji(c *Context, w http.ResponseWriter, r *http.Request) { @@ -58,7 +59,8 @@ func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !(*utils.Cfg.ServiceSettings.RestrictCustomEmojiCreation == model.RESTRICT_EMOJI_CREATION_ALL || c.IsSystemAdmin()) { + if emojiInterface := einterfaces.GetEmojiInterface(); emojiInterface != nil && + !emojiInterface.CanUserCreateEmoji(c.Session.Roles, c.Session.TeamMembers) { c.Err = model.NewLocAppError("createEmoji", "api.emoji.create.permissions.app_error", nil, "user_id="+c.Session.UserId) c.Err.StatusCode = http.StatusUnauthorized return diff --git a/api/emoji_test.go b/api/emoji_test.go index 26dbe9323..fb23cc439 100644 --- a/api/emoji_test.go +++ b/api/emoji_test.go @@ -22,6 +22,12 @@ func TestGetEmoji(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient + EnableCustomEmoji := *utils.Cfg.ServiceSettings.EnableCustomEmoji + defer func() { + *utils.Cfg.ServiceSettings.EnableCustomEmoji = EnableCustomEmoji + }() + *utils.Cfg.ServiceSettings.EnableCustomEmoji = true + emojis := []*model.Emoji{ { CreatorId: model.NewId(), @@ -95,13 +101,10 @@ func TestCreateEmoji(t *testing.T) { Client := th.BasicClient EnableCustomEmoji := *utils.Cfg.ServiceSettings.EnableCustomEmoji - RestrictCustomEmojiCreation := *utils.Cfg.ServiceSettings.RestrictCustomEmojiCreation defer func() { *utils.Cfg.ServiceSettings.EnableCustomEmoji = EnableCustomEmoji - *utils.Cfg.ServiceSettings.RestrictCustomEmojiCreation = RestrictCustomEmojiCreation }() *utils.Cfg.ServiceSettings.EnableCustomEmoji = false - *utils.Cfg.ServiceSettings.RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ALL emoji := &model.Emoji{ CreatorId: th.BasicUser.Id, @@ -213,28 +216,6 @@ func TestCreateEmoji(t *testing.T) { if _, err := Client.CreateEmoji(emoji, createTestGif(t, 10, 10), "image.gif"); err == nil { t.Fatal("shouldn't be able to create an emoji as another user") } - - *utils.Cfg.ServiceSettings.RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ADMIN - - // try to create an emoji when only system admins are allowed to create them - emoji = &model.Emoji{ - CreatorId: th.BasicUser.Id, - Name: model.NewId(), - } - if _, err := Client.CreateEmoji(emoji, createTestGif(t, 10, 10), "image.gif"); err == nil { - t.Fatal("shouldn't be able to create an emoji when not a system admin") - } - - emoji = &model.Emoji{ - CreatorId: th.SystemAdminUser.Id, - Name: model.NewId(), - } - if emojiResult, err := th.SystemAdminClient.CreateEmoji(emoji, createTestPng(t, 10, 10), "image.png"); err != nil { - t.Fatal(err) - } else { - emoji = emojiResult - } - th.SystemAdminClient.MustGeneric(th.SystemAdminClient.DeleteEmoji(emoji.Id)) } func TestDeleteEmoji(t *testing.T) { |