diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/context.go | 8 | ||||
-rw-r--r-- | api/post.go | 12 |
2 files changed, 17 insertions, 3 deletions
diff --git a/api/context.go b/api/context.go index 09cb1e583..d0036d077 100644 --- a/api/context.go +++ b/api/context.go @@ -308,9 +308,13 @@ func (c *Context) LogDebug(err *model.AppError) { } func (c *Context) UserRequired() { + if !*utils.Cfg.ServiceSettings.EnableUserAccessTokens && c.Session.Props[model.SESSION_PROP_TYPE] == model.SESSION_TYPE_USER_ACCESS_TOKEN { + c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "UserAccessToken", http.StatusUnauthorized) + return + } + if len(c.Session.UserId) == 0 { - c.Err = model.NewLocAppError("", "api.context.session_expired.app_error", nil, "UserRequired") - c.Err.StatusCode = http.StatusUnauthorized + c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "UserRequired", http.StatusUnauthorized) return } } diff --git a/api/post.go b/api/post.go index 192b01bd5..367696ec1 100644 --- a/api/post.go +++ b/api/post.go @@ -51,7 +51,17 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) { post.UserId = c.Session.UserId - if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) { + hasPermission := false + if app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) { + hasPermission = true + } else if channel, err := app.GetChannel(post.ChannelId); err == nil { + // Temporary permission check method until advanced permissions, please do not copy + if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) { + hasPermission = true + } + } + + if !hasPermission { c.SetPermissionError(model.PERMISSION_CREATE_POST) return } |