From 21afaf4bedcad578d4f876bb315d1072ccd296e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Tue, 20 Feb 2018 16:19:35 +0100
Subject: MM-8825: Make consistent INVITE_USER and ADD_USER_TO_TEAM permissions
 checking (#8326)

---
 api/team.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/team.go b/api/team.go
index e89f368ec..b1d8086d3 100644
--- a/api/team.go
+++ b/api/team.go
@@ -121,6 +121,11 @@ func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+		c.SetPermissionError(model.PERMISSION_INVITE_USER)
+		return
+	}
+
 	if err := c.App.InviteNewUsersToTeam(invites.ToEmailList(), c.TeamId, c.Session.UserId); err != nil {
 		c.Err = err
 		return
-- 
cgit v1.2.3-1-g7c22