From 59992ae4a4638006ec1489dd834151b258c1728c Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 31 Jul 2017 12:59:32 -0400
Subject: PLT-6763 Implement user access tokens and new roles (server-side)
 (#6972)

* Implement user access tokens and new roles

* Update config.json

* Add public post permission to apiv3

* Remove old comment

* Fix model unit test

* Updates to store per feedback

* Updates per feedback from CS
---
 api/post.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'api/post.go')

diff --git a/api/post.go b/api/post.go
index 192b01bd5..367696ec1 100644
--- a/api/post.go
+++ b/api/post.go
@@ -51,7 +51,17 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	post.UserId = c.Session.UserId
 
-	if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) {
+	hasPermission := false
+	if app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) {
+		hasPermission = true
+	} else if channel, err := app.GetChannel(post.ChannelId); err == nil {
+		// Temporary permission check method until advanced permissions, please do not copy
+		if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
+			hasPermission = true
+		}
+	}
+
+	if !hasPermission {
 		c.SetPermissionError(model.PERMISSION_CREATE_POST)
 		return
 	}
-- 
cgit v1.2.3-1-g7c22