From cb2bff28ee7a43b3d3c52d3c448d3f15d12830ba Mon Sep 17 00:00:00 2001
From: nickago <ngonella@calpoly.edu>
Date: Tue, 14 Jul 2015 13:09:14 -0700
Subject: Team admin can now delete any post

---
 api/post.go | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

(limited to 'api/post.go')

diff --git a/api/post.go b/api/post.go
index 650f47062..0a8b5a20b 100644
--- a/api/post.go
+++ b/api/post.go
@@ -619,16 +619,23 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, channelId, c.Session.UserId)
 	pchan := Srv.Store.Post().Get(postId)
+	uchan := Srv.Store.User().Get(c.Session.UserId)
 
-	if !c.HasPermissionsToChannel(cchan, "deletePost") {
+	if uresult := <-uchan; uresult.Err != nil {
+		c.Err = uresult.Err
 		return
-	}
-
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
+	} else if presult := <-pchan; presult.Err != nil {
+		c.Err = presult.Err
 		return
 	} else {
-		post := result.Data.(*model.PostList).Posts[postId]
+
+		user := uresult.Data.(*model.User)
+
+		if !c.HasPermissionsToChannel(cchan, "deletePost") && !strings.Contains(user.Roles,"admin"){
+			return
+		}
+
+		post := presult.Data.(*model.PostList).Posts[postId]
 
 		if post == nil {
 			c.SetInvalidParam("deletePost", "postId")
@@ -641,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		if post.UserId != c.Session.UserId {
+		if post.UserId != c.Session.UserId && !strings.Contains(user.Roles,"admin") {
 			c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "")
 			c.Err.StatusCode = http.StatusForbidden
 			return
-- 
cgit v1.2.3-1-g7c22