From ee1700d6b2453fd2b4aaf236123ec383cbbdff8b Mon Sep 17 00:00:00 2001 From: Harshil Sharma Date: Fri, 5 Oct 2018 14:26:01 +0000 Subject: #MM-12130 Added permission check for createServiceTerms API (#9556) * #MM-12130 changes for custom service terms * Fixed styling * Added getServiceTerms API * removed unnecessary panic * removed custom service terms text from flat config * reverted user sql store as those changes are no longer needed * added tests * Updated a config key to be more standard * Added copyright info * Loading service terms only if the feature is enabled * Loading service terms only if the feature is enabled * removed unused index * added createservice termns API * made a param to bool instead of string * added createservice termns API * review fixes * fixed styling * Minor refactoring * removed saveConfig and loadConfig magic * added empty service terms text check to createServiceTerms API * refactoed some urls to be terms_of_service instead of service_terms * removed check for support settings * changed URLs in tests * removed unused code * fixed a bug * added service termd id in conif * fixed a test * review fixes * minor fixes * Fixed TestCreateServiceTerms * Fix incorrect key in en.json and changes some translations from service terms to terms of service * Improved translated messages * Added permission check in createServiceTerms API --- api4/service_terms.go | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'api4/service_terms.go') diff --git a/api4/service_terms.go b/api4/service_terms.go index 549bad0a1..ff953102d 100644 --- a/api4/service_terms.go +++ b/api4/service_terms.go @@ -25,6 +25,11 @@ func getServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) { } func createServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + if license := c.App.License(); license == nil || !*license.Features.CustomTermsOfService { c.Err = model.NewAppError("createServiceTerms", "api.create_service_terms.custom_service_terms_disabled.app_error", nil, "", http.StatusBadRequest) return -- cgit v1.2.3-1-g7c22