From e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67 Mon Sep 17 00:00:00 2001 From: Harrison Healey Date: Mon, 9 Oct 2017 13:30:59 -0400 Subject: PLT-7811 Standardized team sanitization flow (#7586) * post-4.3 commit (#7581) * reduce store boiler plate (#7585) * fix GetPostsByIds error (#7591) * PLT-7811 Standardized team sanitization flow * Fixed TestGetAllTeamListings * Stopped sanitizing teams for team admins * Removed debug logging * Added TearDown to sanitization tests that needed it --- app/team.go | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'app/team.go') diff --git a/app/team.go b/app/team.go index 4bfb617a8..1bc77c9f0 100644 --- a/app/team.go +++ b/app/team.go @@ -104,8 +104,6 @@ func (a *App) UpdateTeam(team *model.Team) (*model.Team, *model.AppError) { return nil, result.Err } - oldTeam.Sanitize() - a.sendUpdatedTeamEvent(oldTeam) return oldTeam, nil @@ -124,16 +122,18 @@ func (a *App) PatchTeam(teamId string, patch *model.TeamPatch) (*model.Team, *mo return nil, err } - updatedTeam.Sanitize() - a.sendUpdatedTeamEvent(updatedTeam) return updatedTeam, nil } func (a *App) sendUpdatedTeamEvent(team *model.Team) { + sanitizedTeam := &model.Team{} + *sanitizedTeam = *team + sanitizedTeam.Sanitize() + message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_UPDATE_TEAM, "", "", "", nil) - message.Add("team", team.ToJson()) + message.Add("team", sanitizedTeam.ToJson()) a.Go(func() { a.Publish(message) }) @@ -833,3 +833,19 @@ func (a *App) GetTeamIdFromQuery(query url.Values) (string, *model.AppError) { return "", nil } + +func SanitizeTeam(session model.Session, team *model.Team) *model.Team { + if !SessionHasPermissionToTeam(session, team.Id, model.PERMISSION_MANAGE_TEAM) { + team.Sanitize() + } + + return team +} + +func SanitizeTeams(session model.Session, teams []*model.Team) []*model.Team { + for _, team := range teams { + SanitizeTeam(session, team) + } + + return teams +} -- cgit v1.2.3-1-g7c22