Commit 4bc4ae16 authored by Christopher Speller's avatar Christopher Speller Committed by GitHub
Browse files

Performance improvements for 40M posts (4.3) (#7709)

* Optimizing get root posts SQL query

* Setting session invalidation to be reliable

* Adding app reciever to SessionHasPermissionToUser

* Adding app reciever to SessionHasPermissionToTeam

* Adding app reciever to SessionHasPermissionTo

* Clear session cache if permission was denied

* Revert "Optimizing get root posts SQL query"

This reverts commit f364757e7015cfb4ec673d0a4fc3d57cd25d8dd7.
parent c8a67ac3
......@@ -9,7 +9,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/gorilla/mux"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
......@@ -59,12 +58,12 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
channel.TeamId = c.TeamId
}
if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_PUBLIC_CHANNEL)
return
}
if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
if channel.Type == model.CHANNEL_PRIVATE && !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_PRIVATE_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_PRIVATE_CHANNEL)
return
}
......@@ -79,7 +78,7 @@ func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_DIRECT_CHANNEL)
return
}
......@@ -101,7 +100,7 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_GROUP_CHANNEL) {
c.SetPermissionError(model.PERMISSION_CREATE_GROUP_CHANNEL)
return
}
......@@ -351,7 +350,7 @@ func getMoreChannelsPage(c *Context, w http.ResponseWriter, r *http.Request) {
}
// user is already in the team
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
return
}
......@@ -403,7 +402,7 @@ func join(c *Context, w http.ResponseWriter, r *http.Request) {
}
if channel.Type == model.CHANNEL_OPEN {
if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS)
return
}
......@@ -714,7 +713,7 @@ func updateNotifyProps(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToUser(c.Session, userId) {
if !c.App.SessionHasPermissionToUser(c.Session, userId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
......@@ -736,7 +735,7 @@ func searchMoreChannels(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -759,7 +758,7 @@ func autocompleteChannels(c *Context, w http.ResponseWriter, r *http.Request) {
term := r.URL.Query().Get("term")
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......
......@@ -10,7 +10,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
......@@ -87,7 +86,7 @@ func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
......@@ -126,13 +125,13 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
if !c.App.SessionHasPermissionToTeam(c.Session, oldCmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
if c.Session.UserId != oldCmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
if c.Session.UserId != oldCmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
......@@ -150,7 +149,7 @@ func updateCommand(c *Context, w http.ResponseWriter, r *http.Request) {
}
func listTeamCommands(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
......@@ -186,13 +185,13 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
return
}
if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
return
......@@ -229,13 +228,13 @@ func deleteCommand(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
if !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS)
c.LogAudit("fail - inappropriate permissions")
return
}
if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
if c.Session.UserId != cmd.CreatorId && !c.App.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) {
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS)
c.LogAudit("fail - inappropriate permissions")
return
......
......@@ -347,7 +347,7 @@ func (c *Context) SystemAdminRequired() {
}
func (c *Context) IsSystemAdmin() bool {
return app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
return c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
}
func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
......@@ -466,7 +466,7 @@ func Handle404(w http.ResponseWriter, r *http.Request) {
func (c *Context) CheckTeamId() {
if c.TeamId != "" && c.Session.GetTeamByTeamId(c.TeamId) == nil {
if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if result := <-c.App.Srv.Store.Team().Get(c.TeamId); result.Err != nil {
c.Err = result.Err
c.Err.StatusCode = http.StatusBadRequest
......
......@@ -148,7 +148,7 @@ func deleteEmoji(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if c.Session.UserId != emoji.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if c.Session.UserId != emoji.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.Err = model.NewAppError("deleteEmoji", "api.emoji.delete.permissions.app_error", nil, "user_id="+c.Session.UserId, http.StatusUnauthorized)
return
}
......
......@@ -10,7 +10,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
......@@ -36,7 +35,7 @@ func logClient(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
forceToDebug = true
}
}
......
......@@ -9,7 +9,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
......@@ -85,7 +84,7 @@ func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getClientLicenceConfig(c *Context, w http.ResponseWriter, r *http.Request) {
useSanitizedLicense := !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
useSanitizedLicense := !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
etag := utils.GetClientLicenseEtag(useSanitizedLicense)
if c.HandleEtag(etag, "Get Client License Config", w, r) {
......
......@@ -8,7 +8,6 @@ import (
l4g "github.com/alecthomas/log4go"
"github.com/gorilla/mux"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
......@@ -29,7 +28,7 @@ func (api *API) InitOAuth() {
}
func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
......@@ -41,7 +40,7 @@ func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
oauthApp.IsTrusted = false
}
......@@ -59,14 +58,14 @@ func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
var apps []*model.OAuthApp
var err *model.AppError
if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
apps, err = c.App.GetOAuthApps(0, 100000)
} else {
apps, err = c.App.GetOAuthAppsByCreator(c.Session.UserId, 0, 100000)
......@@ -203,7 +202,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
c.Err = model.NewAppError("deleteOAuthApp", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
......@@ -214,7 +213,7 @@ func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
if c.Session.UserId != oauthApp.CreatorId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.LogAudit("fail - inappropriate permissions")
c.Err = model.NewAppError("deleteOAuthApp", "api.oauth.delete.permissions.app_error", nil, "user_id="+c.Session.UserId, http.StatusForbidden)
return
......@@ -254,7 +253,7 @@ func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
if oauthApp.CreatorId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
c.Err = model.NewAppError("regenerateOAuthSecret", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
return
}
......
......@@ -58,7 +58,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
hasPermission = true
} else if channel, err := c.App.GetChannel(post.ChannelId); err == nil {
// Temporary permission check method until advanced permissions, please do not copy
if channel.Type == model.CHANNEL_OPEN && app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
if channel.Type == model.CHANNEL_OPEN && c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_CREATE_POST_PUBLIC) {
hasPermission = true
}
}
......@@ -68,7 +68,7 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if post.CreateAt != 0 && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
post.CreateAt = 0
}
......@@ -175,7 +175,7 @@ func getFlaggedPosts(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_VIEW_TEAM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_VIEW_TEAM) {
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
return
}
......
......@@ -56,7 +56,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_CREATE_TEAM) {
c.Err = model.NewAppError("createTeam", "api.team.is_team_creation_allowed.disabled.app_error", nil, "", http.StatusForbidden)
return
}
......@@ -121,7 +121,7 @@ func getAll(c *Context, w http.ResponseWriter, r *http.Request) {
func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) {
invites := model.InvitesFromJson(r.Body)
if utils.IsLicensed() && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_INVITE_USER) {
if utils.IsLicensed() && !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_INVITE_USER) {
errorId := ""
if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_SYSTEM_ADMIN {
errorId = "api.team.invite_members.restricted_system_admin.app_error"
......@@ -150,7 +150,7 @@ func addUserToTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
return
}
......@@ -173,7 +173,7 @@ func removeUserFromTeam(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.UserId != userId {
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_REMOVE_USER_FROM_TEAM) {
c.SetPermissionError(model.PERMISSION_REMOVE_USER_FROM_TEAM)
return
}
......@@ -238,7 +238,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
return
} else {
if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && c.Session.GetTeamByTeamId(team.Id) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -285,7 +285,7 @@ func updateTeam(c *Context, w http.ResponseWriter, r *http.Request) {
team.Id = c.TeamId
if !app.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_MANAGE_TEAM) {
if !c.App.SessionHasPermissionToTeam(c.Session, team.Id, model.PERMISSION_MANAGE_TEAM) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM)
return
}
......@@ -321,7 +321,7 @@ func updateMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
if !c.App.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_TEAM_ROLES) {
c.SetPermissionError(model.PERMISSION_MANAGE_TEAM_ROLES)
return
}
......@@ -359,7 +359,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) {
func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -375,7 +375,7 @@ func getTeamStats(c *Context, w http.ResponseWriter, r *http.Request) {
}
func importTeam(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_IMPORT_TEAM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_IMPORT_TEAM) {
c.SetPermissionError(model.PERMISSION_IMPORT_TEAM)
return
}
......@@ -477,7 +477,7 @@ func getTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -502,7 +502,7 @@ func getTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -525,7 +525,7 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......
......@@ -204,7 +204,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
id := params["user_id"]
if !app.SessionHasPermissionToUser(c.Session, id) {
if !c.App.SessionHasPermissionToUser(c.Session, id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
......@@ -300,7 +300,7 @@ func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) {
}
il.ClientCfg = utils.ClientCfg
if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
il.LicenseCfg = utils.ClientLicense()
} else {
il.LicenseCfg = utils.GetSanitizedClientLicense()
......@@ -406,7 +406,7 @@ func getProfilesInTeam(c *Context, w http.ResponseWriter, r *http.Request) {
teamId := params["team_id"]
if c.Session.GetTeamByTeamId(teamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
return
}
}
......@@ -454,7 +454,7 @@ func getProfilesInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
}
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -478,7 +478,7 @@ func getProfilesNotInChannel(c *Context, w http.ResponseWriter, r *http.Request)
channelId := params["channel_id"]
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
......@@ -513,7 +513,7 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
id := params["user_id"]
if !app.SessionHasPermissionToUser(c.Session, id) {
if !c.App.SessionHasPermissionToUser(c.Session, id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
......@@ -628,7 +628,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToUser(c.Session, user.Id) {
if !c.App.SessionHasPermissionToUser(c.Session, user.Id) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
......@@ -694,7 +694,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
c.SetPermissionError(model.PERMISSION_MANAGE_ROLES)
return
}
......@@ -724,7 +724,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
// true when you're trying to de-activate yourself
isSelfDeactive := !active && userId == c.Session.UserId
if !isSelfDeactive && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !isSelfDeactive && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.Err = model.NewAppError("updateActive", "api.user.update_active.permissions.app_error", nil, "userId="+userId, http.StatusForbidden)
return
}
......@@ -791,7 +791,7 @@ func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToUser(c.Session, userId) {
if !c.App.SessionHasPermissionToUser(c.Session, userId) {
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
return
}
......@@ -1251,7 +1251,7 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
func sanitizeProfile(c *Context, user *model.User) *model.User {
options := utils.Cfg.GetSanitizeOptions()
if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
options["email"] = true
options["fullname"] = true
options["authservice"] = true
......@@ -1287,7 +1287,7 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) {
searchOptions := map[string]bool{}
searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
hideFullName := !utils.Cfg.PrivacySettings.ShowFullName
hideEmail := !utils.Cfg.PrivacySettings.ShowEmailAddress
......@@ -1336,7 +1336,7 @@ func autocompleteUsersInChannel(c *Context, w http.ResponseWriter, r *http.Reque
term := r.URL.Query().Get("term")
if c.Session.GetTeamByTeamId(teamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
return
}
}
......@@ -1349,7 +1349,7 @@ func autocompleteUsersInChannel(c *Context, w http.ResponseWriter, r *http.Reque
searchOptions := map[string]bool{}
hideFullName := !utils.Cfg.PrivacySettings.ShowFullName
if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
......@@ -1371,7 +1371,7 @@ func autocompleteUsersInTeam(c *Context, w http.ResponseWriter, r *http.Request)
term := r.URL.Query().Get("term")
if c.Session.GetTeamByTeamId(teamId) == nil {
if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
return
}
}
......@@ -1379,7 +1379,7 @@ func autocompleteUsersInTeam(c *Context, w http.ResponseWriter, r *http.Request)
searchOptions := map[string]bool{}
hideFullName := !utils.Cfg.PrivacySettings.ShowFullName
if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
......@@ -1400,7 +1400,7 @@ func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
searchOptions := map[string]bool{}
hideFullName := !utils.Cfg.PrivacySettings.ShowFullName
if hideFullName && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
} else {
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
......
......@@ -7,7 +7,6 @@ import (
"net/http"
l4g "github.com/alecthomas/log4go"
"github.com/mattermost/mattermost-server/app"
"github.com/mattermost/mattermost-server/model"
"github.com/mattermost/mattermost-server/utils"
)
......@@ -42,7 +41,7 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
if !c.App.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
......@@ -84,12 +83,12 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
if !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
if c.Session.UserId != hook.UserId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
if c.Session.UserId != hook.UserId && !c.App.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) {
c.LogAudit("fail - inappropriate permissions")
c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS)
return
......@@ -132,14 +131,14 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
if !c.App.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
return
}
c.LogAudit("attempt")