This commit is contained in:
parent
09c4f13f2c
commit
2d962d18d2
GPG key ID:
CCFBC5637D4000A8
16 changed files with 520 additions and 89 deletions
37
server/permissions.go
Normal file
37
server/permissions.go
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
package main
|
||||
|
||||
import "github.com/mattermost/mattermost/server/public/model"
|
||||
|
||||
// userHasRemovePermissionsToPost checks if the user has permissions to remove attachments from a post
|
||||
// based on the post ID, the user ID, and the channel ID.
|
||||
// Returns an error message if the user does not have permissions, or an empty string if the user has permissions.
|
||||
func (p *Plugin) userHasRemovePermissionsToPost(userID, channelID, postID string) string {
|
||||
// Check if the post exists
|
||||
post, appErr := p.API.GetPost(postID)
|
||||
if appErr != nil {
|
||||
return "Post does not exist"
|
||||
}
|
||||
|
||||
// Check if the post has attachments
|
||||
if len(post.FileIds) == 0 {
|
||||
return "Post has no attachments"
|
||||
}
|
||||
|
||||
// Check if the user is the post author or has permissions to edit others posts
|
||||
user, appErr := p.API.GetUser(userID)
|
||||
if appErr != nil {
|
||||
return "Internal error, check with your system administrator for assistance"
|
||||
}
|
||||
|
||||
if post.UserId != user.Id && !p.API.HasPermissionToChannel(userID, channelID, model.PermissionEditOthersPosts) {
|
||||
return "Not authorized"
|
||||
}
|
||||
|
||||
// Check if the post is editable at this point in time
|
||||
config := p.API.GetConfig()
|
||||
if config.ServiceSettings.PostEditTimeLimit != nil && *config.ServiceSettings.PostEditTimeLimit > 0 && model.GetMillis() > post.CreateAt+int64(*config.ServiceSettings.PostEditTimeLimit*1000) {
|
||||
return "Post is too old to edit"
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
Reference in a new issue