self-hosted/focalboard
1
0
Fork 0
mirror of https://github.com/mattermost/focalboard.git synced 2025-01-08 15:06:08 +02:00
Code Issues Releases Activity

remove read token check from unnecessary functions (#2682)

Browse Source
This commit is contained in:
Scott Bishel 2022-04-04 01:39:29 -06:00 committed by GitHub
parent 3f6affbd83
commit 283d7669f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/api/api.go
View File

@ -2832,8 +2832,7 @@ func (a *API) handleDuplicateBoard(w http.ResponseWriter, r *http.Request) {
return return
} }
hasValidReadToken := a.hasValidReadTokenForBoard(r, boardID) if userID == "" {
if userID == "" && !hasValidReadToken {
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "", PermissionError{"access denied to board"}) a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "", PermissionError{"access denied to board"})
return return
} }
@ -2848,7 +2847,6 @@ func (a *API) handleDuplicateBoard(w http.ResponseWriter, r *http.Request) {
return return
} }
if !hasValidReadToken {
if board.Type == model.BoardTypePrivate { if board.Type == model.BoardTypePrivate {
if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionViewBoard) { if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionViewBoard) {
a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to board"}) a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to board"})
@ -2860,7 +2858,6 @@ func (a *API) handleDuplicateBoard(w http.ResponseWriter, r *http.Request) {
return return
} }
} }
}
auditRec := a.makeAuditRecord(r, "duplicateBoard", audit.Fail) auditRec := a.makeAuditRecord(r, "duplicateBoard", audit.Fail)
defer a.audit.LogRecord(audit.LevelRead, auditRec) defer a.audit.LogRecord(audit.LevelRead, auditRec)
@ -2927,8 +2924,7 @@ func (a *API) handleDuplicateBlock(w http.ResponseWriter, r *http.Request) {
query := r.URL.Query() query := r.URL.Query()
asTemplate := query.Get("asTemplate") asTemplate := query.Get("asTemplate")
hasValidReadToken := a.hasValidReadTokenForBoard(r, boardID) if userID == "" {
if userID == "" && !hasValidReadToken {
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "", PermissionError{"access denied to board"}) a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "", PermissionError{"access denied to board"})
return return
} }