From 87cbeafd363557615354cdf622adf3929f73e561 Mon Sep 17 00:00:00 2001 From: Amy Blais <29708087+amyblais@users.noreply.github.com> Date: Thu, 11 Aug 2022 15:13:50 -0400 Subject: [PATCH] Revert "MM-45272: Fix getPostThread permissions (#20565) (#20748)" (#20808) Automatic Merge --- api4/post.go | 29 ----------------------------- api4/post_test.go | 18 +----------------- i18n/en.json | 4 ---- 3 files changed, 1 insertion(+), 50 deletions(-) diff --git a/api4/post.go b/api4/post.go index 445314df0b95f..b5c33488fa773 100644 --- a/api4/post.go +++ b/api4/post.go @@ -523,35 +523,6 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) { return } - rPost, err := c.App.GetSinglePost(c.Params.PostId, false) - if err != nil { - c.Err = err - return - } - hasPermission := false - becauseCompliance := false - if c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), rPost.ChannelId, model.PermissionReadChannel) { - hasPermission = true - } else if channel, cErr := c.App.GetChannel(c.AppContext, rPost.ChannelId); cErr == nil { - if channel.Type == model.ChannelTypeOpen && - c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionReadPublicChannel) { - hasPermission = true - if *c.App.Config().MessageExportSettings.EnableExport { - hasPermission = false - becauseCompliance = true - } - } - } - - if !hasPermission { - if becauseCompliance { - c.Err = model.NewAppError("getPostThread", "api.post.compliance_enabled.join_channel_to_view_post", nil, "", http.StatusForbidden) - } else { - c.SetPermissionError(model.PermissionReadChannel) - } - return - } - // For now, by default we return all items unless it's set to maintain // backwards compatibility with mobile. But when the next ESR passes, we need to // change this to web.PerPageDefault. diff --git a/api4/post_test.go b/api4/post_test.go index f6ade58ad33aa..5db9de4b24074 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -2191,26 +2191,10 @@ func TestGetPostThread(t *testing.T) { client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) - messageExportEnabled := *th.App.Config().MessageExportSettings.EnableExport - // Channel is public, and compliance export is OFF, should be able to read post - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.MessageExportSettings.EnableExport = false - }) + // Channel is public, should be able to read post _, _, err = client.GetPostThread(th.BasicPost.Id, "", false) require.NoError(t, err) - // channel is public, and compliance export is ON, should NOT be able to read post - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.MessageExportSettings.EnableExport = true - }) - _, resp, err = client.GetPostThread(th.BasicPost.Id, "", false) - require.Error(t, err) - CheckForbiddenStatus(t, resp) - - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.MessageExportSettings.EnableExport = messageExportEnabled - }) - privatePost := th.CreatePostWithClient(client, th.BasicPrivateChannel) _, _, err = client.GetPostThread(privatePost.Id, "", false) diff --git a/i18n/en.json b/i18n/en.json index 10ad8e8eef184..a86209588af09 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -2241,10 +2241,6 @@ "id": "api.post.check_for_out_of_channel_mentions.message.one", "translation": "@{{.Username}} did not get notified by this mention because they are not in the channel." }, - { - "id": "api.post.compliance_enabled.join_channel_to_view_post", - "translation": "Due to compliance rules configured on this instance the channel must be joined before its posts can be read." - }, { "id": "api.post.create_post.can_not_post_to_deleted.error", "translation": "Can not post to deleted channel."