Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-23 15:19:42 +02:00
Code Releases Activity

Allow non space creators to manage space settings

Browse source 
Fixes #337
This commit is contained in:
McMatts 2019-11-13 09:49:19 +00:00
parent 7fc74be7cd
commit 0e6f2f1f5e
2 changed files with 27 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
domain/space/endpoint.go
View file

@ -487,11 +487,6 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
method := "space.update"
ctx := domain.GetRequestContext(r)
if !ctx.Editor {
response.WriteForbiddenError(w)
return
}
spaceID := request.Param(r, "spaceID")
if len(spaceID) == 0 {
response.WriteMissingDataError(w, method, "spaceID")
@ -522,6 +517,13 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
sp.RefID = spaceID
// Check permissions (either Documize admin OR space owner/manager).
canManage := perm.CanViewSpace(ctx, *h.Store, spaceID)
if !canManage && !ctx.Administrator {
response.WriteForbiddenError(w)
return
}
// Retreive previous record for comparison later.
prev, err := h.Store.Space.Get(ctx, spaceID)
if err != nil {