Simplify permissions check (#1902)

mattermost · Apr 10, 2024 · 14eb874 · 14eb874
1 parent 939af55
commit 14eb874
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 11 deletions.
diff --git a/server/api/playbook_runs.go b/server/api/playbook_runs.go
@@ -1318,17 +1318,6 @@ func (h *PlaybookRunHandler) itemRun(c *Context, w http.ResponseWriter, r *http.
 		return
 	}
 
-	playbookRun, err := h.playbookRunService.GetPlaybookRun(vars["id"])
-	if err != nil {
-		h.HandleError(w, c.logger, err)
-		return
-	}
-
-	if !h.pluginAPI.User.HasPermissionToChannel(userID, playbookRun.ChannelID, model.PermissionCreatePost) {
-		h.HandleErrorWithCode(w, c.logger, http.StatusForbidden, "user does not have permission to channel", nil)
-		return
-	}
-
 	triggerID, err := h.playbookRunService.RunChecklistItemSlashCommand(playbookRunID, userID, checklistNum, itemNum)
 	if err != nil {
 		h.HandleError(w, c.logger, err)

diff --git a/server/app/playbook_run_service.go b/server/app/playbook_run_service.go
@@ -1696,6 +1696,10 @@ func (s *PlaybookRunServiceImpl) RunChecklistItemSlashCommand(playbookRunID, use
 		return "", err
 	}
 
+	if !s.pluginAPI.User.HasPermissionToChannel(userID, playbookRun.ChannelID, model.PermissionCreatePost) {
+		return "", errors.New("user does not have permission to channel")
+	}
+
 	if !IsValidChecklistItemIndex(playbookRun.Checklists, checklistNumber, itemNumber) {
 		return "", errors.New("invalid checklist item indices")
 	}