apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allow setting other users avatars if you have permissions

Browse Source
pull/5140/head
Bradley Hilton 9 years ago
parent 50c932dc0e
commit a553e2db42
1 changed files with 6 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      packages/rocketchat-api/server/v1/users.js

8
packages/rocketchat-api/server/v1/users.js
Unescape View File

@ -138,9 +138,13 @@ RocketChat.API.v1.addRoute('users.list', { authRequired: true }, {
RocketChat.API.v1.addRoute('users.setAvatar', { authRequired: true }, {
post: function() {
try {
check(this.bodyParams, { avatarUrl: Match.Maybe(String) });
check(this.bodyParams, { avatarUrl: Match.Maybe(String), userId: Match.Maybe(String) });
const user = Meteor.users.findOne(this.userId);
if (typeof this.bodyParams.userId !== 'undefined' && this.userId !== this.bodyParams.userId && !RocketChat.authz.hasPermission(this.userId, 'edit-other-user-info')) {
return RocketChat.API.v1.unauthorized();
}
const user = Meteor.users.findOne(this.bodyParams.userId ? this.bodyParams.userId : this.userId);
if (this.bodyParams.avatarUrl) {
RocketChat.setUserAvatar(user, this.bodyParams.avatarUrl, '', 'url');

Write Preview
Loading…
Cancel
Save