diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2016-12-20 09:27:29 -0500 |
|---|---|---|
| committer | Christopher Speller <crspeller@gmail.com> | 2016-12-20 09:27:29 -0500 |
| commit | 1f67c91fcec746aeeb34b9c39b7df328d5f6a4a0 (patch) | |
| tree | 5e89cf3867369e75d89dd95069c458be75c0d51c | |
| parent | bf3fec604fc4ad0fd53d38490c18d872bccd629d (diff) | |
| download | chat-1f67c91fcec746aeeb34b9c39b7df328d5f6a4a0.tar.gz chat-1f67c91fcec746aeeb34b9c39b7df328d5f6a4a0.tar.bz2 chat-1f67c91fcec746aeeb34b9c39b7df328d5f6a4a0.zip | |
Prevent accidental removal of user from town square (#4842)
| -rw-r--r-- | api/channel.go | 15 | ||||
| -rw-r--r-- | api/channel_test.go | 14 | ||||
| -rw-r--r-- | i18n/en.json | 4 | ||||
| -rw-r--r-- | model/client.go | 2 | ||||
| -rw-r--r-- | webapp/components/channel_header.jsx | 2 |
5 files changed, 27 insertions, 10 deletions
diff --git a/api/channel.go b/api/channel.go index e4786c616..dcc4ed563 100644 --- a/api/channel.go +++ b/api/channel.go @@ -1003,23 +1003,22 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) - channelname := params["channel_name"] + channelName := params["channel_name"] - cchan := Srv.Store.Channel().GetByName(c.TeamId, channelname) + cchan := Srv.Store.Channel().GetByName(c.TeamId, channelName) if cresult := <-cchan; cresult.Err != nil { c.Err = cresult.Err return } else { - data := &model.Channel{} - data = cresult.Data.(*model.Channel) + data := cresult.Data.(*model.Channel) if !HasPermissionToChannelContext(c, data.Id, model.PERMISSION_READ_CHANNEL) { return } if data.TeamId != c.TeamId && data.Type != model.CHANNEL_DIRECT { - c.Err = model.NewLocAppError("getChannel", "api.channel.get_channel.wrong_team.app_error", map[string]interface{}{"ChannelName": channelname, "TeamId": c.TeamId}, "") + c.Err = model.NewLocAppError("getChannel", "api.channel.get_channel.wrong_team.app_error", map[string]interface{}{"ChannelName": channelName, "TeamId": c.TeamId}, "") return } @@ -1207,7 +1206,11 @@ func removeMember(c *Context, w http.ResponseWriter, r *http.Request) { func RemoveUserFromChannel(userIdToRemove string, removerUserId string, channel *model.Channel) *model.AppError { if channel.DeleteAt > 0 { - return model.NewLocAppError("updateChannel", "api.channel.remove_user_from_channel.deleted.app_error", nil, "") + return model.NewLocAppError("RemoveUserFromChannel", "api.channel.remove_user_from_channel.deleted.app_error", nil, "") + } + + if channel.Name == model.DEFAULT_CHANNEL { + return model.NewLocAppError("RemoveUserFromChannel", "api.channel.remove.default.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "") } if cmresult := <-Srv.Store.Channel().RemoveMember(channel.Id, userIdToRemove); cmresult.Err != nil { diff --git a/api/channel_test.go b/api/channel_test.go index 25e7b6a28..683deb8a9 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -1344,6 +1344,11 @@ func TestRemoveChannelMember(t *testing.T) { t.Fatal("Should have errored, channel deleted") } + townSquare := Client.Must(Client.GetChannelByName("town-square")).Data.(*model.Channel) + + if _, err := Client.RemoveChannelMember(townSquare.Id, userStd.Id); err == nil { + t.Fatal("should have errored, channel is default") + } } func TestUpdateNotifyProps(t *testing.T) { @@ -1684,8 +1689,13 @@ func TestGetChannelByName(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient - if _, err := Client.GetChannelByName(th.BasicChannel.Name); err != nil { + if result, err := Client.GetChannelByName(th.BasicChannel.Name); err != nil { t.Fatal("Failed to get channel") + } else { + channel := result.Data.(*model.Channel) + if channel.Name != th.BasicChannel.Name { + t.Fatal("channel names did not match") + } } if _, err := Client.GetChannelByName("InvalidChannelName"); err == nil { @@ -1703,6 +1713,6 @@ func TestGetChannelByName(t *testing.T) { Client.Login(user2.Email, "passwd1") if _, err := Client.GetChannelByName(th.BasicChannel.Name); err == nil { - t.Fatal("Should fail due not enough permissions") + t.Fatal("Should fail due to not enough permissions") } } diff --git a/i18n/en.json b/i18n/en.json index 2467be4bd..fd43adbf0 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -288,6 +288,10 @@ "translation": "Cannot leave the default channel {{.Channel}}" }, { + "id": "api.channel.remove.default.app_error", + "translation": "Cannot remove user from the default channel {{.Channel}}" + }, + { "id": "api.channel.leave.direct.app_error", "translation": "Cannot leave a direct message channel" }, diff --git a/model/client.go b/model/client.go index 431c4fa8a..e5f5fcea4 100644 --- a/model/client.go +++ b/model/client.go @@ -1258,7 +1258,7 @@ func (c *Client) GetChannelByName(channelName string) (*Result, *AppError) { } else { defer closeBody(r) return &Result{r.Header.Get(HEADER_REQUEST_ID), - r.Header.Get(HEADER_ETAG_SERVER), ChannelMemberFromJson(r.Body)}, nil + r.Header.Get(HEADER_ETAG_SERVER), ChannelFromJson(r.Body)}, nil } } diff --git a/webapp/components/channel_header.jsx b/webapp/components/channel_header.jsx index addd147fd..96cfa1557 100644 --- a/webapp/components/channel_header.jsx +++ b/webapp/components/channel_header.jsx @@ -661,7 +661,7 @@ export default class ChannelHeader extends React.Component { ); let channelMembersModal; - if (this.state.showMembersModal) { + if (this.state.showMembersModal && channel.name !== Constants.DEFAULT_CHANNEL) { channelMembersModal = ( <ChannelMembersModal onModalDismissed={() => this.setState({showMembersModal: false})} |