Merge pull request #2 from mattermost/mm-1239

fixes mm-1239 adds config setting to turn off valet feature

7 files changed, 75 insertions, 49 deletions

diff --git a/api/command.go b/api/command.go
index 9efc79b49..449483bbf 100644
--- a/api/command.go
+++ b/api/command.go
@@ -19,12 +19,16 @@ var commands = []commandHandler{
 	logoutCommand,
 	joinCommand,
 	loadTestCommand,
-	echoCommand,
 }
 
 func InitCommand(r *mux.Router) {
 	l4g.Debug("Initializing command api routes")
 	r.Handle("/command", ApiUserRequired(command)).Methods("POST")
+
+	if utils.Cfg.TeamSettings.AllowValet {
+		commands = append(commands, echoCommand)
+	}
+
 	hub.Start()
 }
 
diff --git a/api/post.go b/api/post.go
index 25a68304d..36607c231 100644
--- a/api/post.go
+++ b/api/post.go
@@ -58,6 +58,12 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func createValetPost(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !utils.Cfg.TeamSettings.AllowValet {
+		c.Err = model.NewAppError("createValetPost", "The valet feature is currently turned off. Please contact your system administrator for details.", "")
+		c.Err.StatusCode = http.StatusNotImplemented
+		return
+	}
+
 	post := model.PostFromJson(r.Body)
 	if post == nil {
 		c.SetInvalidParam("createValetPost", "post")
diff --git a/api/post_test.go b/api/post_test.go
index 4b40bc06a..b322a5017 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -147,62 +147,70 @@ func TestCreateValetPost(t *testing.T) {
 	channel2 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
 	channel2 = Client.Must(Client.CreateChannel(channel2)).Data.(*model.Channel)
 
-	post1 := &model.Post{ChannelId: channel1.Id, Message: "#hashtag a" + model.NewId() + "a"}
-	rpost1, err := Client.CreateValetPost(post1)
-	if err != nil {
-		t.Fatal(err)
-	}
+	if utils.Cfg.TeamSettings.AllowValet {
+		post1 := &model.Post{ChannelId: channel1.Id, Message: "#hashtag a" + model.NewId() + "a"}
+		rpost1, err := Client.CreateValetPost(post1)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	if rpost1.Data.(*model.Post).Message != post1.Message {
-		t.Fatal("message didn't match")
-	}
+		if rpost1.Data.(*model.Post).Message != post1.Message {
+			t.Fatal("message didn't match")
+		}
 
-	if rpost1.Data.(*model.Post).Hashtags != "#hashtag" {
-		t.Fatal("hashtag didn't match")
-	}
+		if rpost1.Data.(*model.Post).Hashtags != "#hashtag" {
+			t.Fatal("hashtag didn't match")
+		}
 
-	post2 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", RootId: rpost1.Data.(*model.Post).Id}
-	rpost2, err := Client.CreateValetPost(post2)
-	if err != nil {
-		t.Fatal(err)
-	}
+		post2 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", RootId: rpost1.Data.(*model.Post).Id}
+		rpost2, err := Client.CreateValetPost(post2)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	post3 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", RootId: rpost1.Data.(*model.Post).Id, ParentId: rpost2.Data.(*model.Post).Id}
-	_, err = Client.CreateValetPost(post3)
-	if err != nil {
-		t.Fatal(err)
-	}
+		post3 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", RootId: rpost1.Data.(*model.Post).Id, ParentId: rpost2.Data.(*model.Post).Id}
+		_, err = Client.CreateValetPost(post3)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	post4 := &model.Post{ChannelId: "junk", Message: "a" + model.NewId() + "a"}
-	_, err = Client.CreateValetPost(post4)
-	if err.StatusCode != http.StatusForbidden {
-		t.Fatal("Should have been forbidden")
-	}
+		post4 := &model.Post{ChannelId: "junk", Message: "a" + model.NewId() + "a"}
+		_, err = Client.CreateValetPost(post4)
+		if err.StatusCode != http.StatusForbidden {
+			t.Fatal("Should have been forbidden")
+		}
 
-	Client.LoginByEmail(team.Domain, user2.Email, "pwd")
-	post5 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
-	_, err = Client.CreateValetPost(post5)
-	if err != nil {
-		t.Fatal(err)
-	}
+		Client.LoginByEmail(team.Domain, user2.Email, "pwd")
+		post5 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+		_, err = Client.CreateValetPost(post5)
+		if err != nil {
+			t.Fatal(err)
+		}
 
-	user3 := &model.User{TeamId: team2.Id, Email: model.NewId() + "corey@test.com", FullName: "Corey Hulen", Password: "pwd"}
-	user3 = Client.Must(Client.CreateUser(user3, "")).Data.(*model.User)
-	Srv.Store.User().VerifyEmail(user3.Id)
+		user3 := &model.User{TeamId: team2.Id, Email: model.NewId() + "corey@test.com", FullName: "Corey Hulen", Password: "pwd"}
+		user3 = Client.Must(Client.CreateUser(user3, "")).Data.(*model.User)
+		Srv.Store.User().VerifyEmail(user3.Id)
 
-	Client.LoginByEmail(team2.Domain, user3.Email, "pwd")
+		Client.LoginByEmail(team2.Domain, user3.Email, "pwd")
 
-	channel3 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team2.Id}
-	channel3 = Client.Must(Client.CreateChannel(channel3)).Data.(*model.Channel)
+		channel3 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team2.Id}
+		channel3 = Client.Must(Client.CreateChannel(channel3)).Data.(*model.Channel)
 
-	post6 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
-	_, err = Client.CreateValetPost(post6)
-	if err.StatusCode != http.StatusForbidden {
-		t.Fatal("Should have been forbidden")
-	}
+		post6 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+		_, err = Client.CreateValetPost(post6)
+		if err.StatusCode != http.StatusForbidden {
+			t.Fatal("Should have been forbidden")
+		}
 
-	if _, err = Client.DoPost("/channels/"+channel3.Id+"/create", "garbage"); err == nil {
-		t.Fatal("should have been an error")
+		if _, err = Client.DoPost("/channels/"+channel3.Id+"/create", "garbage"); err == nil {
+			t.Fatal("should have been an error")
+		}
+	} else {
+		post1 := &model.Post{ChannelId: channel1.Id, Message: "#hashtag a" + model.NewId() + "a"}
+		_, err := Client.CreateValetPost(post1)
+		if err.StatusCode != http.StatusNotImplemented {
+			t.Fatal("Should have failed with 501 - Not Implemented")
+		}
 	}
 }
 
diff --git a/api/team.go b/api/team.go
index b04d8c588..cb60602c6 100644
--- a/api/team.go
+++ b/api/team.go
@@ -157,9 +157,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		CreateValet(c, rteam)
-		if c.Err != nil {
-			return
+		if utils.Cfg.TeamSettings.AllowValet {
+			CreateValet(c, rteam)
+			if c.Err != nil {
+				return
+			}
 		}
 
 		InviteMembers(rteam, ruser, teamSignup.Invites)
diff --git a/api/user.go b/api/user.go
index c0ebc05e0..83e29b28e 100644
--- a/api/user.go
+++ b/api/user.go
@@ -145,6 +145,10 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func CreateValet(c *Context, team *model.Team) *model.User {
+	if !utils.Cfg.TeamSettings.AllowValet {
+		return &model.User{}
+	}
+
 	valet := &model.User{}
 	valet.TeamId = team.Id
 	valet.Email = utils.Cfg.EmailSettings.FeedbackEmail
diff --git a/config/config.json b/config/config.json
index 4eab907f7..a6c79efac 100644
--- a/config/config.json
+++ b/config/config.json
@@ -72,6 +72,7 @@
     "TeamSettings": {
         "MaxUsersPerTeam": 150,
         "AllowPublicLink": true,
+        "AllowValet": false,
         "TermsLink": "/static/help/configure_links.html",
         "PrivacyLink": "/static/help/configure_links.html",
         "AboutLink": "/static/help/configure_links.html",
diff --git a/utils/config.go b/utils/config.go
index b6688de68..1060c7550 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -96,6 +96,7 @@ type PrivacySettings struct {
 type TeamSettings struct {
 	MaxUsersPerTeam   int
 	AllowPublicLink   bool
+	AllowValet        bool
 	TermsLink         string
 	PrivacyLink       string
 	AboutLink         string