diff options
author | Joram Wilander <jwawilander@gmail.com> | 2016-06-15 08:00:55 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-06-15 08:00:55 -0400 |
commit | 1cfb35fd32478917ddf8becb7e438280db19d66a (patch) | |
tree | b5f0e3157201767f2fd7df87be73617034f35a42 | |
parent | f6b4a611d0ef28d5f08959a51c31ad480df1883a (diff) | |
download | chat-1cfb35fd32478917ddf8becb7e438280db19d66a.tar.gz chat-1cfb35fd32478917ddf8becb7e438280db19d66a.tar.bz2 chat-1cfb35fd32478917ddf8becb7e438280db19d66a.zip |
Fix channels showing up across teams when multiple teams open in same browser (#3329)
-rw-r--r-- | api/channel.go | 5 | ||||
-rw-r--r-- | api/channel_test.go | 6 | ||||
-rw-r--r-- | i18n/en.json | 4 | ||||
-rw-r--r-- | webapp/actions/websocket_actions.jsx | 4 |
4 files changed, 18 insertions, 1 deletions
diff --git a/api/channel.go b/api/channel.go index e0428f311..c4a5eae96 100644 --- a/api/channel.go +++ b/api/channel.go @@ -784,6 +784,11 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { member := cmresult.Data.(model.ChannelMember) data.Member = &member + if data.Channel.TeamId != c.TeamId { + c.Err = model.NewLocAppError("getChannel", "api.channel.get_channel.wrong_team.app_error", map[string]interface{}{"ChannelId": id, "TeamId": c.TeamId}, "") + return + } + if HandleEtag(data.Etag(), w, r) { return } else { diff --git a/api/channel_test.go b/api/channel_test.go index 5c51e4d93..7480dea23 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -320,6 +320,7 @@ func TestGetChannel(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient team := th.BasicTeam + team2 := th.CreateTeam(Client) channel1 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) @@ -370,6 +371,11 @@ func TestGetChannel(t *testing.T) { if _, err := Client.GetChannel("junk", ""); err == nil { t.Fatal("should have failed - bad channel id") } + + Client.SetTeamId(team2.Id) + if _, err := Client.GetChannel(channel2.Id, ""); err == nil { + t.Fatal("should have failed - wrong team") + } } func TestGetMoreChannel(t *testing.T) { diff --git a/i18n/en.json b/i18n/en.json index ddadc6e6f..f83474030 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -204,6 +204,10 @@ "translation": "You do not have the appropriate permissions" }, { + "id": "api.channel.get_channel.wrong_team.app_error", + "translation": "There is no channel with channel_id={{.ChannelId}} on team with team_id={{.TeamId}}" + }, + { "id": "api.channel.get_channel_counts.app_error", "translation": "Unable to get channel counts from the database" }, diff --git a/webapp/actions/websocket_actions.jsx b/webapp/actions/websocket_actions.jsx index ffeb27fb2..7c8a014ba 100644 --- a/webapp/actions/websocket_actions.jsx +++ b/webapp/actions/websocket_actions.jsx @@ -245,7 +245,9 @@ function handleUserRemovedEvent(msg) { function handleChannelViewedEvent(msg) { // Useful for when multiple devices have the app open to different channels - if (ChannelStore.getCurrentId() !== msg.channel_id && UserStore.getCurrentId() === msg.user_id) { + if (TeamStore.getCurrentId() === msg.team_id && + ChannelStore.getCurrentId() !== msg.channel_id && + UserStore.getCurrentId() === msg.user_id) { AsyncClient.getChannel(msg.channel_id); } } |