diff options
author | Harshil Sharma <harshil.sharma@joshtechnologygroup.com> | 2018-10-05 14:26:01 +0000 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2018-10-05 15:26:01 +0100 |
commit | ee1700d6b2453fd2b4aaf236123ec383cbbdff8b (patch) | |
tree | d704187af3b84a35b2a35d5d306094061a069ae1 | |
parent | 69e10651c97c7d7b30aa69a0155c8d3293e2b9bd (diff) | |
download | chat-ee1700d6b2453fd2b4aaf236123ec383cbbdff8b.tar.gz chat-ee1700d6b2453fd2b4aaf236123ec383cbbdff8b.tar.bz2 chat-ee1700d6b2453fd2b4aaf236123ec383cbbdff8b.zip |
#MM-12130 Added permission check for createServiceTerms API (#9556)
* #MM-12130 changes for custom service terms
* Fixed styling
* Added getServiceTerms API
* removed unnecessary panic
* removed custom service terms text from flat config
* reverted user sql store as those changes are no longer needed
* added tests
* Updated a config key to be more standard
* Added copyright info
* Loading service terms only if the feature is enabled
* Loading service terms only if the feature is enabled
* removed unused index
* added createservice termns API
* made a param to bool instead of string
* added createservice termns API
* review fixes
* fixed styling
* Minor refactoring
* removed saveConfig and loadConfig magic
* added empty service terms text check to createServiceTerms API
* refactoed some urls to be terms_of_service instead of service_terms
* removed check for support settings
* changed URLs in tests
* removed unused code
* fixed a bug
* added service termd id in conif
* fixed a test
* review fixes
* minor fixes
* Fixed TestCreateServiceTerms
* Fix incorrect key in en.json and changes some translations from service terms to terms of service
* Improved translated messages
* Added permission check in createServiceTerms API
-rw-r--r-- | api4/service_terms.go | 5 | ||||
-rw-r--r-- | api4/service_terms_test.go | 17 |
2 files changed, 18 insertions, 4 deletions
diff --git a/api4/service_terms.go b/api4/service_terms.go index 549bad0a1..ff953102d 100644 --- a/api4/service_terms.go +++ b/api4/service_terms.go @@ -25,6 +25,11 @@ func getServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) { } func createServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + if license := c.App.License(); license == nil || !*license.Features.CustomTermsOfService { c.Err = model.NewAppError("createServiceTerms", "api.create_service_terms.custom_service_terms_disabled.app_error", nil, "", http.StatusBadRequest) return diff --git a/api4/service_terms_test.go b/api4/service_terms_test.go index 693388376..607c104a6 100644 --- a/api4/service_terms_test.go +++ b/api4/service_terms_test.go @@ -30,15 +30,24 @@ func TestCreateServiceTerms(t *testing.T) { defer th.TearDown() Client := th.Client - serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id) + _, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id) + CheckErrorMessage(t, resp, "api.context.permissions.app_error") +} + +func TestCreateServiceTermsAdminUser(t *testing.T) { + th := Setup().InitSystemAdmin() + defer th.TearDown() + Client := th.SystemAdminClient + + serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.SystemAdminUser.Id) CheckErrorMessage(t, resp, "api.create_service_terms.custom_service_terms_disabled.app_error") th.App.SetLicense(model.NewTestLicense("EnableCustomServiceTerms")) - serviceTerms, resp = Client.CreateServiceTerms("service terms new", th.BasicUser.Id) + serviceTerms, resp = Client.CreateServiceTerms("service terms new_2", th.SystemAdminUser.Id) CheckNoError(t, resp) assert.NotEmpty(t, serviceTerms.Id) assert.NotEmpty(t, serviceTerms.CreateAt) - assert.Equal(t, "service terms new", serviceTerms.Text) - assert.Equal(t, th.BasicUser.Id, serviceTerms.UserId) + assert.Equal(t, "service terms new_2", serviceTerms.Text) + assert.Equal(t, th.SystemAdminUser.Id, serviceTerms.UserId) } |