diff options
author | George Goldberg <george@gberg.me> | 2017-04-03 18:13:28 +0100 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-03 13:13:28 -0400 |
commit | e49f5928c55ba57c39efa11c568c66342b962aae (patch) | |
tree | c3199ea07e1c17aebdd77d53ad1397b469a0f963 /api/channel_test.go | |
parent | 232a99f0c7b9364cb4386264f9ff7f97549a4378 (diff) | |
download | chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.gz chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.bz2 chat-e49f5928c55ba57c39efa11c568c66342b962aae.zip |
PLT-6139 (Server): Private Channel member managing (#5941)
Adds an EE policy feature to allow restricting system-wide which level of
Admins can manage the membership of private channels.
Diffstat (limited to 'api/channel_test.go')
-rw-r--r-- | api/channel_test.go | 222 |
1 files changed, 220 insertions, 2 deletions
diff --git a/api/channel_test.go b/api/channel_test.go index bace5df5c..23705f172 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -1532,9 +1532,10 @@ func TestGetChannelStats(t *testing.T) { } func TestAddChannelMember(t *testing.T) { - th := Setup().InitBasic() + th := Setup().InitBasic().InitSystemAdmin() Client := th.BasicClient team := th.BasicTeam + user1 := th.BasicUser user2 := th.BasicUser2 user3 := th.CreateUser(Client) @@ -1581,12 +1582,118 @@ func TestAddChannelMember(t *testing.T) { if _, err := Client.AddChannelMember(channel1.Id, user3.Id); err == nil { t.Fatal("Should have errored, user not on team") } + + // Test policy does not apply to TE. + restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers + defer func() { + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = restrictPrivateChannel + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.SetDefaultRolesBasedOnConfig() + + channel3 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel3 = Client.Must(th.SystemAdminClient.CreateChannel(channel3)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel3.Id, user1.Id)) + if _, err := Client.AddChannelMember(channel3.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Add a license + isLicensed := utils.IsLicensed + license := utils.License + defer func() { + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + // Check that a regular channel user can add other users. + channel4 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel4 = Client.Must(th.SystemAdminClient.CreateChannel(channel4)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel4.Id, user1.Id)) + if _, err := Client.AddChannelMember(channel4.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Test with CHANNEL_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + channel5 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel5 = Client.Must(th.SystemAdminClient.CreateChannel(channel5)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel5.Id, user1.Id)) + if _, err := Client.AddChannelMember(channel5.Id, user2.Id); err == nil { + t.Fatal("Should have failed due to permissions") + } + + MakeUserChannelAdmin(user1, channel5) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + if _, err := Client.AddChannelMember(channel5.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Test with TEAM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + channel6 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel6 = Client.Must(th.SystemAdminClient.CreateChannel(channel6)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel6.Id, user1.Id)) + if _, err := Client.AddChannelMember(channel6.Id, user2.Id); err == nil { + t.Fatal("Should have failed due to permissions") + } + + UpdateUserToTeamAdmin(user1, team) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + if _, err := Client.AddChannelMember(channel6.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Test with SYSTEM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + channel7 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel7 = Client.Must(th.SystemAdminClient.CreateChannel(channel7)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel7.Id, user1.Id)) + if _, err := Client.AddChannelMember(channel7.Id, user2.Id); err == nil { + t.Fatal("Should have failed due to permissions") + } + + if _, err := th.SystemAdminClient.AddChannelMember(channel7.Id, user2.Id); err != nil { + t.Fatal(err) + } } func TestRemoveChannelMember(t *testing.T) { - th := Setup().InitBasic() + th := Setup().InitBasic().InitSystemAdmin() Client := th.BasicClient team := th.BasicTeam + user1 := th.BasicUser user2 := th.BasicUser2 UpdateUserToTeamAdmin(user2, team) @@ -1646,6 +1753,117 @@ func TestRemoveChannelMember(t *testing.T) { if _, err := Client.RemoveChannelMember(townSquare.Id, userStd.Id); err == nil { t.Fatal("should have errored, channel is default") } + + th.LoginBasic() + + // Test policy does not apply to TE. + restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers + defer func() { + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = restrictPrivateChannel + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.SetDefaultRolesBasedOnConfig() + + channel3 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel3 = Client.Must(th.SystemAdminClient.CreateChannel(channel3)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel3.Id, user1.Id)) + Client.Must(th.SystemAdminClient.AddChannelMember(channel3.Id, user2.Id)) + if _, err := Client.RemoveChannelMember(channel3.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Add a license + isLicensed := utils.IsLicensed + license := utils.License + defer func() { + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + // Check that a regular channel user can remove other users. + channel4 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel4 = Client.Must(th.SystemAdminClient.CreateChannel(channel4)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel4.Id, user1.Id)) + Client.Must(th.SystemAdminClient.AddChannelMember(channel4.Id, user2.Id)) + if _, err := Client.RemoveChannelMember(channel4.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Test with CHANNEL_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + channel5 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel5 = Client.Must(th.SystemAdminClient.CreateChannel(channel5)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel5.Id, user1.Id)) + Client.Must(th.SystemAdminClient.AddChannelMember(channel5.Id, user2.Id)) + if _, err := Client.RemoveChannelMember(channel5.Id, user2.Id); err == nil { + t.Fatal("Should have failed due to permissions") + } + + MakeUserChannelAdmin(user1, channel5) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + + if _, err := Client.RemoveChannelMember(channel5.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Test with TEAM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + channel6 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel6 = Client.Must(th.SystemAdminClient.CreateChannel(channel6)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel6.Id, user1.Id)) + Client.Must(th.SystemAdminClient.AddChannelMember(channel6.Id, user2.Id)) + if _, err := Client.RemoveChannelMember(channel6.Id, user2.Id); err == nil { + t.Fatal("Should have failed due to permissions") + } + + UpdateUserToTeamAdmin(user1, team) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + if _, err := Client.RemoveChannelMember(channel6.Id, user2.Id); err != nil { + t.Fatal(err) + } + + // Test with SYSTEM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + channel7 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id} + channel7 = Client.Must(th.SystemAdminClient.CreateChannel(channel7)).Data.(*model.Channel) + Client.Must(th.SystemAdminClient.AddChannelMember(channel7.Id, user1.Id)) + Client.Must(th.SystemAdminClient.AddChannelMember(channel7.Id, user2.Id)) + if _, err := Client.RemoveChannelMember(channel7.Id, user2.Id); err == nil { + t.Fatal("Should have failed due to permissions") + } + + if _, err := th.SystemAdminClient.RemoveChannelMember(channel7.Id, user2.Id); err != nil { + t.Fatal(err) + } } func TestUpdateNotifyProps(t *testing.T) { |