diff options
| author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-07-05 06:32:27 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-07-05 06:32:27 +0800 |
| commit | 8f8a978e84ec8bbeac22928e6112bc697fa7176d (patch) | |
| tree | a82993cfcd1aab059554feeeb1a6256d4640eab4 /api4/channel_test.go | |
| parent | 6d6ed309b9b7f2b77cd013583990c6eb88f18aff (diff) | |
| download | chat-8f8a978e84ec8bbeac22928e6112bc697fa7176d.tar.gz chat-8f8a978e84ec8bbeac22928e6112bc697fa7176d.tar.bz2 chat-8f8a978e84ec8bbeac22928e6112bc697fa7176d.zip | |
[PLT-6838] Restrict channel delete option per permission policy even for last channel member (#6706)
* channel delete option is hidden from the menu unless there is appropriate permissions as set in the policy page
* apply to public channel only and add restriction to API layer
* updated channel deletion
Diffstat (limited to 'api4/channel_test.go')
| -rw-r--r-- | api4/channel_test.go | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/api4/channel_test.go b/api4/channel_test.go index e1b5ee5a7..a1c5d2ad8 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -901,12 +901,14 @@ func TestDeleteChannel(t *testing.T) { Client = th.Client team = th.BasicTeam user = th.BasicUser + user2 = th.BasicUser2 // channels created by SystemAdmin publicChannel6 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN) privateChannel7 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // successful delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -924,6 +926,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // cannot delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -948,6 +951,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // successful delete by team admin UpdateUserToTeamAdmin(user, team) @@ -976,6 +980,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // cannot delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -1017,6 +1022,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // cannot delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -1056,12 +1062,14 @@ func TestDeleteChannel(t *testing.T) { _, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id) CheckNoError(t, resp) - // last member of a channel should be able to delete it regardless of required permissions + // last member of a public channel should have required permission to delete publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN) - privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE) _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckNoError(t, resp) + CheckForbiddenStatus(t, resp) + + // last member of a private channel should be able to delete it regardless of required permissions + privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE) _, resp = Client.DeleteChannel(privateChannel7.Id) CheckNoError(t, resp) |