MM-8853: Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS permissions (#8860)

* MM-8853: Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS permissions * MM-8853: Removing unnecesary emoji enterprise feature * Create emojis migration * Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS always to system admins * Simplifing permissions checks * Revert "Simplifing permissions checks" This reverts commit e2cafc1905fc9e20125dd9a1552d2d0c7340ae59.
author: Jesús Espino <jespinog@gmail.com> 2018-05-29 16:58:12 +0200
committer: George Goldberg <george@gberg.me> 2018-05-29 15:58:12 +0100
commit: e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8 (patch)
tree: 480a5b91b37e2728ea151e3b7ad521aaf4402697 /api4/emoji_test.go
parent: bf4cefc3496686850757b2d44219ea2425871dda (diff)
download: chat-e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8.tar.gz
chat-e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8.tar.bz2
chat-e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8.zip
1 files changed, 121 insertions, 3 deletions
diff --git a/api4/emoji_test.go b/api4/emoji_test.go
index 39da4aaef..cb6398312 100644
--- a/api4/emoji_test.go
+++ b/api4/emoji_test.go
@@ -26,6 +26,11 @@ func TestCreateEmoji(t *testing.T) {
 	}()
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCustomEmoji = false })
 
+	defaultRolePermissions := th.SaveDefaultRolePermissions()
+	defer func() {
+		th.RestoreDefaultRolePermissions(defaultRolePermissions)
+	}()
+
 	emoji := &model.Emoji{
 		CreatorId: th.BasicUser.Id,
 		Name:      model.NewId(),
@@ -141,6 +146,28 @@ func TestCreateEmoji(t *testing.T) {
 
 	_, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
 	CheckForbiddenStatus(t, resp)
+
+	// try to create an emoji without permissions
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+
+	emoji = &model.Emoji{
+		CreatorId: th.BasicUser.Id,
+		Name:      model.NewId(),
+	}
+
+	_, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckForbiddenStatus(t, resp)
+
+	// create an emoji with permissions in one team
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.TEAM_USER_ROLE_ID)
+
+	emoji = &model.Emoji{
+		CreatorId: th.BasicUser.Id,
+		Name:      model.NewId(),
+	}
+
+	_, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckNoError(t, resp)
 }
 
 func TestGetEmojiList(t *testing.T) {
@@ -186,7 +213,7 @@ func TestGetEmojiList(t *testing.T) {
 			}
 		}
 		if !found {
-			t.Fatalf("failed to get emoji with id %v", emoji.Id)
+			t.Fatalf("failed to get emoji with id %v, %v", emoji.Id, len(listEmoji))
 		}
 	}
 
@@ -231,6 +258,11 @@ func TestDeleteEmoji(t *testing.T) {
 	}()
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCustomEmoji = true })
 
+	defaultRolePermissions := th.SaveDefaultRolePermissions()
+	defer func() {
+		th.RestoreDefaultRolePermissions(defaultRolePermissions)
+	}()
+
 	emoji := &model.Emoji{
 		CreatorId: th.BasicUser.Id,
 		Name:      model.NewId(),
@@ -277,14 +309,100 @@ func TestDeleteEmoji(t *testing.T) {
 	_, resp = Client.DeleteEmoji("")
 	CheckNotFoundStatus(t, resp)
 
-	//Try to delete other user's custom emoji
+	//Try to delete my custom emoji without permissions
+	newEmoji, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckNoError(t, resp)
+
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	_, resp = Client.DeleteEmoji(newEmoji.Id)
+	CheckForbiddenStatus(t, resp)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+
+	//Try to delete other user's custom emoji without MANAGE_EMOJIS permissions
+	emoji = &model.Emoji{
+		CreatorId: th.BasicUser.Id,
+		Name:      model.NewId(),
+	}
+
 	newEmoji, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
 	CheckNoError(t, resp)
 
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
 	Client.Logout()
 	th.LoginBasic2()
 	ok, resp = Client.DeleteEmoji(newEmoji.Id)
-	CheckUnauthorizedStatus(t, resp)
+	CheckForbiddenStatus(t, resp)
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	Client.Logout()
+	th.LoginBasic()
+
+	//Try to delete other user's custom emoji without MANAGE_OTHERS_EMOJIS permissions
+	emoji = &model.Emoji{
+		CreatorId: th.BasicUser.Id,
+		Name:      model.NewId(),
+	}
+
+	newEmoji, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckNoError(t, resp)
+
+	Client.Logout()
+	th.LoginBasic2()
+	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+	CheckForbiddenStatus(t, resp)
+	Client.Logout()
+	th.LoginBasic()
+
+	//Try to delete other user's custom emoji with permissions
+	emoji = &model.Emoji{
+		CreatorId: th.BasicUser.Id,
+		Name:      model.NewId(),
+	}
+
+	newEmoji, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckNoError(t, resp)
+
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	Client.Logout()
+	th.LoginBasic2()
+	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+	CheckNoError(t, resp)
+
+	Client.Logout()
+	th.LoginBasic()
+
+	//Try to delete my custom emoji with permissions at team level
+	newEmoji, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckNoError(t, resp)
+
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.TEAM_USER_ROLE_ID)
+	_, resp = Client.DeleteEmoji(newEmoji.Id)
+	CheckNoError(t, resp)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.TEAM_USER_ROLE_ID)
+
+	//Try to delete other user's custom emoji with permissions at team level
+	emoji = &model.Emoji{
+		CreatorId: th.BasicUser.Id,
+		Name:      model.NewId(),
+	}
+
+	newEmoji, resp = Client.CreateEmoji(emoji, utils.CreateTestGif(t, 10, 10), "image.gif")
+	CheckNoError(t, resp)
+
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.TEAM_USER_ROLE_ID)
+	th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.TEAM_USER_ROLE_ID)
+
+	Client.Logout()
+	th.LoginBasic2()
+	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+	CheckNoError(t, resp)
 }
 
 func TestGetEmoji(t *testing.T) {
author	Jesús Espino <jespinog@gmail.com>	2018-05-29 16:58:12 +0200
committer	George Goldberg <george@gberg.me>	2018-05-29 15:58:12 +0100
commit	e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8 (patch)
tree	480a5b91b37e2728ea151e3b7ad521aaf4402697 /api4/emoji_test.go
parent	bf4cefc3496686850757b2d44219ea2425871dda (diff)
download	chat-e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8.tar.gz chat-e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8.tar.bz2 chat-e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8.zip