diff options
| author | George Goldberg <george@gberg.me> | 2017-03-26 14:37:39 +0100 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2017-03-26 09:37:39 -0400 |
| commit | 720ee81113ac7a7dd062271c3d6cdf58ce8e044a (patch) | |
| tree | fd286f5d405b577086abc5d6203dbfe71f2c2435 /api4/team_test.go | |
| parent | 230556f0f7bde3b6ffa2c6cbd3ca7404fcf3023e (diff) | |
| download | chat-720ee81113ac7a7dd062271c3d6cdf58ce8e044a.tar.gz chat-720ee81113ac7a7dd062271c3d6cdf58ce8e044a.tar.bz2 chat-720ee81113ac7a7dd062271c3d6cdf58ce8e044a.zip | |
PLT-6063: AddUserToTeam permission depends on policy. (#5869)
Uses same policy setting as InviteUserToTeam.
Diffstat (limited to 'api4/team_test.go')
| -rw-r--r-- | api4/team_test.go | 90 |
1 files changed, 86 insertions, 4 deletions
diff --git a/api4/team_test.go b/api4/team_test.go index 36d6df147..40f5ec778 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -9,6 +9,7 @@ import ( "strconv" "testing" + "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" ) @@ -617,12 +618,25 @@ func TestAddTeamMember(t *testing.T) { team := th.BasicTeam otherUser := th.CreateUser() - // by user_id - th.LoginTeamAdmin() + if err := app.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id); err != nil { + t.Fatalf(err.Error()) + } + // Regular user can't add a member to a team they don't belong to. + th.LoginBasic2() tm, resp := Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckForbiddenStatus(t, resp) + if resp.Error == nil { + t.Fatalf("ERror is nhul") + } + Client.Logout() + + // Regular user can add a member to a team they belong to. + th.LoginBasic() + tm, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") CheckNoError(t, resp) + // Check all the returned data. if tm == nil { t.Fatal("should have returned team member") } @@ -635,6 +649,7 @@ func TestAddTeamMember(t *testing.T) { t.Fatal("team ids should have matched") } + // Check with various invalid requests. tm, resp = Client.AddTeamMember(team.Id, "junk", "", "", "") CheckBadRequestStatus(t, resp) @@ -651,19 +666,86 @@ func TestAddTeamMember(t *testing.T) { _, resp = Client.AddTeamMember(team.Id, GenerateTestId(), "", "", "") CheckNotFoundStatus(t, resp) + Client.Logout() + + // Check effects of config and license changes. + restrictTeamInvite := *utils.Cfg.TeamSettings.RestrictTeamInvite + isLicensed := utils.IsLicensed + license := utils.License + defer func() { + *utils.Cfg.TeamSettings.RestrictTeamInvite = restrictTeamInvite + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + }() + + // Set the config so that only team admins can add a user to a team. + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + + // Test without the EE license to see that the permission restriction is ignored. + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckNoError(t, resp) + + // Add an EE license. + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() th.LoginBasic() + // Check that a regular user can't add someone to the team. _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") CheckForbiddenStatus(t, resp) - Client.Logout() + // Update user to team admin + UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) + app.InvalidateAllCaches() + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + // Should work as a team admin. _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") - CheckUnauthorizedStatus(t, resp) + CheckNoError(t, resp) + + // Change permission level to System Admin + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_SYSTEM_ADMIN + utils.SetDefaultRolesBasedOnConfig() + + // Should not work as team admin. + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckForbiddenStatus(t, resp) + // Should work as system admin. _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id, "", "", "") CheckNoError(t, resp) + // Change permission level to All + UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) + app.InvalidateAllCaches() + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_ALL + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + + // Should work as a regular user. + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckNoError(t, resp) + + // Reset config and license. + *utils.Cfg.TeamSettings.RestrictTeamInvite = restrictTeamInvite + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + // by hash and data Client.Login(otherUser.Email, otherUser.Password) |