diff options
author | George Goldberg <george@gberg.me> | 2017-04-03 18:11:12 +0100 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-03 13:11:12 -0400 |
commit | 232a99f0c7b9364cb4386264f9ff7f97549a4378 (patch) | |
tree | 8f90f7e4fae36b7043e6ab360aafe9e0769060ac /api4 | |
parent | da5265681d42549ad9072d762fec67293d742d43 (diff) | |
download | chat-232a99f0c7b9364cb4386264f9ff7f97549a4378.tar.gz chat-232a99f0c7b9364cb4386264f9ff7f97549a4378.tar.bz2 chat-232a99f0c7b9364cb4386264f9ff7f97549a4378.zip |
PLT-6162: Search for users not in a given team. (#5943)
Diffstat (limited to 'api4')
-rw-r--r-- | api4/user.go | 5 | ||||
-rw-r--r-- | api4/user_test.go | 40 |
2 files changed, 45 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index e4595ee54..593d704a5 100644 --- a/api4/user.go +++ b/api4/user.go @@ -397,6 +397,11 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) { return } + if props.NotInTeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.NotInTeamId, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + searchOptions := map[string]bool{} searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive diff --git a/api4/user_test.go b/api4/user_test.go index 220ed124f..b3e4edc3d 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -385,6 +385,45 @@ func TestSearchUsers(t *testing.T) { _, resp = Client.SearchUsers(search) CheckForbiddenStatus(t, resp) + // Test search for users not in any team + search.TeamId = "" + search.NotInChannelId = "" + search.InChannelId = "" + search.NotInTeamId = th.BasicTeam.Id + + users, resp = Client.SearchUsers(search) + CheckNoError(t, resp) + + if findUserInList(th.BasicUser.Id, users) { + t.Fatal("should not have found user") + } + + oddUser := th.CreateUser() + search.Term = oddUser.Username + + users, resp = Client.SearchUsers(search) + CheckNoError(t, resp) + + if !findUserInList(oddUser.Id, users) { + t.Fatal("should have found user") + } + + _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id, "", "", th.BasicTeam.InviteId) + CheckNoError(t, resp) + + users, resp = Client.SearchUsers(search) + CheckNoError(t, resp) + + if findUserInList(oddUser.Id, users) { + t.Fatal("should not have found user") + } + + search.NotInTeamId = model.NewId() + _, resp = Client.SearchUsers(search) + CheckForbiddenStatus(t, resp) + + search.Term = th.BasicUser.Username + emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress namePrivacy := utils.Cfg.PrivacySettings.ShowFullName defer func() { @@ -400,6 +439,7 @@ func TestSearchUsers(t *testing.T) { } search.InChannelId = "" + search.NotInTeamId = "" search.Term = th.BasicUser2.Email users, resp = Client.SearchUsers(search) CheckNoError(t, resp) |