PLT-2713 Added ability for admins to list users not in any team (#5844)

* PLT-2713 Added ability for admins to list users not in any team

* Updated style of unit test

2 files changed, 60 insertions, 1 deletions

diff --git a/api4/user.go b/api4/user.go
index 298c5cc8d..e4595ee54 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -269,6 +269,7 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
 	notInTeamId := r.URL.Query().Get("not_in_team")
 	inChannelId := r.URL.Query().Get("in_channel")
 	notInChannelId := r.URL.Query().Get("not_in_channel")
+	withoutTeam := r.URL.Query().Get("without_team")
 
 	if len(notInChannelId) > 0 && len(inTeamId) == 0 {
 		c.SetInvalidParam("team_id")
@@ -279,7 +280,15 @@ func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
 	var err *model.AppError
 	etag := ""
 
-	if len(notInChannelId) > 0 {
+	if withoutTeamBool, err := strconv.ParseBool(withoutTeam); err == nil && withoutTeamBool {
+		// Use a special permission for now
+		if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_LIST_USERS_WITHOUT_TEAM) {
+			c.SetPermissionError(model.PERMISSION_LIST_USERS_WITHOUT_TEAM)
+			return
+		}
+
+		profiles, err = app.GetUsersWithoutTeamPage(c.Params.Page, c.Params.PerPage, c.IsSystemAdmin())
+	} else if len(notInChannelId) > 0 {
 		if !app.SessionHasPermissionToChannel(c.Session, notInChannelId, model.PERMISSION_READ_CHANNEL) {
 			c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 			return
diff --git a/api4/user_test.go b/api4/user_test.go
index f6561310b..21b240957 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -851,6 +851,56 @@ func TestGetUsers(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 }
 
+func TestGetUsersWithoutTeam(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+	SystemAdminClient := th.SystemAdminClient
+
+	if _, resp := Client.GetUsersWithoutTeam(0, 100, ""); resp.Error == nil {
+		t.Fatal("should prevent non-admin user from getting users without a team")
+	}
+
+	// These usernames need to appear in the first 100 users for this to work
+
+	user, resp := Client.CreateUser(&model.User{
+		Username: "a000000000" + model.NewId(),
+		Email:    "success+" + model.NewId() + "@simulator.amazonses.com",
+		Password: "Password1",
+	})
+	CheckNoError(t, resp)
+	LinkUserToTeam(user, th.BasicTeam)
+	defer app.Srv.Store.User().PermanentDelete(user.Id)
+
+	user2, resp := Client.CreateUser(&model.User{
+		Username: "a000000001" + model.NewId(),
+		Email:    "success+" + model.NewId() + "@simulator.amazonses.com",
+		Password: "Password1",
+	})
+	CheckNoError(t, resp)
+	defer app.Srv.Store.User().PermanentDelete(user2.Id)
+
+	rusers, resp := SystemAdminClient.GetUsersWithoutTeam(0, 100, "")
+	CheckNoError(t, resp)
+
+	found1 := false
+	found2 := false
+
+	for _, u := range rusers {
+		if u.Id == user.Id {
+			found1 = true
+		} else if u.Id == user2.Id {
+			found2 = true
+		}
+	}
+
+	if found1 {
+		t.Fatal("shouldn't have returned user that has a team")
+	} else if !found2 {
+		t.Fatal("should've returned user that has no teams")
+	}
+}
+
 func TestGetUsersInTeam(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer TearDown()