Merge branch 'release-3.9' into merge-3.9

author: JoramWilander <jwawilander@gmail.com> 2017-05-12 08:00:28 -0400
committer: JoramWilander <jwawilander@gmail.com> 2017-05-12 08:00:28 -0400
commit: 9d109b070037951fcd0832b785eba8a3db9a157c (patch)
tree: 5d109da2e9e088f16eff0ad1421876a3d3da412e /api4
parent: b1c39204a63a87d2cbc57f66cf9db50c938b2ee5 (diff)
parent: a21a06afd9907e9911dcb166d902cba9f405c7cb (diff)
download: chat-9d109b070037951fcd0832b785eba8a3db9a157c.tar.gz
chat-9d109b070037951fcd0832b785eba8a3db9a157c.tar.bz2
chat-9d109b070037951fcd0832b785eba8a3db9a157c.zip
4 files changed, 34 insertions, 11 deletions
diff --git a/api4/channel.go b/api4/channel.go
index 69cc0953e..e02b2677c 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -260,7 +260,7 @@ func createGroupChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if groupChannel, err := app.CreateGroupChannel(userIds); err != nil {
+	if groupChannel, err := app.CreateGroupChannel(userIds, c.Session.UserId); err != nil {
 		c.Err = err
 		return
 	} else {
@@ -377,7 +377,7 @@ func getPublicChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	if channels, err := app.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page, c.Params.PerPage); err != nil {
+	if channels, err := app.GetPublicChannelsForTeam(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil {
 		c.Err = err
 		return
 	} else {
@@ -503,14 +503,23 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
+	var memberCount int64
+	if memberCount, err = app.GetChannelMemberCount(c.Params.ChannelId); err != nil {
+		c.Err = err
 		return
 	}
 
-	if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
-		return
+	// Allow delete if user is the only member left in channel
+	if memberCount > 1 {
+		if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
+			c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
+			return
+		}
+
+		if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
+			c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
+			return
+		}
 	}
 
 	err = app.DeleteChannel(channel, c.Session.UserId)
diff --git a/api4/channel_test.go b/api4/channel_test.go
index c1eb2a806..b4f08dc37 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -1055,6 +1055,16 @@ func TestDeleteChannel(t *testing.T) {
 
 	_, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id)
 	CheckNoError(t, resp)
+
+	// last member of a channel should be able to delete it regardless of required permissions
+	publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN)
+	privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
+
+	_, resp = Client.DeleteChannel(publicChannel6.Id)
+	CheckNoError(t, resp)
+
+	_, resp = Client.DeleteChannel(privateChannel7.Id)
+	CheckNoError(t, resp)
 }
 
 func TestGetChannelByName(t *testing.T) {
diff --git a/api4/context.go b/api4/context.go
index 32db0ed7d..37af2c6d4 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -271,9 +271,13 @@ func (c *Context) MfaRequired() {
 			return
 		}
 
+		// Special case to let user get themself
+		if c.Path == "/api/v4/users/me" {
+			return
+		}
+
 		if !user.MfaActive {
-			c.Err = model.NewLocAppError("", "api.context.mfa_required.app_error", nil, "MfaRequired")
-			c.Err.StatusCode = http.StatusUnauthorized
+			c.Err = model.NewAppError("", "api.context.mfa_required.app_error", nil, "MfaRequired", http.StatusForbidden)
 			return
 		}
 	}
diff --git a/api4/user.go b/api4/user.go
index 1436808cd..d06dd2882 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -41,8 +41,8 @@ func InitUser() {
 	BaseRoutes.Users.Handle("/email/verify/send", ApiHandler(sendVerificationEmail)).Methods("POST")
 
 	BaseRoutes.Users.Handle("/mfa", ApiHandler(checkUserMfa)).Methods("POST")
-	BaseRoutes.User.Handle("/mfa", ApiSessionRequired(updateUserMfa)).Methods("PUT")
-	BaseRoutes.User.Handle("/mfa/generate", ApiSessionRequired(generateMfaSecret)).Methods("POST")
+	BaseRoutes.User.Handle("/mfa", ApiSessionRequiredMfa(updateUserMfa)).Methods("PUT")
+	BaseRoutes.User.Handle("/mfa/generate", ApiSessionRequiredMfa(generateMfaSecret)).Methods("POST")
 
 	BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST")
 	BaseRoutes.Users.Handle("/login/switch", ApiHandler(switchAccountType)).Methods("POST")
author	JoramWilander <jwawilander@gmail.com>	2017-05-12 08:00:28 -0400
committer	JoramWilander <jwawilander@gmail.com>	2017-05-12 08:00:28 -0400
commit	9d109b070037951fcd0832b785eba8a3db9a157c (patch)
tree	5d109da2e9e088f16eff0ad1421876a3d3da412e /api4
parent	b1c39204a63a87d2cbc57f66cf9db50c938b2ee5 (diff)
parent	a21a06afd9907e9911dcb166d902cba9f405c7cb (diff)
download	chat-9d109b070037951fcd0832b785eba8a3db9a157c.tar.gz chat-9d109b070037951fcd0832b785eba8a3db9a157c.tar.bz2 chat-9d109b070037951fcd0832b785eba8a3db9a157c.zip