diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2018-02-13 11:08:49 -0500 |
|---|---|---|
| committer | Martin Kraft <martinkraft@gmail.com> | 2018-02-13 14:05:18 -0500 |
| commit | a43928cca82c718dd378961102a3766b3e354ac8 (patch) | |
| tree | ef88b58fbe671be78472120ac6372e0b15890f55 /api4 | |
| parent | 0663f5f88d8a2945178c521884a5323d6fac14ee (diff) | |
| download | chat-a43928cca82c718dd378961102a3766b3e354ac8.tar.gz chat-a43928cca82c718dd378961102a3766b3e354ac8.tar.bz2 chat-a43928cca82c718dd378961102a3766b3e354ac8.zip | |
ABC-176 Prevent changing PluginSettings.EnableUploads through the API (#8249)
* Prevent changing PluginSettings.EnableUploads through the API
* Contain api4 test case in it's own test
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/system.go | 3 | ||||
| -rw-r--r-- | api4/system_test.go | 22 |
2 files changed, 23 insertions, 2 deletions
diff --git a/api4/system.go b/api4/system.go index 061ffe094..2355cb476 100644 --- a/api4/system.go +++ b/api4/system.go @@ -121,6 +121,9 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } + // Do not allow plugin uploads to be toggled through the API + cfg.PluginSettings.EnableUploads = c.App.GetConfig().PluginSettings.EnableUploads + err := c.App.SaveConfig(cfg, true) if err != nil { c.Err = err diff --git a/api4/system_test.go b/api4/system_test.go index 1b2bb5d99..01b4934ae 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -7,6 +7,7 @@ import ( l4g "github.com/alecthomas/log4go" "github.com/mattermost/mattermost-server/model" + "github.com/stretchr/testify/assert" ) func TestGetPing(t *testing.T) { @@ -106,9 +107,10 @@ func TestUpdateConfig(t *testing.T) { defer th.TearDown() Client := th.Client - cfg := th.App.GetConfig() + cfg, resp := th.SystemAdminClient.GetConfig() + CheckNoError(t, resp) - _, resp := Client.UpdateConfig(cfg) + _, resp = Client.UpdateConfig(cfg) CheckForbiddenStatus(t, resp) SiteName := th.App.Config().TeamSettings.SiteName @@ -139,6 +141,22 @@ func TestUpdateConfig(t *testing.T) { t.Fatal() } } + + t.Run("Should not be able to modify PluginSettings.EnableUploads", func(t *testing.T) { + oldEnableUploads := *th.App.GetConfig().PluginSettings.EnableUploads + *cfg.PluginSettings.EnableUploads = !oldEnableUploads + + cfg, resp = th.SystemAdminClient.UpdateConfig(cfg) + CheckNoError(t, resp) + assert.Equal(t, oldEnableUploads, *cfg.PluginSettings.EnableUploads) + assert.Equal(t, oldEnableUploads, *th.App.GetConfig().PluginSettings.EnableUploads) + + cfg.PluginSettings.EnableUploads = nil + cfg, resp = th.SystemAdminClient.UpdateConfig(cfg) + CheckNoError(t, resp) + assert.Equal(t, oldEnableUploads, *cfg.PluginSettings.EnableUploads) + assert.Equal(t, oldEnableUploads, *th.App.GetConfig().PluginSettings.EnableUploads) + }) } func TestGetOldClientConfig(t *testing.T) { |