Implement a few channel member endpoints for APIv4 (#5444)

* Implement POST /channels/members/{user_id}/view endpoint for APIv4

* Implement PUT /channels/{channel_id}/members/{user_id}/roles endpoint for APIv4

* Implement DELETE /channels/{channel_id}/members/{user_id} endpoint for APIv4

2 files changed, 288 insertions, 7 deletions

diff --git a/api4/channel.go b/api4/channel.go
index 938511c14..8be522484 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -25,6 +25,9 @@ func InitChannel() {
 	BaseRoutes.ChannelMembers.Handle("", ApiSessionRequired(getChannelMembers)).Methods("GET")
 	BaseRoutes.ChannelMembersForUser.Handle("", ApiSessionRequired(getChannelMembersForUser)).Methods("GET")
 	BaseRoutes.ChannelMember.Handle("", ApiSessionRequired(getChannelMember)).Methods("GET")
+	BaseRoutes.ChannelMember.Handle("", ApiSessionRequired(removeChannelMember)).Methods("DELETE")
+	BaseRoutes.ChannelMember.Handle("/roles", ApiSessionRequired(updateChannelMemberRoles)).Methods("PUT")
+	BaseRoutes.Channels.Handle("/members/{user_id:[A-Za-z0-9]+}/view", ApiSessionRequired(viewChannel)).Methods("POST")
 }
 
 func createChannel(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -101,7 +104,7 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
-	} 
+	}
 
 	if channel, err := app.GetChannel(c.Params.ChannelId); err != nil {
 		c.Err = err
@@ -124,13 +127,13 @@ func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) {
 	if channel, err = app.GetChannelByName(c.Params.ChannelName, c.Params.TeamId); err != nil {
 		c.Err = err
 		return
-	} 
+	}
 
 	if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
 	}
-	
+
 	w.Write([]byte(channel.ToJson()))
 	return
 }
@@ -152,7 +155,7 @@ func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Requ
 	if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
-	} 
+	}
 
 	w.Write([]byte(channel.ToJson()))
 	return
@@ -219,3 +222,88 @@ func getChannelMembersForUser(c *Context, w http.ResponseWriter, r *http.Request
 		w.Write([]byte(members.ToJson()))
 	}
 }
+
+func viewChannel(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+		return
+	}
+
+	view := model.ChannelViewFromJson(r.Body)
+	if view == nil {
+		c.SetInvalidParam("channel_view")
+		return
+	}
+
+	if err := app.ViewChannel(view, c.Params.UserId, !c.Session.IsMobileApp()); err != nil {
+		c.Err = err
+		return
+	}
+
+	ReturnStatusOK(w)
+}
+
+func updateChannelMemberRoles(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireChannelId().RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	props := model.MapFromJson(r.Body)
+
+	newRoles := props["roles"]
+	if !(model.IsValidUserRoles(newRoles)) {
+		c.SetInvalidParam("roles")
+		return
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_MANAGE_CHANNEL_ROLES) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_CHANNEL_ROLES)
+		return
+	}
+
+	if _, err := app.UpdateChannelMemberRoles(c.Params.ChannelId, c.Params.UserId, newRoles); err != nil {
+		c.Err = err
+		return
+	}
+
+	ReturnStatusOK(w)
+}
+
+func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireChannelId().RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	var channel *model.Channel
+	var err *model.AppError
+	if channel, err = app.GetChannel(c.Params.ChannelId); err != nil {
+		c.Err = err
+		return
+	}
+
+	if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS)
+		return
+	}
+
+	if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS)
+		return
+	}
+
+	if err = app.RemoveUserFromChannel(c.Params.UserId, c.Session.UserId, channel); err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("name=" + channel.Name + " user_id=" + c.Params.UserId)
+
+	ReturnStatusOK(w)
+}
diff --git a/api4/channel_test.go b/api4/channel_test.go
index 7e59f60e8..7dcc8dc96 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -8,6 +8,7 @@ import (
 	"strconv"
 	"testing"
 
+	"github.com/mattermost/platform/app"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/utils"
 )
@@ -226,9 +227,13 @@ func TestGetChannel(t *testing.T) {
 	defer TearDown()
 	Client := th.Client
 
-	_, resp := Client.GetChannel(th.BasicChannel.Id, "")
+	channel, resp := Client.GetChannel(th.BasicChannel.Id, "")
 	CheckNoError(t, resp)
 
+	if channel.Id != th.BasicChannel.Id {
+		t.Fatal("ids did not match")
+	}
+
 	_, resp = Client.GetChannel(model.NewId(), "")
 	CheckForbiddenStatus(t, resp)
 
@@ -253,9 +258,13 @@ func TestGetChannelByName(t *testing.T) {
 	defer TearDown()
 	Client := th.Client
 
-	_, resp := Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "")
+	channel, resp := Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "")
 	CheckNoError(t, resp)
 
+	if channel.Name != th.BasicChannel.Name {
+		t.Fatal("names did not match")
+	}
+
 	_, resp = Client.GetChannelByName(GenerateTestChannelName(), th.BasicTeam.Id, "")
 	CheckNotFoundStatus(t, resp)
 
@@ -277,9 +286,13 @@ func TestGetChannelByNameForTeamName(t *testing.T) {
 	defer TearDown()
 	Client := th.Client
 
-	_, resp := th.SystemAdminClient.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "")
+	channel, resp := th.SystemAdminClient.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "")
 	CheckNoError(t, resp)
 
+	if channel.Name != th.BasicChannel.Name {
+		t.Fatal("names did not match")
+	}
+
 	_, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "")
 	CheckNoError(t, resp)
 
@@ -443,3 +456,183 @@ func TestGetChannelMembersForUser(t *testing.T) {
 	_, resp = th.SystemAdminClient.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "")
 	CheckNoError(t, resp)
 }
+
+func TestViewChannel(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	view := &model.ChannelView{
+		ChannelId: th.BasicChannel.Id,
+	}
+
+	pass, resp := Client.ViewChannel(th.BasicUser.Id, view)
+	CheckNoError(t, resp)
+
+	if !pass {
+		t.Fatal("should have passed")
+	}
+
+	view.PrevChannelId = th.BasicChannel.Id
+	_, resp = Client.ViewChannel(th.BasicUser.Id, view)
+	CheckNoError(t, resp)
+
+	view.PrevChannelId = ""
+	_, resp = Client.ViewChannel(th.BasicUser.Id, view)
+	CheckNoError(t, resp)
+
+	view.PrevChannelId = "junk"
+	_, resp = Client.ViewChannel(th.BasicUser.Id, view)
+	CheckNoError(t, resp)
+
+	member, resp := Client.GetChannelMember(th.BasicChannel.Id, th.BasicUser.Id, "")
+	CheckNoError(t, resp)
+	channel, resp := Client.GetChannel(th.BasicChannel.Id, "")
+	CheckNoError(t, resp)
+
+	if member.MsgCount != channel.TotalMsgCount {
+		t.Fatal("should match message counts")
+	}
+
+	if member.MentionCount != 0 {
+		t.Fatal("should have no mentions")
+	}
+
+	_, resp = Client.ViewChannel("junk", view)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.ViewChannel(th.BasicUser2.Id, view)
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.ViewChannel(th.BasicUser.Id, view)
+	CheckUnauthorizedStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.ViewChannel(th.BasicUser.Id, view)
+	CheckNoError(t, resp)
+}
+
+func TestUpdateChannelRoles(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	const CHANNEL_ADMIN = "channel_admin channel_user"
+	const CHANNEL_MEMBER = "channel_user"
+
+	// User 1 creates a channel, making them channel admin by default.
+	channel := th.CreatePublicChannel()
+
+	// Adds User 2 to the channel, making them a channel member by default.
+	app.AddUserToChannel(th.BasicUser2, channel)
+
+	// User 1 promotes User 2
+	pass, resp := Client.UpdateChannelRoles(channel.Id, th.BasicUser2.Id, CHANNEL_ADMIN)
+	CheckNoError(t, resp)
+
+	if !pass {
+		t.Fatal("should have passed")
+	}
+
+	member, resp := Client.GetChannelMember(channel.Id, th.BasicUser2.Id, "")
+	CheckNoError(t, resp)
+
+	if member.Roles != CHANNEL_ADMIN {
+		t.Fatal("roles don't match")
+	}
+
+	// User 1 demotes User 2
+	_, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser2.Id, CHANNEL_MEMBER)
+	CheckNoError(t, resp)
+
+	th.LoginBasic2()
+
+	// User 2 cannot demote User 1
+	_, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_MEMBER)
+	CheckForbiddenStatus(t, resp)
+
+	// User 2 cannot promote self
+	_, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser2.Id, CHANNEL_ADMIN)
+	CheckForbiddenStatus(t, resp)
+
+	th.LoginBasic()
+
+	// User 1 demotes self
+	_, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_MEMBER)
+	CheckNoError(t, resp)
+
+	// System Admin promotes User 1
+	_, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_ADMIN)
+	CheckNoError(t, resp)
+
+	// System Admin demotes User 1
+	_, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_MEMBER)
+	CheckNoError(t, resp)
+
+	// System Admin promotes User 1
+	pass, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_ADMIN)
+	CheckNoError(t, resp)
+
+	th.LoginBasic()
+
+	_, resp = Client.UpdateChannelRoles(channel.Id, th.BasicUser.Id, "junk")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.UpdateChannelRoles(channel.Id, "junk", CHANNEL_MEMBER)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.UpdateChannelRoles("junk", th.BasicUser.Id, CHANNEL_MEMBER)
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.UpdateChannelRoles(channel.Id, model.NewId(), CHANNEL_MEMBER)
+	CheckNotFoundStatus(t, resp)
+
+	_, resp = Client.UpdateChannelRoles(model.NewId(), th.BasicUser.Id, CHANNEL_MEMBER)
+	CheckForbiddenStatus(t, resp)
+}
+
+func TestRemoveChannelMember(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	pass, resp := Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id)
+	CheckNoError(t, resp)
+
+	if !pass {
+		t.Fatal("should have passed")
+	}
+
+	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id)
+	CheckNoError(t, resp)
+
+	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, "junk")
+	CheckBadRequestStatus(t, resp)
+
+	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, model.NewId())
+	CheckNotFoundStatus(t, resp)
+
+	th.LoginBasic2()
+	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id)
+	CheckForbiddenStatus(t, resp)
+
+	app.AddUserToChannel(th.BasicUser2, th.BasicChannel)
+	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id)
+	CheckNoError(t, resp)
+
+	_, resp = Client.RemoveUserFromChannel(th.BasicChannel2.Id, th.BasicUser.Id)
+	CheckNoError(t, resp)
+
+	_, resp = th.SystemAdminClient.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id)
+	CheckNoError(t, resp)
+
+	th.LoginBasic()
+	private := th.CreatePrivateChannel()
+	app.AddUserToChannel(th.BasicUser2, private)
+
+	_, resp = Client.RemoveUserFromChannel(private.Id, th.BasicUser2.Id)
+	CheckNoError(t, resp)
+
+	_, resp = th.SystemAdminClient.RemoveUserFromChannel(private.Id, th.BasicUser.Id)
+	CheckNoError(t, resp)
+}