diff options
| author | Jonathan <jonfritz@gmail.com> | 2017-08-09 09:34:09 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-09 09:34:09 -0400 |
| commit | fd6856b674cc24deb708f2cd36c247662ee10bc7 (patch) | |
| tree | 7c47d2468d894d7867fda71f0f6ac252832dd728 /api4 | |
| parent | 6b741c4cea36f54b8f20c4a3e5871f00123db185 (diff) | |
| download | chat-fd6856b674cc24deb708f2cd36c247662ee10bc7.tar.gz chat-fd6856b674cc24deb708f2cd36c247662ee10bc7.tar.bz2 chat-fd6856b674cc24deb708f2cd36c247662ee10bc7.zip | |
PLT-7206: Remove the "Delete Channel" option for private channels if you're the last channel member and policy setting restricts channel deletion (#7050)
* PLT-7206: UI changes. Removed last user in channel loophole, refactored code to clean it up, added differentiated support for public and private channels, added unit tests. Still need to implement server-side checks
* PLT-7206: All helper methods in channel_utils.jsx now accept the same three boolean variables in the same order and use the same boolean logic to check their values.
* PLT-7206: Added unit tests for showManagementOptions(...)
* PLT-7206: Fixed test case descriptions
* Added unit tests for showCreateOption(...)
* PLT-7206: Added unit tests for canManageMembers(...)
* PLT-7206: Removed last person in channel loophole from server-side code
* PLT-7206: Reverted config.json
* PLT-7206: Fixed double negatives in unit test names
* PLT-7206: PR feedback - Removed confusing comment and unused variable
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/channel.go | 9 | ||||
| -rw-r--r-- | api4/channel_test.go | 6 |
2 files changed, 3 insertions, 12 deletions
diff --git a/api4/channel.go b/api4/channel.go index 604c47464..281fb6ac4 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -534,19 +534,12 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - var memberCount int64 - if memberCount, err = app.GetChannelMemberCount(c.Params.ChannelId); err != nil { - c.Err = err - return - } - if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) return } - // Allow delete if there's only one member left in a private channel - if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { + if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) return } diff --git a/api4/channel_test.go b/api4/channel_test.go index a1c5d2ad8..5cc770332 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -1064,15 +1064,13 @@ func TestDeleteChannel(t *testing.T) { // last member of a public channel should have required permission to delete publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN) - _, resp = Client.DeleteChannel(publicChannel6.Id) CheckForbiddenStatus(t, resp) - // last member of a private channel should be able to delete it regardless of required permissions + // last member of a private channel should not be able to delete it if they don't have required permissions privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE) - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckNoError(t, resp) + CheckForbiddenStatus(t, resp) } func TestRestoreChannel(t *testing.T) { |