diff options
author | Joram Wilander <jwawilander@gmail.com> | 2016-09-14 08:57:33 -0400 |
---|---|---|
committer | enahum <nahumhbl@gmail.com> | 2016-09-14 09:57:33 -0300 |
commit | 837808eba389f1f74da8200b35d1fdc7ea14900e (patch) | |
tree | 69742d74ccd39ad7313bb382e94462699c4ff790 /api | |
parent | abe6e8e47114c8757f064bba072ef71541b3ed7d (diff) | |
download | chat-837808eba389f1f74da8200b35d1fdc7ea14900e.tar.gz chat-837808eba389f1f74da8200b35d1fdc7ea14900e.tar.bz2 chat-837808eba389f1f74da8200b35d1fdc7ea14900e.zip |
Update getUser API and add it to the JS driver (#4020)
Diffstat (limited to 'api')
-rw-r--r-- | api/user.go | 9 | ||||
-rw-r--r-- | api/user_test.go | 50 |
2 files changed, 50 insertions, 9 deletions
diff --git a/api/user.go b/api/user.go index adcc44f30..35cc3612e 100644 --- a/api/user.go +++ b/api/user.go @@ -932,18 +932,15 @@ func getUser(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) id := params["user_id"] - if !HasPermissionToUser(c, id) { - return - } - if result := <-Srv.Store.User().Get(id); result.Err != nil { c.Err = result.Err return } else if HandleEtag(result.Data.(*model.User).Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), w, r) { return } else { - result.Data.(*model.User).Sanitize(map[string]bool{}) - w.Header().Set(model.HEADER_ETAG_SERVER, result.Data.(*model.User).Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress)) + user := sanitizeProfile(c, result.Data.(*model.User)) + + w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress)) w.Write([]byte(result.Data.(*model.User).ToJson())) return } diff --git a/api/user_test.go b/api/user_test.go index d2c15f730..a68d1199a 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -345,7 +345,7 @@ func TestGetUser(t *testing.T) { LinkUserToTeam(ruser.Data.(*model.User), rteam.Data.(*model.Team)) store.Must(Srv.Store.User().VerifyEmail(ruser.Data.(*model.User).Id)) - user2 := model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1"} + user2 := model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1", FirstName: "Corey", LastName: "Hulen"} ruser2, _ := Client.CreateUser(&user2, "") LinkUserToTeam(ruser2.Data.(*model.User), rteam.Data.(*model.Team)) store.Must(Srv.Store.User().VerifyEmail(ruser2.Data.(*model.User).Id)) @@ -387,8 +387,52 @@ func TestGetUser(t *testing.T) { t.Fatal("shouldn't exist") } - if _, err := Client.GetUser(ruser2.Data.(*model.User).Id, ""); err == nil { - t.Fatal("shouldn't have accss") + emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress + namePrivacy := utils.Cfg.PrivacySettings.ShowFullName + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = emailPrivacy + utils.Cfg.PrivacySettings.ShowFullName = namePrivacy + }() + utils.Cfg.PrivacySettings.ShowEmailAddress = false + utils.Cfg.PrivacySettings.ShowFullName = false + + if result, err := Client.GetUser(ruser2.Data.(*model.User).Id, ""); err != nil { + t.Fatal(err) + } else { + u := result.Data.(*model.User) + if u.Password != "" { + t.Fatal("password must be empty") + } + if *u.AuthData != "" { + t.Fatal("auth data must be empty") + } + if u.Email != "" { + t.Fatal("email should be sanitized") + } + if u.FirstName != "" { + t.Fatal("full name should be sanitized") + } + if u.LastName != "" { + t.Fatal("full name should be sanitized") + } + } + + utils.Cfg.PrivacySettings.ShowEmailAddress = true + utils.Cfg.PrivacySettings.ShowFullName = true + + if result, err := Client.GetUser(ruser2.Data.(*model.User).Id, ""); err != nil { + t.Fatal(err) + } else { + u := result.Data.(*model.User) + if u.Email == "" { + t.Fatal("email should not be sanitized") + } + if u.FirstName == "" { + t.Fatal("full name should not be sanitized") + } + if u.LastName == "" { + t.Fatal("full name should not be sanitized") + } } if userMap, err := Client.GetProfiles(rteam.Data.(*model.Team).Id, ""); err != nil { |