diff options
author | Joram Wilander <jwawilander@gmail.com> | 2016-06-29 14:16:17 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-06-29 14:16:17 -0400 |
commit | b97b3ae6179bc15ec23e0697b08cdcbdf53e4ffc (patch) | |
tree | 8b0b4438a88c044e63eb3520224bdf6b85b5c74b /api | |
parent | 4c9b48da8f54bc9af83c7e987149be316f5c61f7 (diff) | |
download | chat-b97b3ae6179bc15ec23e0697b08cdcbdf53e4ffc.tar.gz chat-b97b3ae6179bc15ec23e0697b08cdcbdf53e4ffc.tar.bz2 chat-b97b3ae6179bc15ec23e0697b08cdcbdf53e4ffc.zip |
EE: Add the ability to restrict the user roles that can send team invites (#3442)
Diffstat (limited to 'api')
-rw-r--r-- | api/team.go | 14 | ||||
-rw-r--r-- | api/team_test.go | 51 |
2 files changed, 61 insertions, 4 deletions
diff --git a/api/team.go b/api/team.go index 0f7298b57..cb942bb35 100644 --- a/api/team.go +++ b/api/team.go @@ -394,11 +394,23 @@ func revokeAllSessions(c *Context, w http.ResponseWriter, r *http.Request) { func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) { invites := model.InvitesFromJson(r.Body) if len(invites.Invites) == 0 { - c.Err = model.NewLocAppError("Team.InviteMembers", "api.team.invite_members.no_one.app_error", nil, "") + c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.no_one.app_error", nil, "") c.Err.StatusCode = http.StatusBadRequest return } + if utils.IsLicensed { + if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.TEAM_INVITE_SYSTEM_ADMIN && !c.IsSystemAdmin() { + c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.restricted_system_admin.app_error", nil, "") + return + } + + if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.TEAM_INVITE_TEAM_ADMIN && !c.IsTeamAdmin() { + c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.restricted_team_admin.app_error", nil, "") + return + } + } + tchan := Srv.Store.Team().Get(c.TeamId) uchan := Srv.Store.User().Get(c.Session.UserId) diff --git a/api/team_test.go b/api/team_test.go index 30952b4d8..91c73bed5 100644 --- a/api/team_test.go +++ b/api/team_test.go @@ -363,9 +363,10 @@ func TestTeamPermDelete(t *testing.T) { } func TestInviteMembers(t *testing.T) { - th := Setup().InitBasic() + th := Setup().InitBasic().InitSystemAdmin() th.BasicClient.Logout() Client := th.BasicClient + SystemAdminClient := th.SystemAdminClient team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) @@ -389,10 +390,54 @@ func TestInviteMembers(t *testing.T) { t.Fatal(err) } - invites = &model.Invites{Invites: []map[string]string{}} - if _, err := Client.InviteMembers(invites); err == nil { + invites2 := &model.Invites{Invites: []map[string]string{}} + if _, err := Client.InviteMembers(invites2); err == nil { t.Fatal("Should have errored out on no invites to send") } + + restrictTeamInvite := *utils.Cfg.TeamSettings.RestrictTeamInvite + defer func() { + *utils.Cfg.TeamSettings.RestrictTeamInvite = restrictTeamInvite + }() + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.TEAM_INVITE_TEAM_ADMIN + + th.LoginBasic2() + LinkUserToTeam(th.BasicUser2, team) + + if _, err := Client.InviteMembers(invites); err != nil { + t.Fatal(err) + } + + isLicensed := utils.IsLicensed + defer func() { + utils.IsLicensed = isLicensed + }() + utils.IsLicensed = true + + if _, err := Client.InviteMembers(invites); err == nil { + t.Fatal("should have errored not team admin and licensed") + } + + UpdateUserToTeamAdmin(th.BasicUser2, team) + Client.Logout() + th.LoginBasic2() + Client.SetTeamId(team.Id) + + if _, err := Client.InviteMembers(invites); err != nil { + t.Fatal(err) + } + + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.TEAM_INVITE_SYSTEM_ADMIN + + if _, err := Client.InviteMembers(invites); err == nil { + t.Fatal("should have errored not system admin and licensed") + } + + LinkUserToTeam(th.SystemAdminUser, team) + + if _, err := SystemAdminClient.InviteMembers(invites); err != nil { + t.Fatal(err) + } } func TestUpdateTeamDisplayName(t *testing.T) { |