diff options
-rw-r--r-- | api/channel.go | 15 | ||||
-rw-r--r-- | api/channel_test.go | 14 | ||||
-rw-r--r-- | i18n/en.json | 4 | ||||
-rw-r--r-- | store/sql_team_store.go | 21 | ||||
-rw-r--r-- | store/sql_team_store_test.go | 31 | ||||
-rw-r--r-- | store/store.go | 1 |
6 files changed, 84 insertions, 2 deletions
diff --git a/api/channel.go b/api/channel.go index b7a608717..9d36dd2eb 100644 --- a/api/channel.go +++ b/api/channel.go @@ -188,6 +188,7 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(channel.Id) cmc := Srv.Store.Channel().GetMember(channel.Id, c.Session.UserId) + tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) if cresult := <-sc; cresult.Err != nil { c.Err = cresult.Err @@ -195,14 +196,19 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if cmcresult := <-cmc; cmcresult.Err != nil { c.Err = cmcresult.Err return + } else if tmcresult := <-tmc; cmcresult.Err != nil { + c.Err = tmcresult.Err + return } else { oldChannel := cresult.Data.(*model.Channel) channelMember := cmcresult.Data.(model.ChannelMember) + teamMember := tmcresult.Data.(model.TeamMember) + if !c.HasPermissionsToTeam(oldChannel.TeamId, "updateChannel") { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { c.Err = model.NewLocAppError("updateChannel", "api.channel.update_channel.permission.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return @@ -636,6 +642,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(id) scm := Srv.Store.Channel().GetMember(id, c.Session.UserId) + tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) uc := Srv.Store.User().Get(c.Session.UserId) ihc := Srv.Store.Webhook().GetIncomingByChannel(id) ohc := Srv.Store.Webhook().GetOutgoingByChannel(id) @@ -649,6 +656,9 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if scmresult := <-scm; scmresult.Err != nil { c.Err = scmresult.Err return + } else if tmcresult := <-tmc; tmcresult.Err != nil { + c.Err = tmcresult.Err + return } else if ihcresult := <-ihc; ihcresult.Err != nil { c.Err = ihcresult.Err return @@ -659,6 +669,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { channel := cresult.Data.(*model.Channel) user := uresult.Data.(*model.User) channelMember := scmresult.Data.(model.ChannelMember) + teamMember := tmcresult.Data.(model.TeamMember) incomingHooks := ihcresult.Data.([]*model.IncomingWebhook) outgoingHooks := ohcresult.Data.([]*model.OutgoingWebhook) @@ -666,7 +677,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { c.Err = model.NewLocAppError("deleteChannel", "api.channel.delete_channel.permissions.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/channel_test.go b/api/channel_test.go index 6a907b278..ac2766588 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -134,6 +134,7 @@ func TestUpdateChannel(t *testing.T) { team := th.BasicTeam user := th.BasicUser user2 := th.CreateUser(th.BasicClient) + LinkUserToTeam(user2, team) channel1 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) @@ -175,6 +176,13 @@ func TestUpdateChannel(t *testing.T) { if _, err := Client.UpdateChannel(upChannel1); err == nil { t.Fatal("Standard User should have failed to update") } + + Client.Must(Client.JoinChannel(channel1.Id)) + UpdateUserToTeamAdmin(user2, team) + + if _, err := Client.UpdateChannel(upChannel1); err != nil { + t.Fatal(err) + } } func TestUpdateChannelHeader(t *testing.T) { @@ -566,6 +574,12 @@ func TestDeleteChannel(t *testing.T) { break } } + + UpdateUserToTeamAdmin(userStd, team) + + if _, err := Client.DeleteChannel(channel2.Id); err != nil { + t.Fatal(err) + } } func TestGetChannelExtraInfo(t *testing.T) { diff --git a/i18n/en.json b/i18n/en.json index 3fb640883..abdc647b7 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -3380,6 +3380,10 @@ "translation": "We couldn't find the existing team" }, { + "id": "store.sql_team.get_member.app_error", + "translation": "We couldn't get the team member" + }, + { "id": "store.sql_team.get_members.app_error", "translation": "We couldn't get the team members" }, diff --git a/store/sql_team_store.go b/store/sql_team_store.go index c17a45d97..daaa1bac1 100644 --- a/store/sql_team_store.go +++ b/store/sql_team_store.go @@ -411,6 +411,27 @@ func (s SqlTeamStore) UpdateMember(member *model.TeamMember) StoreChannel { return storeChannel } +func (s SqlTeamStore) GetMember(teamId string, userId string) StoreChannel { + storeChannel := make(StoreChannel) + + go func() { + result := StoreResult{} + + var member model.TeamMember + err := s.GetReplica().SelectOne(&member, "SELECT * FROM TeamMembers WHERE TeamId = :TeamId AND UserId = :UserId", map[string]interface{}{"TeamId": teamId, "UserId": userId}) + if err != nil { + result.Err = model.NewLocAppError("SqlTeamStore.GetMember", "store.sql_team.get_member.app_error", nil, "teamId="+teamId+" userId="+userId+" "+err.Error()) + } else { + result.Data = member + } + + storeChannel <- result + close(storeChannel) + }() + + return storeChannel +} + func (s SqlTeamStore) GetMembers(teamId string) StoreChannel { storeChannel := make(StoreChannel) diff --git a/store/sql_team_store_test.go b/store/sql_team_store_test.go index d5ee15bc6..be72786d3 100644 --- a/store/sql_team_store_test.go +++ b/store/sql_team_store_test.go @@ -403,3 +403,34 @@ func TestTeamMembers(t *testing.T) { } } } + +func TestGetTeamMember(t *testing.T) { + Setup() + + teamId1 := model.NewId() + + m1 := &model.TeamMember{TeamId: teamId1, UserId: model.NewId()} + Must(store.Team().SaveMember(m1)) + + if r := <-store.Team().GetMember(m1.TeamId, m1.UserId); r.Err != nil { + t.Fatal(r.Err) + } else { + rm1 := r.Data.(model.TeamMember) + + if rm1.TeamId != m1.TeamId { + t.Fatal("bad team id") + } + + if rm1.UserId != m1.UserId { + t.Fatal("bad user id") + } + } + + if r := <-store.Team().GetMember(m1.TeamId, ""); r.Err == nil { + t.Fatal("empty user id - should have failed") + } + + if r := <-store.Team().GetMember("", m1.UserId); r.Err == nil { + t.Fatal("empty team id - should have failed") + } +} diff --git a/store/store.go b/store/store.go index 7f62fcd97..ebbd2e454 100644 --- a/store/store.go +++ b/store/store.go @@ -61,6 +61,7 @@ type TeamStore interface { AnalyticsTeamCount() StoreChannel SaveMember(member *model.TeamMember) StoreChannel UpdateMember(member *model.TeamMember) StoreChannel + GetMember(teamId string, userId string) StoreChannel GetMembers(teamId string) StoreChannel GetTeamsForUser(userId string) StoreChannel RemoveMember(teamId string, userId string) StoreChannel |