summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--api4/team.go52
-rw-r--r--api4/team_test.go135
-rw-r--r--app/team.go42
-rw-r--r--i18n/en.json12
-rw-r--r--model/client4.go22
5 files changed, 263 insertions, 0 deletions
diff --git a/api4/team.go b/api4/team.go
index 1e63273e6..26fff7ce1 100644
--- a/api4/team.go
+++ b/api4/team.go
@@ -25,6 +25,7 @@ func InitTeam() {
BaseRoutes.Team.Handle("/stats", ApiSessionRequired(getTeamStats)).Methods("GET")
BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(getTeamMembers)).Methods("GET")
BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST")
+ BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(addTeamMember)).Methods("POST")
BaseRoutes.TeamForUser.Handle("/unread", ApiSessionRequired(getTeamUnread)).Methods("GET")
@@ -235,6 +236,57 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
w.Write([]byte(model.TeamMembersToJson(members)))
}
+func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireTeamId()
+ if c.Err != nil {
+ return
+ }
+
+ var err *model.AppError
+ member := model.TeamMemberFromJson(r.Body)
+ if member.TeamId != c.Params.TeamId {
+ c.SetInvalidParam("team_id")
+ return
+ }
+
+ hash := r.URL.Query().Get("hash")
+ data := r.URL.Query().Get("data")
+ inviteId := r.URL.Query().Get("invite_id")
+
+ if len(member.UserId) > 0 {
+ if len(member.UserId) != 26 {
+ c.SetInvalidParam("user_id")
+ return
+ }
+
+ if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) {
+ c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM)
+ return
+ }
+
+ member, err = app.AddTeamMember(member.TeamId, member.UserId, c.GetSiteURL())
+ } else if len(hash) > 0 && len(data) > 0 {
+ member, err = app.AddTeamMemberByHash(c.Session.UserId, hash, data, c.GetSiteURL())
+ if err != nil {
+ err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_data.app_error", nil, "", http.StatusNotFound)
+ }
+ } else if len(inviteId) > 0 {
+ member, err = app.AddTeamMemberByInviteId(inviteId, c.Session.UserId, c.GetSiteURL())
+ if err != nil {
+ err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_invite_id.app_error", nil, "", http.StatusNotFound)
+ }
+ } else {
+ err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.missing_parameter.app_error", nil, "", http.StatusBadRequest)
+ }
+
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ w.Write([]byte(member.ToJson()))
+}
+
func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequireTeamId().RequireUserId()
if c.Err != nil {
diff --git a/api4/team_test.go b/api4/team_test.go
index 4b69f5b62..2076a8c1d 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -4,6 +4,7 @@
package api4
import (
+ "fmt"
"net/http"
"strconv"
"testing"
@@ -502,6 +503,140 @@ func TestGetTeamMembersByIds(t *testing.T) {
CheckUnauthorizedStatus(t, resp)
}
+func TestAddTeamMember(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ team := th.BasicTeam
+ otherUser := th.CreateUser()
+
+ // by user_id
+ th.LoginTeamAdmin()
+
+ tm, resp := Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+ CheckNoError(t, resp)
+
+ if tm == nil {
+ t.Fatal("should have returned team member")
+ }
+
+ if tm.UserId != otherUser.Id {
+ t.Fatal("user ids should have matched")
+ }
+
+ if tm.TeamId != team.Id {
+ t.Fatal("team ids should have matched")
+ }
+
+ tm, resp = Client.AddTeamMember(team.Id, "junk", "", "", "")
+ CheckBadRequestStatus(t, resp)
+
+ if tm != nil {
+ t.Fatal("should have not returned team member")
+ }
+
+ _, resp = Client.AddTeamMember("junk", otherUser.Id, "", "", "")
+ CheckBadRequestStatus(t, resp)
+
+ _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id, "", "", "")
+ CheckForbiddenStatus(t, resp)
+
+ _, resp = Client.AddTeamMember(team.Id, GenerateTestId(), "", "", "")
+ CheckNotFoundStatus(t, resp)
+
+ th.LoginBasic()
+
+ _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+ CheckForbiddenStatus(t, resp)
+
+ Client.Logout()
+
+ _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+ CheckUnauthorizedStatus(t, resp)
+
+ _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id, "", "", "")
+ CheckNoError(t, resp)
+
+ // by hash and data
+ Client.Login(otherUser.Email, otherUser.Password)
+
+ dataObject := make(map[string]string)
+ dataObject["time"] = fmt.Sprintf("%v", model.GetMillis())
+ dataObject["id"] = team.Id
+
+ data := model.MapToJson(dataObject)
+ hashed := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt))
+
+ tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "")
+ CheckNoError(t, resp)
+
+ if tm == nil {
+ t.Fatal("should have returned team member")
+ }
+
+ if tm.UserId != otherUser.Id {
+ t.Fatal("user ids should have matched")
+ }
+
+ if tm.TeamId != team.Id {
+ t.Fatal("team ids should have matched")
+ }
+
+ tm, resp = Client.AddTeamMember(team.Id, "", "junk", data, "")
+ CheckNotFoundStatus(t, resp)
+
+ if tm != nil {
+ t.Fatal("should have not returned team member")
+ }
+
+ _, resp = Client.AddTeamMember(team.Id, "", hashed, "junk", "")
+ CheckNotFoundStatus(t, resp)
+
+ // expired data of more than 50 hours
+ dataObject["time"] = fmt.Sprintf("%v", model.GetMillis()-1000*60*60*50)
+ data = model.MapToJson(dataObject)
+ hashed = model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt))
+
+ tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "")
+ CheckNotFoundStatus(t, resp)
+
+ // invalid team id
+ dataObject["id"] = GenerateTestId()
+ data = model.MapToJson(dataObject)
+ hashed = model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt))
+
+ tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "")
+ CheckNotFoundStatus(t, resp)
+
+ // by invite_id
+ Client.Login(otherUser.Email, otherUser.Password)
+
+ tm, resp = Client.AddTeamMember(team.Id, "", "", "", team.InviteId)
+ CheckNoError(t, resp)
+
+ if tm == nil {
+ t.Fatal("should have returned team member")
+ }
+
+ if tm.UserId != otherUser.Id {
+ t.Fatal("user ids should have matched")
+ }
+
+ if tm.TeamId != team.Id {
+ t.Fatal("team ids should have matched")
+ }
+
+ tm, resp = Client.AddTeamMember(team.Id, "", "", "", "junk")
+ CheckNotFoundStatus(t, resp)
+
+ if tm != nil {
+ t.Fatal("should have not returned team member")
+ }
+
+ _, resp = Client.AddTeamMember(team.Id, "", "", "", "junk")
+ CheckNotFoundStatus(t, resp)
+}
+
func TestGetTeamStats(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer TearDown()
diff --git a/app/team.go b/app/team.go
index d0d907731..0de6cffc4 100644
--- a/app/team.go
+++ b/app/team.go
@@ -391,6 +391,48 @@ func GetTeamMembersByIds(teamId string, userIds []string) ([]*model.TeamMember,
}
}
+func AddTeamMember(teamId, userId, siteURL string) (*model.TeamMember, *model.AppError) {
+ if _, err := AddUserToTeam(teamId, userId, siteURL); err != nil {
+ return nil, err
+ }
+
+ if teamMember, err := GetTeamMember(teamId, userId); err != nil {
+ return nil, err
+ } else {
+ return teamMember, nil
+ }
+}
+
+func AddTeamMemberByHash(userId, hash, data, siteURL string) (*model.TeamMember, *model.AppError) {
+ var team *model.Team
+ var err *model.AppError
+
+ if team, err = AddUserToTeamByHash(userId, hash, data, siteURL); err != nil {
+ return nil, err
+ }
+
+ if teamMember, err := GetTeamMember(team.Id, userId); err != nil {
+ return nil, err
+ } else {
+ return teamMember, nil
+ }
+}
+
+func AddTeamMemberByInviteId(inviteId, userId, siteURL string) (*model.TeamMember, *model.AppError) {
+ var team *model.Team
+ var err *model.AppError
+
+ if team, err = AddUserToTeamByInviteId(inviteId, userId, siteURL); err != nil {
+ return nil, err
+ }
+
+ if teamMember, err := GetTeamMember(team.Id, userId); err != nil {
+ return nil, err
+ } else {
+ return teamMember, nil
+ }
+}
+
func GetTeamUnread(teamId, userId string) (*model.TeamUnread, *model.AppError) {
result := <-Srv.Store.Team().GetChannelUnreadsForTeam(teamId, userId)
if result.Err != nil {
diff --git a/i18n/en.json b/i18n/en.json
index bec89c477..5d1889585 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -2044,6 +2044,18 @@
"translation": "Permanently deleted team %v id=%v"
},
{
+ "id": "api.team.add_user_to_team.missing_parameter.app_error",
+ "translation": "Parameter required to add user to team."
+ },
+ {
+ "id": "api.team.add_user_to_team.invalid_invite_id.app_error",
+ "translation": "Invalid invite id. No team matches with this invite id."
+ },
+ {
+ "id": "api.team.add_user_to_team.invalid_data.app_error",
+ "translation": "Invalid data."
+ },
+ {
"id": "api.team.remove_user_from_team.missing.app_error",
"translation": "The user does not appear to be part of this team."
},
diff --git a/model/client4.go b/model/client4.go
index c74d76e04..31b754bd3 100644
--- a/model/client4.go
+++ b/model/client4.go
@@ -803,6 +803,28 @@ func (c *Client4) GetTeamMembersByIds(teamId string, userIds []string) ([]*TeamM
}
}
+// AddTeamMember adds user to a team and return a team member.
+func (c *Client4) AddTeamMember(teamId, userId, hash, dataToHash, inviteId string) (*TeamMember, *Response) {
+ member := &TeamMember{TeamId: teamId, UserId: userId}
+
+ var query string
+
+ if inviteId != "" {
+ query += fmt.Sprintf("?invite_id=%v", inviteId)
+ }
+
+ if hash != "" && dataToHash != "" {
+ query += fmt.Sprintf("?hash=%v&data=%v", hash, dataToHash)
+ }
+
+ if r, err := c.DoApiPost(c.GetTeamMembersRoute(teamId)+query, member.ToJson()); err != nil {
+ return nil, &Response{StatusCode: r.StatusCode, Error: err}
+ } else {
+ defer closeBody(r)
+ return TeamMemberFromJson(r.Body), BuildResponse(r)
+ }
+}
+
// GetTeamStats returns a team stats based on the team id string.
// Must be authenticated.
func (c *Client4) GetTeamStats(teamId, etag string) (*TeamStats, *Response) {
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-18 11:45:41 +0000