diff options
-rw-r--r-- | api/channel.go | 14 | ||||
-rw-r--r-- | api/channel_test.go | 65 |
2 files changed, 56 insertions, 23 deletions
diff --git a/api/channel.go b/api/channel.go index 7b12849e3..ba6de1a48 100644 --- a/api/channel.go +++ b/api/channel.go @@ -189,7 +189,6 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(channel.Id) cmc := Srv.Store.Channel().GetMember(channel.Id, c.Session.UserId) - tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) if cresult := <-sc; cresult.Err != nil { c.Err = cresult.Err @@ -197,19 +196,15 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if cmcresult := <-cmc; cmcresult.Err != nil { c.Err = cmcresult.Err return - } else if tmcresult := <-tmc; cmcresult.Err != nil { - c.Err = tmcresult.Err - return } else { oldChannel := cresult.Data.(*model.Channel) channelMember := cmcresult.Data.(model.ChannelMember) - teamMember := tmcresult.Data.(model.TeamMember) if !c.HasPermissionsToTeam(oldChannel.TeamId, "updateChannel") { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !c.IsTeamAdmin() { c.Err = model.NewLocAppError("updateChannel", "api.channel.update_channel.permission.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return @@ -639,7 +634,6 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(id) scm := Srv.Store.Channel().GetMember(id, c.Session.UserId) - tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) uc := Srv.Store.User().Get(c.Session.UserId) ihc := Srv.Store.Webhook().GetIncomingByChannel(id) ohc := Srv.Store.Webhook().GetOutgoingByChannel(id) @@ -653,9 +647,6 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if scmresult := <-scm; scmresult.Err != nil { c.Err = scmresult.Err return - } else if tmcresult := <-tmc; tmcresult.Err != nil { - c.Err = tmcresult.Err - return } else if ihcresult := <-ihc; ihcresult.Err != nil { c.Err = ihcresult.Err return @@ -666,7 +657,6 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { channel := cresult.Data.(*model.Channel) user := uresult.Data.(*model.User) channelMember := scmresult.Data.(model.ChannelMember) - teamMember := tmcresult.Data.(model.TeamMember) incomingHooks := ihcresult.Data.([]*model.IncomingWebhook) outgoingHooks := ohcresult.Data.([]*model.OutgoingWebhook) @@ -674,7 +664,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !c.IsTeamAdmin() { c.Err = model.NewLocAppError("deleteChannel", "api.channel.delete_channel.permissions.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/channel_test.go b/api/channel_test.go index ac2766588..b2bb56952 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -129,13 +129,17 @@ func TestCreateDirectChannel(t *testing.T) { } func TestUpdateChannel(t *testing.T) { - th := Setup().InitBasic() - Client := th.BasicClient - team := th.BasicTeam - user := th.BasicUser - user2 := th.CreateUser(th.BasicClient) + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + sysAdminUser := th.SystemAdminUser + user := th.CreateUser(Client) + LinkUserToTeam(user, team) + user2 := th.CreateUser(Client) LinkUserToTeam(user2, team) + Client.Login(user.Email, user.Password) + channel1 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) @@ -180,9 +184,26 @@ func TestUpdateChannel(t *testing.T) { Client.Must(Client.JoinChannel(channel1.Id)) UpdateUserToTeamAdmin(user2, team) + Client.Logout() + Client.Login(user2.Email, user2.Password) + Client.SetTeamId(team.Id) + if _, err := Client.UpdateChannel(upChannel1); err != nil { t.Fatal(err) } + + Client.Login(sysAdminUser.Email, sysAdminUser.Password) + Client.Must(Client.JoinChannel(channel1.Id)) + + if _, err := Client.UpdateChannel(upChannel1); err != nil { + t.Fatal(err) + } + + Client.Must(Client.DeleteChannel(channel1.Id)) + + if _, err := Client.UpdateChannel(upChannel1); err == nil { + t.Fatal("should have failed - channel deleted") + } } func TestUpdateChannelHeader(t *testing.T) { @@ -517,12 +538,16 @@ func TestLeaveChannel(t *testing.T) { } func TestDeleteChannel(t *testing.T) { - th := Setup().InitBasic() - Client := th.BasicClient - team := th.BasicTeam - userTeamAdmin := th.BasicUser + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + userSystemAdmin := th.SystemAdminUser + userTeamAdmin := th.CreateUser(Client) + LinkUserToTeam(userTeamAdmin, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) - th.LoginBasic2() + Client.Login(user2.Email, user2.Password) channelMadeByCA := &model.Channel{DisplayName: "C Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} channelMadeByCA = Client.Must(Client.CreateChannel(channelMadeByCA)).Data.(*model.Channel) @@ -550,7 +575,7 @@ func TestDeleteChannel(t *testing.T) { t.Fatal("should have failed to post to deleted channel") } - userStd := th.CreateUser(th.BasicClient) + userStd := th.CreateUser(Client) LinkUserToTeam(userStd, team) Client.Login(userStd.Email, userStd.Password) @@ -577,9 +602,27 @@ func TestDeleteChannel(t *testing.T) { UpdateUserToTeamAdmin(userStd, team) + Client.Logout() + Client.Login(userStd.Email, userStd.Password) + Client.SetTeamId(team.Id) + if _, err := Client.DeleteChannel(channel2.Id); err != nil { t.Fatal(err) } + + channel3 := &model.Channel{DisplayName: "B Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel3 = Client.Must(Client.CreateChannel(channel3)).Data.(*model.Channel) + + Client.Login(userSystemAdmin.Email, userSystemAdmin.Password) + Client.Must(Client.JoinChannel(channel3.Id)) + + if _, err := Client.DeleteChannel(channel3.Id); err != nil { + t.Fatal(err) + } + + if _, err := Client.DeleteChannel(channel3.Id); err == nil { + t.Fatal("should have failed - channel already deleted") + } } func TestGetChannelExtraInfo(t *testing.T) { |