diff options
-rw-r--r-- | app/command_msg.go | 4 | ||||
-rw-r--r-- | app/command_msg_test.go | 34 | ||||
-rw-r--r-- | i18n/en.json | 4 |
3 files changed, 42 insertions, 0 deletions
diff --git a/app/command_msg.go b/app/command_msg.go index 6877c10d6..bf414210a 100644 --- a/app/command_msg.go +++ b/app/command_msg.go @@ -66,6 +66,10 @@ func (me *msgProvider) DoCommand(a *App, args *model.CommandArgs, message string targetChannelId := "" if channel := <-a.Srv.Store.Channel().GetByName(args.TeamId, channelName, true); channel.Err != nil { if channel.Err.Id == "store.sql_channel.get_by_name.missing.app_error" { + if !a.SessionHasPermissionTo(args.Session, model.PERMISSION_CREATE_DIRECT_CHANNEL) { + return &model.CommandResponse{Text: args.T("api.command_msg.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} + } + if directChannel, err := a.CreateDirectChannel(args.UserId, userProfile.Id); err != nil { mlog.Error(err.Error()) return &model.CommandResponse{Text: args.T("api.command_msg.dm_fail.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} diff --git a/app/command_msg_test.go b/app/command_msg_test.go index 22c4d07cf..9a8ca8eb0 100644 --- a/app/command_msg_test.go +++ b/app/command_msg_test.go @@ -19,13 +19,47 @@ func TestMsgProvider(t *testing.T) { team := th.CreateTeam() th.LinkUserToTeam(th.BasicUser, team) cmd := &msgProvider{} + + // Check without permission to create a DM channel. resp := cmd.DoCommand(th.App, &model.CommandArgs{ T: i18n.IdentityTfunc(), SiteURL: "http://test.url", TeamId: team.Id, UserId: th.BasicUser.Id, + Session: model.Session{ + Roles: "", + }, }, "@"+th.BasicUser2.Username+" hello") + channelName := model.GetDMNameFromIds(th.BasicUser.Id, th.BasicUser2.Id) + assert.Equal(t, "api.command_msg.permission.app_error", resp.Text) + assert.Equal(t, "", resp.GotoLocation) + + // Check with permission to create a DM channel. + resp = cmd.DoCommand(th.App, &model.CommandArgs{ + T: i18n.IdentityTfunc(), + SiteURL: "http://test.url", + TeamId: team.Id, + UserId: th.BasicUser.Id, + Session: model.Session{ + Roles: model.SYSTEM_USER_ROLE_ID, + }, + }, "@"+th.BasicUser2.Username+" hello") + + assert.Equal(t, "", resp.Text) + assert.Equal(t, "http://test.url/"+team.Name+"/channels/"+channelName, resp.GotoLocation) + + // Check without permission to post to an existing DM channel. + resp = cmd.DoCommand(th.App, &model.CommandArgs{ + T: i18n.IdentityTfunc(), + SiteURL: "http://test.url", + TeamId: team.Id, + UserId: th.BasicUser.Id, + Session: model.Session{ + Roles: "", + }, + }, "@"+th.BasicUser2.Username+" hello") + assert.Equal(t, "", resp.Text) assert.Equal(t, "http://test.url/"+team.Name+"/channels/"+channelName, resp.GotoLocation) } diff --git a/i18n/en.json b/i18n/en.json index d8a059175..b12a67cde 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -823,6 +823,10 @@ "translation": "You do not have the appropriate permissions to remove the member." }, { + "id": "api.command_msg.permission.app_error", + "translation": "You don't have the appropriate permissions to direct message this user." + }, + { "id": "api.command_remove.user_not_in_channel", "translation": "{{.Username}} is not a member of this channel." }, |