diff options
-rw-r--r-- | api4/channel.go | 5 | ||||
-rw-r--r-- | api4/channel_test.go | 24 | ||||
-rw-r--r-- | i18n/en.json | 4 |
3 files changed, 33 insertions, 0 deletions
diff --git a/api4/channel.go b/api4/channel.go index f21b45d56..1599b6e70 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -1069,6 +1069,11 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { + c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) + return + } + if c.Params.UserId != c.Session.UserId { if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) diff --git a/api4/channel_test.go b/api4/channel_test.go index 5ca4dee6e..8593ea831 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -2038,6 +2038,30 @@ func TestRemoveChannelMember(t *testing.T) { _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) CheckNoError(t, resp) + + // Test on preventing removal of user from a direct channel + directChannel, resp := Client.CreateDirectChannel(user1.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(directChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) + + _, resp = Client.RemoveUserFromChannel(directChannel.Id, user2.Id) + CheckBadRequestStatus(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(directChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) + + // Test on preventing removal of user from a group channel + user3 := th.CreateUser() + groupChannel, resp := Client.CreateGroupChannel([]string{user1.Id, user2.Id, user3.Id}) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(groupChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(groupChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) } func TestAutocompleteChannels(t *testing.T) { diff --git a/i18n/en.json b/i18n/en.json index 19c92a0b4..84ca057e5 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -232,6 +232,10 @@ "translation": "Cannot remove user from the default channel {{.Channel}}" }, { + "id": "api.channel.remove_channel_member.type.app_error", + "translation": "Cannot remove user from a channel." + }, + { "id": "api.channel.remove_member.removed", "translation": "%v removed from the channel." }, |