diff options
Diffstat (limited to 'api4/channel_test.go')
-rw-r--r-- | api4/channel_test.go | 347 |
1 files changed, 49 insertions, 298 deletions
diff --git a/api4/channel_test.go b/api4/channel_test.go index 51c32cf71..b9ee5bc7d 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -77,12 +77,16 @@ func TestCreateChannel(t *testing.T) { _, resp = Client.CreateChannel(private) CheckForbiddenStatus(t, resp) - th.LoginBasic() + // Check the appropriate permissions are enforced. + defaultRolePermissions := th.SaveDefaultRolePermissions() + defer func() { + th.RestoreDefaultRolePermissions(defaultRolePermissions) + }() + + th.AddPermissionToRole(model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) - // Check permissions with policy config changes - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_ALL }) - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_ALL }) - th.App.SetLicense(model.NewTestLicense()) + th.LoginBasic() channel.Name = GenerateTestChannelName() _, resp = Client.CreateChannel(channel) @@ -92,10 +96,10 @@ func TestCreateChannel(t *testing.T) { _, resp = Client.CreateChannel(private) CheckNoError(t, resp) - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_TEAM_ADMIN - *cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_TEAM_ADMIN - }) + th.AddPermissionToRole(model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, model.TEAM_ADMIN_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, model.TEAM_ADMIN_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) _, resp = Client.CreateChannel(channel) CheckForbiddenStatus(t, resp) @@ -121,46 +125,7 @@ func TestCreateChannel(t *testing.T) { _, resp = th.SystemAdminClient.CreateChannel(private) CheckNoError(t, resp) - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_SYSTEM_ADMIN - *cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_SYSTEM_ADMIN - }) - - th.LoginBasic() - - _, resp = Client.CreateChannel(channel) - CheckForbiddenStatus(t, resp) - - _, resp = Client.CreateChannel(private) - CheckForbiddenStatus(t, resp) - - th.LoginTeamAdmin() - - _, resp = Client.CreateChannel(channel) - CheckForbiddenStatus(t, resp) - - _, resp = Client.CreateChannel(private) - CheckForbiddenStatus(t, resp) - - channel.Name = GenerateTestChannelName() - _, resp = th.SystemAdminClient.CreateChannel(channel) - CheckNoError(t, resp) - - private.Name = GenerateTestChannelName() - _, resp = th.SystemAdminClient.CreateChannel(private) - CheckNoError(t, resp) - - // Check that if unlicensed the policy restriction is not enforced. - th.App.SetLicense(nil) - - channel.Name = GenerateTestChannelName() - _, resp = Client.CreateChannel(channel) - CheckNoError(t, resp) - - private.Name = GenerateTestChannelName() - _, resp = Client.CreateChannel(private) - CheckNoError(t, resp) - + // Test posting Garbage if r, err := Client.DoApiPost("/channels", "garbage"); err == nil { t.Fatal("should have errored") } else { @@ -804,12 +769,6 @@ func TestDeleteChannel(t *testing.T) { _, resp = Client.DeleteChannel(publicChannel3.Id) CheckNoError(t, resp) - // successful delete by TeamAdmin of channel created by user - publicChannel4 := th.CreatePublicChannel() - th.LoginTeamAdmin() - _, resp = Client.DeleteChannel(publicChannel4.Id) - CheckNoError(t, resp) - // default channel cannot be deleted. defaultChannel, _ := th.App.GetChannelByName(model.DEFAULT_CHANNEL, team.Id) pass, resp = Client.DeleteChannel(defaultChannel.Id) @@ -863,9 +822,14 @@ func TestDeleteChannel(t *testing.T) { th.InitBasic().InitSystemAdmin() - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_ALL }) - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_ALL }) - th.App.SetLicense(model.NewTestLicense()) + // Check the appropriate permissions are enforced. + defaultRolePermissions := th.SaveDefaultRolePermissions() + defer func() { + th.RestoreDefaultRolePermissions(defaultRolePermissions) + }() + + th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) Client = th.Client team = th.BasicTeam @@ -886,10 +850,11 @@ func TestDeleteChannel(t *testing.T) { _, resp = Client.DeleteChannel(privateChannel7.Id) CheckNoError(t, resp) - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_CHANNEL_ADMIN - *cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_CHANNEL_ADMIN - }) + // Restrict permissions to Channel Admins + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) // channels created by SystemAdmin publicChannel6 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN) @@ -916,115 +881,9 @@ func TestDeleteChannel(t *testing.T) { _, resp = Client.DeleteChannel(privateChannel7.Id) CheckNoError(t, resp) - // // channels created by SystemAdmin - publicChannel6 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN) - privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) - th.App.AddUserToChannel(user, publicChannel6) - th.App.AddUserToChannel(user, privateChannel7) - th.App.AddUserToChannel(user2, privateChannel7) - - // successful delete by team admin - th.UpdateUserToTeamAdmin(user, team) - th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) - - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckNoError(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckNoError(t, resp) - - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_TEAM_ADMIN - *cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_TEAM_ADMIN - }) - th.UpdateUserToNonTeamAdmin(user, team) - th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) - - // channels created by SystemAdmin - publicChannel6 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN) - privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) - th.App.AddUserToChannel(user, publicChannel6) - th.App.AddUserToChannel(user, privateChannel7) - th.App.AddUserToChannel(user2, privateChannel7) - - // cannot delete by user - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckForbiddenStatus(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckForbiddenStatus(t, resp) - - // // cannot delete by channel admin - th.MakeUserChannelAdmin(user, publicChannel6) - th.MakeUserChannelAdmin(user, privateChannel7) - th.App.Srv.Store.Channel().ClearCaches() - - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckForbiddenStatus(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckForbiddenStatus(t, resp) - - // successful delete by team admin - th.UpdateUserToTeamAdmin(th.BasicUser, team) - th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) - - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckNoError(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckNoError(t, resp) - - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_SYSTEM_ADMIN - *cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_SYSTEM_ADMIN - }) - - // channels created by SystemAdmin - publicChannel6 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN) - privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) - th.App.AddUserToChannel(user, publicChannel6) - th.App.AddUserToChannel(user, privateChannel7) - th.App.AddUserToChannel(user2, privateChannel7) - - // cannot delete by user - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckForbiddenStatus(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckForbiddenStatus(t, resp) - - // cannot delete by channel admin - th.MakeUserChannelAdmin(user, publicChannel6) - th.MakeUserChannelAdmin(user, privateChannel7) - th.App.Srv.Store.Channel().ClearCaches() - - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckForbiddenStatus(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckForbiddenStatus(t, resp) - - // cannot delete by team admin - th.UpdateUserToTeamAdmin(th.BasicUser, team) - th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) - - _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckForbiddenStatus(t, resp) - - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckForbiddenStatus(t, resp) - - // successful delete by SystemAdmin - _, resp = th.SystemAdminClient.DeleteChannel(publicChannel6.Id) - CheckNoError(t, resp) - - _, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id) - CheckNoError(t, resp) + // Make sure team admins don't have permission to delete channels. + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) // last member of a public channel should have required permission to delete publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN) @@ -1767,25 +1626,13 @@ func TestAddChannelMember(t *testing.T) { _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) CheckNoError(t, resp) - // Test policy does not apply to TE. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN - }) + // Check the appropriate permissions are enforced. + defaultRolePermissions := th.SaveDefaultRolePermissions() + defer func() { + th.RestoreDefaultRolePermissions(defaultRolePermissions) + }() - Client.Login(user2.Username, user2.Password) - privateChannel = th.CreatePrivateChannel() - _, resp = Client.AddChannelMember(privateChannel.Id, user.Id) - CheckNoError(t, resp) - Client.Logout() - - Client.Login(user.Username, user.Password) - _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) - CheckNoError(t, resp) - Client.Logout() - - // Add a license - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL }) - th.App.SetLicense(model.NewTestLicense()) + th.AddPermissionToRole(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.CHANNEL_USER_ROLE_ID) // Check that a regular channel user can add other users. Client.Login(user2.Username, user2.Password) @@ -1799,10 +1646,9 @@ func TestAddChannelMember(t *testing.T) { CheckNoError(t, resp) Client.Logout() - // Test with CHANNEL_ADMIN level permission. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN - }) + // Restrict the permission for adding users to Channel Admins + th.AddPermissionToRole(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.CHANNEL_ADMIN_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.CHANNEL_USER_ROLE_ID) Client.Login(user2.Username, user2.Password) privateChannel = th.CreatePrivateChannel() @@ -1817,56 +1663,11 @@ func TestAddChannelMember(t *testing.T) { th.MakeUserChannelAdmin(user, privateChannel) th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) - - Client.Login(user.Username, user.Password) - _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) - CheckNoError(t, resp) - Client.Logout() - - // Test with TEAM_ADMIN level permission. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN - }) - - Client.Login(user2.Username, user2.Password) - privateChannel = th.CreatePrivateChannel() - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user.Id) - CheckNoError(t, resp) - Client.Logout() - - Client.Login(user.Username, user.Password) - _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) - CheckForbiddenStatus(t, resp) - Client.Logout() - - th.UpdateUserToTeamAdmin(user, team) - th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) Client.Login(user.Username, user.Password) _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) CheckNoError(t, resp) Client.Logout() - - // Test with SYSTEM_ADMIN level permission. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN - }) - - Client.Login(user2.Username, user2.Password) - privateChannel = th.CreatePrivateChannel() - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user.Id) - CheckNoError(t, resp) - Client.Logout() - - Client.Login(user.Username, user.Password) - _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) - CheckForbiddenStatus(t, resp) - Client.Logout() - - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user3.Id) - CheckNoError(t, resp) } func TestRemoveChannelMember(t *testing.T) { @@ -1928,26 +1729,16 @@ func TestRemoveChannelMember(t *testing.T) { th.UpdateUserToNonTeamAdmin(user1, team) th.App.InvalidateAllCaches() - // Test policy does not apply to TE. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN - }) + // Check the appropriate permissions are enforced. + defaultRolePermissions := th.SaveDefaultRolePermissions() + defer func() { + th.RestoreDefaultRolePermissions(defaultRolePermissions) + }() - privateChannel := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) - CheckNoError(t, resp) - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) - CheckNoError(t, resp) - - _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) - CheckNoError(t, resp) - - // Add a license - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL }) - th.App.SetLicense(model.NewTestLicense()) + th.AddPermissionToRole(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.CHANNEL_USER_ROLE_ID) // Check that a regular channel user can remove other users. - privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) + privateChannel := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) CheckNoError(t, resp) _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) @@ -1956,10 +1747,9 @@ func TestRemoveChannelMember(t *testing.T) { _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) CheckNoError(t, resp) - // Test with CHANNEL_ADMIN level permission. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN - }) + // Restrict the permission for adding users to Channel Admins + th.AddPermissionToRole(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.CHANNEL_ADMIN_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.CHANNEL_USER_ROLE_ID) privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) @@ -1972,46 +1762,7 @@ func TestRemoveChannelMember(t *testing.T) { th.MakeUserChannelAdmin(user1, privateChannel) th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) CheckNoError(t, resp) - - // Test with TEAM_ADMIN level permission. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN - }) - - privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) - CheckNoError(t, resp) - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) - CheckNoError(t, resp) - - _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) - CheckForbiddenStatus(t, resp) - - th.UpdateUserToTeamAdmin(user1, team) - th.App.InvalidateAllCaches() - th.App.SetLicense(model.NewTestLicense()) - - _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) - CheckNoError(t, resp) - - // Test with SYSTEM_ADMIN level permission. - th.App.UpdateConfig(func(cfg *model.Config) { - *cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN - }) - - privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) - CheckNoError(t, resp) - _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) - CheckNoError(t, resp) - - _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) - CheckForbiddenStatus(t, resp) - - _, resp = th.SystemAdminClient.RemoveUserFromChannel(privateChannel.Id, user2.Id) - CheckNoError(t, resp) } |