summaryrefslogtreecommitdiffstats
path: root/api4/team_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'api4/team_test.go')
-rw-r--r--api4/team_test.go88
1 files changed, 38 insertions, 50 deletions
diff --git a/api4/team_test.go b/api4/team_test.go
index c2edcdaaa..f969d05b2 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -69,8 +69,14 @@ func TestCreateTeam(t *testing.T) {
_, resp = Client.CreateTeam(rteam)
CheckUnauthorizedStatus(t, resp)
- // Update permission
- th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.EnableTeamCreation = false })
+ // Check the appropriate permissions are enforced.
+ defaultRolePermissions := th.SaveDefaultRolePermissions()
+ defer func() {
+ th.RestoreDefaultRolePermissions(defaultRolePermissions)
+ }()
+
+ th.RemovePermissionFromRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_USER_ROLE_ID)
+ th.AddPermissionToRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_ADMIN_ROLE_ID)
th.LoginBasic()
_, resp = Client.CreateTeam(team)
@@ -1314,16 +1320,18 @@ func TestAddTeamMember(t *testing.T) {
Client.Logout()
- // Set the config so that only team admins can add a user to a team.
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN })
- th.LoginBasic()
+ // Check the appropriate permissions are enforced.
+ defaultRolePermissions := th.SaveDefaultRolePermissions()
+ defer func() {
+ th.RestoreDefaultRolePermissions(defaultRolePermissions)
+ }()
- // Test without the EE license to see that the permission restriction is ignored.
- _, resp = Client.AddTeamMember(team.Id, otherUser.Id)
- CheckNoError(t, resp)
+ // Set the config so that only team admins can add a user to a team.
+ th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
+ th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
- // Add an EE license.
- th.App.SetLicense(model.NewTestLicense())
th.LoginBasic()
// Check that a regular user can't add someone to the team.
@@ -1333,38 +1341,26 @@ func TestAddTeamMember(t *testing.T) {
// Update user to team admin
th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam)
th.App.InvalidateAllCaches()
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN })
- th.App.SetLicense(model.NewTestLicense())
th.LoginBasic()
// Should work as a team admin.
_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
CheckNoError(t, resp)
- // Change permission level to System Admin
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_SYSTEM_ADMIN })
+ // Change permission level to team user
+ th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
+ th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
- // Should not work as team admin.
- _, resp = Client.AddTeamMember(team.Id, otherUser.Id)
- CheckForbiddenStatus(t, resp)
-
- // Should work as system admin.
- _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id)
- CheckNoError(t, resp)
-
- // Change permission level to All
th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam)
th.App.InvalidateAllCaches()
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_ALL })
- th.App.SetLicense(model.NewTestLicense())
th.LoginBasic()
// Should work as a regular user.
_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
CheckNoError(t, resp)
- th.LoginBasic()
-
// by hash and data
Client.Login(otherUser.Email, otherUser.Password)
@@ -1502,16 +1498,18 @@ func TestAddTeamMembers(t *testing.T) {
Client.Logout()
- // Set the config so that only team admins can add a user to a team.
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN })
- th.LoginBasic()
+ // Check the appropriate permissions are enforced.
+ defaultRolePermissions := th.SaveDefaultRolePermissions()
+ defer func() {
+ th.RestoreDefaultRolePermissions(defaultRolePermissions)
+ }()
- // Test without the EE license to see that the permission restriction is ignored.
- _, resp = Client.AddTeamMembers(team.Id, userList)
- CheckNoError(t, resp)
+ // Set the config so that only team admins can add a user to a team.
+ th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
+ th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
- // Add an EE license.
- th.App.SetLicense(model.NewTestLicense())
th.LoginBasic()
// Check that a regular user can't add someone to the team.
@@ -1521,30 +1519,20 @@ func TestAddTeamMembers(t *testing.T) {
// Update user to team admin
th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam)
th.App.InvalidateAllCaches()
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN })
- th.App.SetLicense(model.NewTestLicense())
th.LoginBasic()
// Should work as a team admin.
_, resp = Client.AddTeamMembers(team.Id, userList)
CheckNoError(t, resp)
- // Change permission level to System Admin
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_SYSTEM_ADMIN })
-
- // Should not work as team admin.
- _, resp = Client.AddTeamMembers(team.Id, userList)
- CheckForbiddenStatus(t, resp)
-
- // Should work as system admin.
- _, resp = th.SystemAdminClient.AddTeamMembers(team.Id, userList)
- CheckNoError(t, resp)
+ // Change permission level to team user
+ th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
+ th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
+ th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
- // Change permission level to All
th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam)
th.App.InvalidateAllCaches()
- th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_ALL })
- th.App.SetLicense(model.NewTestLicense())
th.LoginBasic()
// Should work as a regular user.
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-02 04:43:49 +0000