diff options
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/channel.go | 5 | ||||
| -rw-r--r-- | api4/channel_test.go | 24 | ||||
| -rw-r--r-- | api4/system_test.go | 23 |
3 files changed, 33 insertions, 19 deletions
diff --git a/api4/channel.go b/api4/channel.go index f21b45d56..1599b6e70 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -1069,6 +1069,11 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !(channel.Type == model.CHANNEL_OPEN || channel.Type == model.CHANNEL_PRIVATE) { + c.Err = model.NewAppError("removeChannelMember", "api.channel.remove_channel_member.type.app_error", nil, "", http.StatusBadRequest) + return + } + if c.Params.UserId != c.Session.UserId { if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { c.SetPermissionError(model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) diff --git a/api4/channel_test.go b/api4/channel_test.go index 5ca4dee6e..8593ea831 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -2038,6 +2038,30 @@ func TestRemoveChannelMember(t *testing.T) { _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) CheckNoError(t, resp) + + // Test on preventing removal of user from a direct channel + directChannel, resp := Client.CreateDirectChannel(user1.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(directChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) + + _, resp = Client.RemoveUserFromChannel(directChannel.Id, user2.Id) + CheckBadRequestStatus(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(directChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) + + // Test on preventing removal of user from a group channel + user3 := th.CreateUser() + groupChannel, resp := Client.CreateGroupChannel([]string{user1.Id, user2.Id, user3.Id}) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(groupChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(groupChannel.Id, user1.Id) + CheckBadRequestStatus(t, resp) } func TestAutocompleteChannels(t *testing.T) { diff --git a/api4/system_test.go b/api4/system_test.go index 099c193d0..205572cf6 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -10,6 +10,7 @@ import ( "github.com/mattermost/mattermost-server/mlog" "github.com/mattermost/mattermost-server/model" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestGetPing(t *testing.T) { @@ -47,9 +48,7 @@ func TestGetConfig(t *testing.T) { cfg, resp := th.SystemAdminClient.GetConfig() CheckNoError(t, resp) - if len(cfg.TeamSettings.SiteName) == 0 { - t.Fatal() - } + require.NotEqual(t, "", cfg.TeamSettings.SiteName) if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 { t.Fatal("did not sanitize properly") @@ -121,28 +120,14 @@ func TestUpdateConfig(t *testing.T) { cfg, resp = th.SystemAdminClient.UpdateConfig(cfg) CheckNoError(t, resp) - if len(cfg.TeamSettings.SiteName) == 0 { - t.Fatal() - } else { - if cfg.TeamSettings.SiteName != "MyFancyName" { - t.Log("It should update the SiteName") - t.Fatal() - } - } + require.Equal(t, "MyFancyName", cfg.TeamSettings.SiteName, "It should update the SiteName") //Revert the change cfg.TeamSettings.SiteName = SiteName cfg, resp = th.SystemAdminClient.UpdateConfig(cfg) CheckNoError(t, resp) - if len(cfg.TeamSettings.SiteName) == 0 { - t.Fatal() - } else { - if cfg.TeamSettings.SiteName != SiteName { - t.Log("It should update the SiteName") - t.Fatal() - } - } + require.Equal(t, SiteName, cfg.TeamSettings.SiteName, "It should update the SiteName") t.Run("Should not be able to modify PluginSettings.EnableUploads", func(t *testing.T) { oldEnableUploads := *th.App.GetConfig().PluginSettings.EnableUploads |