diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/team.go | 52 | ||||
-rw-r--r-- | api4/team_test.go | 135 |
2 files changed, 187 insertions, 0 deletions
diff --git a/api4/team.go b/api4/team.go index 1e63273e6..26fff7ce1 100644 --- a/api4/team.go +++ b/api4/team.go @@ -25,6 +25,7 @@ func InitTeam() { BaseRoutes.Team.Handle("/stats", ApiSessionRequired(getTeamStats)).Methods("GET") BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(getTeamMembers)).Methods("GET") BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST") + BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(addTeamMember)).Methods("POST") BaseRoutes.TeamForUser.Handle("/unread", ApiSessionRequired(getTeamUnread)).Methods("GET") @@ -235,6 +236,57 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.TeamMembersToJson(members))) } +func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId() + if c.Err != nil { + return + } + + var err *model.AppError + member := model.TeamMemberFromJson(r.Body) + if member.TeamId != c.Params.TeamId { + c.SetInvalidParam("team_id") + return + } + + hash := r.URL.Query().Get("hash") + data := r.URL.Query().Get("data") + inviteId := r.URL.Query().Get("invite_id") + + if len(member.UserId) > 0 { + if len(member.UserId) != 26 { + c.SetInvalidParam("user_id") + return + } + + if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) + return + } + + member, err = app.AddTeamMember(member.TeamId, member.UserId, c.GetSiteURL()) + } else if len(hash) > 0 && len(data) > 0 { + member, err = app.AddTeamMemberByHash(c.Session.UserId, hash, data, c.GetSiteURL()) + if err != nil { + err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_data.app_error", nil, "", http.StatusNotFound) + } + } else if len(inviteId) > 0 { + member, err = app.AddTeamMemberByInviteId(inviteId, c.Session.UserId, c.GetSiteURL()) + if err != nil { + err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_invite_id.app_error", nil, "", http.StatusNotFound) + } + } else { + err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.missing_parameter.app_error", nil, "", http.StatusBadRequest) + } + + if err != nil { + c.Err = err + return + } + + w.Write([]byte(member.ToJson())) +} + func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireTeamId().RequireUserId() if c.Err != nil { diff --git a/api4/team_test.go b/api4/team_test.go index 4b69f5b62..2076a8c1d 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -4,6 +4,7 @@ package api4 import ( + "fmt" "net/http" "strconv" "testing" @@ -502,6 +503,140 @@ func TestGetTeamMembersByIds(t *testing.T) { CheckUnauthorizedStatus(t, resp) } +func TestAddTeamMember(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + otherUser := th.CreateUser() + + // by user_id + th.LoginTeamAdmin() + + tm, resp := Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckNoError(t, resp) + + if tm == nil { + t.Fatal("should have returned team member") + } + + if tm.UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm.TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + tm, resp = Client.AddTeamMember(team.Id, "junk", "", "", "") + CheckBadRequestStatus(t, resp) + + if tm != nil { + t.Fatal("should have not returned team member") + } + + _, resp = Client.AddTeamMember("junk", otherUser.Id, "", "", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id, "", "", "") + CheckForbiddenStatus(t, resp) + + _, resp = Client.AddTeamMember(team.Id, GenerateTestId(), "", "", "") + CheckNotFoundStatus(t, resp) + + th.LoginBasic() + + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckUnauthorizedStatus(t, resp) + + _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckNoError(t, resp) + + // by hash and data + Client.Login(otherUser.Email, otherUser.Password) + + dataObject := make(map[string]string) + dataObject["time"] = fmt.Sprintf("%v", model.GetMillis()) + dataObject["id"] = team.Id + + data := model.MapToJson(dataObject) + hashed := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) + + tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + CheckNoError(t, resp) + + if tm == nil { + t.Fatal("should have returned team member") + } + + if tm.UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm.TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + tm, resp = Client.AddTeamMember(team.Id, "", "junk", data, "") + CheckNotFoundStatus(t, resp) + + if tm != nil { + t.Fatal("should have not returned team member") + } + + _, resp = Client.AddTeamMember(team.Id, "", hashed, "junk", "") + CheckNotFoundStatus(t, resp) + + // expired data of more than 50 hours + dataObject["time"] = fmt.Sprintf("%v", model.GetMillis()-1000*60*60*50) + data = model.MapToJson(dataObject) + hashed = model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) + + tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + CheckNotFoundStatus(t, resp) + + // invalid team id + dataObject["id"] = GenerateTestId() + data = model.MapToJson(dataObject) + hashed = model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) + + tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + CheckNotFoundStatus(t, resp) + + // by invite_id + Client.Login(otherUser.Email, otherUser.Password) + + tm, resp = Client.AddTeamMember(team.Id, "", "", "", team.InviteId) + CheckNoError(t, resp) + + if tm == nil { + t.Fatal("should have returned team member") + } + + if tm.UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm.TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + tm, resp = Client.AddTeamMember(team.Id, "", "", "", "junk") + CheckNotFoundStatus(t, resp) + + if tm != nil { + t.Fatal("should have not returned team member") + } + + _, resp = Client.AddTeamMember(team.Id, "", "", "", "junk") + CheckNotFoundStatus(t, resp) +} + func TestGetTeamStats(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() |