diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/user.go | 5 | ||||
-rw-r--r-- | api4/user_test.go | 40 |
2 files changed, 45 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index e4595ee54..593d704a5 100644 --- a/api4/user.go +++ b/api4/user.go @@ -397,6 +397,11 @@ func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) { return } + if props.NotInTeamId != "" && !app.SessionHasPermissionToTeam(c.Session, props.NotInTeamId, model.PERMISSION_VIEW_TEAM) { + c.SetPermissionError(model.PERMISSION_VIEW_TEAM) + return + } + searchOptions := map[string]bool{} searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive diff --git a/api4/user_test.go b/api4/user_test.go index 220ed124f..b3e4edc3d 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -385,6 +385,45 @@ func TestSearchUsers(t *testing.T) { _, resp = Client.SearchUsers(search) CheckForbiddenStatus(t, resp) + // Test search for users not in any team + search.TeamId = "" + search.NotInChannelId = "" + search.InChannelId = "" + search.NotInTeamId = th.BasicTeam.Id + + users, resp = Client.SearchUsers(search) + CheckNoError(t, resp) + + if findUserInList(th.BasicUser.Id, users) { + t.Fatal("should not have found user") + } + + oddUser := th.CreateUser() + search.Term = oddUser.Username + + users, resp = Client.SearchUsers(search) + CheckNoError(t, resp) + + if !findUserInList(oddUser.Id, users) { + t.Fatal("should have found user") + } + + _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id, "", "", th.BasicTeam.InviteId) + CheckNoError(t, resp) + + users, resp = Client.SearchUsers(search) + CheckNoError(t, resp) + + if findUserInList(oddUser.Id, users) { + t.Fatal("should not have found user") + } + + search.NotInTeamId = model.NewId() + _, resp = Client.SearchUsers(search) + CheckForbiddenStatus(t, resp) + + search.Term = th.BasicUser.Username + emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress namePrivacy := utils.Cfg.PrivacySettings.ShowFullName defer func() { @@ -400,6 +439,7 @@ func TestSearchUsers(t *testing.T) { } search.InChannelId = "" + search.NotInTeamId = "" search.Term = th.BasicUser2.Email users, resp = Client.SearchUsers(search) CheckNoError(t, resp) |