diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/apitestlib.go | 8 | ||||
-rw-r--r-- | api/channel.go | 26 | ||||
-rw-r--r-- | api/channel_test.go | 20 | ||||
-rw-r--r-- | api/post.go | 6 | ||||
-rw-r--r-- | api/post_test.go | 11 | ||||
-rw-r--r-- | api/webhook_test.go | 11 |
6 files changed, 74 insertions, 8 deletions
diff --git a/api/apitestlib.go b/api/apitestlib.go index 6372ea6b1..ab342c6b7 100644 --- a/api/apitestlib.go +++ b/api/apitestlib.go @@ -27,16 +27,16 @@ type TestHelper struct { SystemAdminChannel *model.Channel } -func SetupEnterprise(platformDir string) *TestHelper { +func SetupEnterprise() *TestHelper { if Srv == nil { - utils.LoadConfig(platformDir + "/config/config.json") - utils.InitTranslationsWithDir(platformDir + "/i18n") + utils.LoadConfig("config.json") + utils.InitTranslations() utils.Cfg.TeamSettings.MaxUsersPerTeam = 50 utils.DisableDebugLogForTest() utils.License.Features.SetDefaults() NewServer() StartServer() - utils.InitHTMLWithDir(platformDir + "/templates") + utils.InitHTML() InitApi() utils.EnableDebugLogForTest() Srv.Store.MarkSystemRanUnitTests() diff --git a/api/channel.go b/api/channel.go index b63e44017..9d36dd2eb 100644 --- a/api/channel.go +++ b/api/channel.go @@ -188,6 +188,7 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(channel.Id) cmc := Srv.Store.Channel().GetMember(channel.Id, c.Session.UserId) + tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) if cresult := <-sc; cresult.Err != nil { c.Err = cresult.Err @@ -195,14 +196,19 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if cmcresult := <-cmc; cmcresult.Err != nil { c.Err = cmcresult.Err return + } else if tmcresult := <-tmc; cmcresult.Err != nil { + c.Err = tmcresult.Err + return } else { oldChannel := cresult.Data.(*model.Channel) channelMember := cmcresult.Data.(model.ChannelMember) + teamMember := tmcresult.Data.(model.TeamMember) + if !c.HasPermissionsToTeam(oldChannel.TeamId, "updateChannel") { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { c.Err = model.NewLocAppError("updateChannel", "api.channel.update_channel.permission.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return @@ -576,6 +582,7 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(id) uc := Srv.Store.User().Get(c.Session.UserId) + ccm := Srv.Store.Channel().GetMemberCount(id) if cresult := <-sc; cresult.Err != nil { c.Err = cresult.Err @@ -583,9 +590,13 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) { } else if uresult := <-uc; uresult.Err != nil { c.Err = cresult.Err return + } else if ccmresult := <-ccm; ccmresult.Err != nil { + c.Err = ccmresult.Err + return } else { channel := cresult.Data.(*model.Channel) user := uresult.Data.(*model.User) + membersCount := ccmresult.Data.(int64) if !c.HasPermissionsToTeam(channel.TeamId, "leave") { return @@ -597,6 +608,12 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) { return } + if channel.Type == model.CHANNEL_PRIVATE && membersCount == 1 { + c.Err = model.NewLocAppError("leave", "api.channel.leave.last_member.app_error", nil, "userId="+user.Id) + c.Err.StatusCode = http.StatusBadRequest + return + } + if channel.Name == model.DEFAULT_CHANNEL { c.Err = model.NewLocAppError("leave", "api.channel.leave.default.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "") c.Err.StatusCode = http.StatusBadRequest @@ -625,6 +642,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { sc := Srv.Store.Channel().Get(id) scm := Srv.Store.Channel().GetMember(id, c.Session.UserId) + tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId) uc := Srv.Store.User().Get(c.Session.UserId) ihc := Srv.Store.Webhook().GetIncomingByChannel(id) ohc := Srv.Store.Webhook().GetOutgoingByChannel(id) @@ -638,6 +656,9 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { } else if scmresult := <-scm; scmresult.Err != nil { c.Err = scmresult.Err return + } else if tmcresult := <-tmc; tmcresult.Err != nil { + c.Err = tmcresult.Err + return } else if ihcresult := <-ihc; ihcresult.Err != nil { c.Err = ihcresult.Err return @@ -648,6 +669,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { channel := cresult.Data.(*model.Channel) user := uresult.Data.(*model.User) channelMember := scmresult.Data.(model.ChannelMember) + teamMember := tmcresult.Data.(model.TeamMember) incomingHooks := ihcresult.Data.([]*model.IncomingWebhook) outgoingHooks := ohcresult.Data.([]*model.OutgoingWebhook) @@ -655,7 +677,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) { c.Err = model.NewLocAppError("deleteChannel", "api.channel.delete_channel.permissions.app_error", nil, "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/channel_test.go b/api/channel_test.go index 69902c3ad..ac2766588 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -134,6 +134,7 @@ func TestUpdateChannel(t *testing.T) { team := th.BasicTeam user := th.BasicUser user2 := th.CreateUser(th.BasicClient) + LinkUserToTeam(user2, team) channel1 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) @@ -175,6 +176,13 @@ func TestUpdateChannel(t *testing.T) { if _, err := Client.UpdateChannel(upChannel1); err == nil { t.Fatal("Standard User should have failed to update") } + + Client.Must(Client.JoinChannel(channel1.Id)) + UpdateUserToTeamAdmin(user2, team) + + if _, err := Client.UpdateChannel(upChannel1); err != nil { + t.Fatal(err) + } } func TestUpdateChannelHeader(t *testing.T) { @@ -485,8 +493,10 @@ func TestLeaveChannel(t *testing.T) { Client.Must(Client.JoinChannel(channel1.Id)) - // No error if you leave a channel you cannot see - Client.Must(Client.LeaveChannel(channel3.Id)) + // Cannot leave a the private group if you are the only member + if _, err := Client.LeaveChannel(channel3.Id); err == nil { + t.Fatal("should have errored, cannot leave private group if only one member") + } rchannel := Client.Must(Client.CreateDirectChannel(th.BasicUser.Id)).Data.(*model.Channel) @@ -564,6 +574,12 @@ func TestDeleteChannel(t *testing.T) { break } } + + UpdateUserToTeamAdmin(userStd, team) + + if _, err := Client.DeleteChannel(channel2.Id); err != nil { + t.Fatal(err) + } } func TestGetChannelExtraInfo(t *testing.T) { diff --git a/api/post.go b/api/post.go index 734cb7148..6be3ec7eb 100644 --- a/api/post.go +++ b/api/post.go @@ -919,6 +919,12 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) { c.Err.StatusCode = http.StatusForbidden return } + + if oldPost.IsSystemMessage() { + c.Err = model.NewLocAppError("updatePost", "api.post.update_post.system_message.app_error", nil, "id="+post.Id) + c.Err.StatusCode = http.StatusForbidden + return + } } hashtags, _ := model.ParseHashtags(post.Message) diff --git a/api/post_test.go b/api/post_test.go index bb11a5439..b4c23ff06 100644 --- a/api/post_test.go +++ b/api/post_test.go @@ -155,6 +155,17 @@ func TestUpdatePost(t *testing.T) { t.Fatal("failed to updates") } } + + post3 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", Type: model.POST_JOIN_LEAVE} + rpost3, err := Client.CreatePost(post3) + if err != nil { + t.Fatal(err) + } + + up3 := &model.Post{Id: rpost3.Data.(*model.Post).Id, ChannelId: channel1.Id, Message: "a" + model.NewId() + " update post 3"} + if _, err := Client.UpdatePost(up3); err == nil { + t.Fatal("shouldn't have been able to update system message") + } } func TestGetPosts(t *testing.T) { diff --git a/api/webhook_test.go b/api/webhook_test.go index 5198056cc..1b13bb5d4 100644 --- a/api/webhook_test.go +++ b/api/webhook_test.go @@ -511,6 +511,7 @@ func TestRegenOutgoingHookToken(t *testing.T) { t.Fatal("should have errored - webhooks turned off") } } + func TestIncomingWebhooks(t *testing.T) { th := Setup().InitSystemAdmin() Client := th.SystemAdminClient @@ -529,11 +530,17 @@ func TestIncomingWebhooks(t *testing.T) { hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) url := "/hooks/" + hook.Id + text := `this is a \"test\" + that contains a newline and a tab` if _, err := Client.DoPost(url, "{\"text\":\"this is a test\"}", "application/json"); err != nil { t.Fatal(err) } + if _, err := Client.DoPost(url, "{\"text\":\""+text+"\"}", "application/json"); err != nil { + t.Fatal(err) + } + if _, err := Client.DoPost(url, fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", channel1.Name), "application/json"); err != nil { t.Fatal(err) } @@ -552,6 +559,10 @@ func TestIncomingWebhooks(t *testing.T) { t.Fatal(err) } + if _, err := Client.DoPost(url, "payload={\"text\":\""+text+"\"}", "application/x-www-form-urlencoded"); err != nil { + t.Fatal(err) + } + attachmentPayload := `{ "text": "this is a test", "attachments": [ |