6 files changed, 74 insertions, 8 deletions

diff --git a/api/apitestlib.go b/api/apitestlib.go
index 6372ea6b1..ab342c6b7 100644
--- a/api/apitestlib.go
+++ b/api/apitestlib.go
@@ -27,16 +27,16 @@ type TestHelper struct {
 	SystemAdminChannel *model.Channel
 }
 
-func SetupEnterprise(platformDir string) *TestHelper {
+func SetupEnterprise() *TestHelper {
 	if Srv == nil {
-		utils.LoadConfig(platformDir + "/config/config.json")
-		utils.InitTranslationsWithDir(platformDir + "/i18n")
+		utils.LoadConfig("config.json")
+		utils.InitTranslations()
 		utils.Cfg.TeamSettings.MaxUsersPerTeam = 50
 		utils.DisableDebugLogForTest()
 		utils.License.Features.SetDefaults()
 		NewServer()
 		StartServer()
-		utils.InitHTMLWithDir(platformDir + "/templates")
+		utils.InitHTML()
 		InitApi()
 		utils.EnableDebugLogForTest()
 		Srv.Store.MarkSystemRanUnitTests()
diff --git a/api/channel.go b/api/channel.go
index b63e44017..9d36dd2eb 100644
--- a/api/channel.go
+++ b/api/channel.go
@@ -188,6 +188,7 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	sc := Srv.Store.Channel().Get(channel.Id)
 	cmc := Srv.Store.Channel().GetMember(channel.Id, c.Session.UserId)
+	tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId)
 
 	if cresult := <-sc; cresult.Err != nil {
 		c.Err = cresult.Err
@@ -195,14 +196,19 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else if cmcresult := <-cmc; cmcresult.Err != nil {
 		c.Err = cmcresult.Err
 		return
+	} else if tmcresult := <-tmc; cmcresult.Err != nil {
+		c.Err = tmcresult.Err
+		return
 	} else {
 		oldChannel := cresult.Data.(*model.Channel)
 		channelMember := cmcresult.Data.(model.ChannelMember)
+		teamMember := tmcresult.Data.(model.TeamMember)
+
 		if !c.HasPermissionsToTeam(oldChannel.TeamId, "updateChannel") {
 			return
 		}
 
-		if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
+		if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) {
 			c.Err = model.NewLocAppError("updateChannel", "api.channel.update_channel.permission.app_error", nil, "")
 			c.Err.StatusCode = http.StatusForbidden
 			return
@@ -576,6 +582,7 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	sc := Srv.Store.Channel().Get(id)
 	uc := Srv.Store.User().Get(c.Session.UserId)
+	ccm := Srv.Store.Channel().GetMemberCount(id)
 
 	if cresult := <-sc; cresult.Err != nil {
 		c.Err = cresult.Err
@@ -583,9 +590,13 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else if uresult := <-uc; uresult.Err != nil {
 		c.Err = cresult.Err
 		return
+	} else if ccmresult := <-ccm; ccmresult.Err != nil {
+		c.Err = ccmresult.Err
+		return
 	} else {
 		channel := cresult.Data.(*model.Channel)
 		user := uresult.Data.(*model.User)
+		membersCount := ccmresult.Data.(int64)
 
 		if !c.HasPermissionsToTeam(channel.TeamId, "leave") {
 			return
@@ -597,6 +608,12 @@ func leave(c *Context, w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		if channel.Type == model.CHANNEL_PRIVATE && membersCount == 1 {
+			c.Err = model.NewLocAppError("leave", "api.channel.leave.last_member.app_error", nil, "userId="+user.Id)
+			c.Err.StatusCode = http.StatusBadRequest
+			return
+		}
+
 		if channel.Name == model.DEFAULT_CHANNEL {
 			c.Err = model.NewLocAppError("leave", "api.channel.leave.default.app_error", map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}, "")
 			c.Err.StatusCode = http.StatusBadRequest
@@ -625,6 +642,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	sc := Srv.Store.Channel().Get(id)
 	scm := Srv.Store.Channel().GetMember(id, c.Session.UserId)
+	tmc := Srv.Store.Team().GetMember(c.TeamId, c.Session.UserId)
 	uc := Srv.Store.User().Get(c.Session.UserId)
 	ihc := Srv.Store.Webhook().GetIncomingByChannel(id)
 	ohc := Srv.Store.Webhook().GetOutgoingByChannel(id)
@@ -638,6 +656,9 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else if scmresult := <-scm; scmresult.Err != nil {
 		c.Err = scmresult.Err
 		return
+	} else if tmcresult := <-tmc; tmcresult.Err != nil {
+		c.Err = tmcresult.Err
+		return
 	} else if ihcresult := <-ihc; ihcresult.Err != nil {
 		c.Err = ihcresult.Err
 		return
@@ -648,6 +669,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		channel := cresult.Data.(*model.Channel)
 		user := uresult.Data.(*model.User)
 		channelMember := scmresult.Data.(model.ChannelMember)
+		teamMember := tmcresult.Data.(model.TeamMember)
 		incomingHooks := ihcresult.Data.([]*model.IncomingWebhook)
 		outgoingHooks := ohcresult.Data.([]*model.OutgoingWebhook)
 
@@ -655,7 +677,7 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(c.Session.Roles, model.ROLE_TEAM_ADMIN) {
+		if !strings.Contains(channelMember.Roles, model.CHANNEL_ROLE_ADMIN) && !strings.Contains(teamMember.Roles, model.ROLE_TEAM_ADMIN) {
 			c.Err = model.NewLocAppError("deleteChannel", "api.channel.delete_channel.permissions.app_error", nil, "")
 			c.Err.StatusCode = http.StatusForbidden
 			return
diff --git a/api/channel_test.go b/api/channel_test.go
index 69902c3ad..ac2766588 100644
--- a/api/channel_test.go
+++ b/api/channel_test.go
@@ -134,6 +134,7 @@ func TestUpdateChannel(t *testing.T) {
 	team := th.BasicTeam
 	user := th.BasicUser
 	user2 := th.CreateUser(th.BasicClient)
+	LinkUserToTeam(user2, team)
 
 	channel1 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
 	channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
@@ -175,6 +176,13 @@ func TestUpdateChannel(t *testing.T) {
 	if _, err := Client.UpdateChannel(upChannel1); err == nil {
 		t.Fatal("Standard User should have failed to update")
 	}
+
+	Client.Must(Client.JoinChannel(channel1.Id))
+	UpdateUserToTeamAdmin(user2, team)
+
+	if _, err := Client.UpdateChannel(upChannel1); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func TestUpdateChannelHeader(t *testing.T) {
@@ -485,8 +493,10 @@ func TestLeaveChannel(t *testing.T) {
 
 	Client.Must(Client.JoinChannel(channel1.Id))
 
-	// No error if you leave a channel you cannot see
-	Client.Must(Client.LeaveChannel(channel3.Id))
+	// Cannot leave a the private group if you are the only member
+	if _, err := Client.LeaveChannel(channel3.Id); err == nil {
+		t.Fatal("should have errored, cannot leave private group if only one member")
+	}
 
 	rchannel := Client.Must(Client.CreateDirectChannel(th.BasicUser.Id)).Data.(*model.Channel)
 
@@ -564,6 +574,12 @@ func TestDeleteChannel(t *testing.T) {
 			break
 		}
 	}
+
+	UpdateUserToTeamAdmin(userStd, team)
+
+	if _, err := Client.DeleteChannel(channel2.Id); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func TestGetChannelExtraInfo(t *testing.T) {
diff --git a/api/post.go b/api/post.go
index 734cb7148..6be3ec7eb 100644
--- a/api/post.go
+++ b/api/post.go
@@ -919,6 +919,12 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
 			c.Err.StatusCode = http.StatusForbidden
 			return
 		}
+
+		if oldPost.IsSystemMessage() {
+			c.Err = model.NewLocAppError("updatePost", "api.post.update_post.system_message.app_error", nil, "id="+post.Id)
+			c.Err.StatusCode = http.StatusForbidden
+			return
+		}
 	}
 
 	hashtags, _ := model.ParseHashtags(post.Message)
diff --git a/api/post_test.go b/api/post_test.go
index bb11a5439..b4c23ff06 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -155,6 +155,17 @@ func TestUpdatePost(t *testing.T) {
 			t.Fatal("failed to updates")
 		}
 	}
+
+	post3 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a", Type: model.POST_JOIN_LEAVE}
+	rpost3, err := Client.CreatePost(post3)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	up3 := &model.Post{Id: rpost3.Data.(*model.Post).Id, ChannelId: channel1.Id, Message: "a" + model.NewId() + " update post 3"}
+	if _, err := Client.UpdatePost(up3); err == nil {
+		t.Fatal("shouldn't have been able to update system message")
+	}
 }
 
 func TestGetPosts(t *testing.T) {
diff --git a/api/webhook_test.go b/api/webhook_test.go
index 5198056cc..1b13bb5d4 100644
--- a/api/webhook_test.go
+++ b/api/webhook_test.go
@@ -511,6 +511,7 @@ func TestRegenOutgoingHookToken(t *testing.T) {
 		t.Fatal("should have errored - webhooks turned off")
 	}
 }
+
 func TestIncomingWebhooks(t *testing.T) {
 	th := Setup().InitSystemAdmin()
 	Client := th.SystemAdminClient
@@ -529,11 +530,17 @@ func TestIncomingWebhooks(t *testing.T) {
 	hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook)
 
 	url := "/hooks/" + hook.Id
+	text := `this is a \"test\"
+	that contains a newline and a tab`
 
 	if _, err := Client.DoPost(url, "{\"text\":\"this is a test\"}", "application/json"); err != nil {
 		t.Fatal(err)
 	}
 
+	if _, err := Client.DoPost(url, "{\"text\":\""+text+"\"}", "application/json"); err != nil {
+		t.Fatal(err)
+	}
+
 	if _, err := Client.DoPost(url, fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", channel1.Name), "application/json"); err != nil {
 		t.Fatal(err)
 	}
@@ -552,6 +559,10 @@ func TestIncomingWebhooks(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	if _, err := Client.DoPost(url, "payload={\"text\":\""+text+"\"}", "application/x-www-form-urlencoded"); err != nil {
+		t.Fatal(err)
+	}
+
 	attachmentPayload := `{
         "text": "this is a test",
         "attachments": [