summaryrefslogtreecommitdiffstats
path: root/app/team_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'app/team_test.go')
-rw-r--r--app/team_test.go214
1 files changed, 214 insertions, 0 deletions
diff --git a/app/team_test.go b/app/team_test.go
index 7992dd0c3..61ae03f74 100644
--- a/app/team_test.go
+++ b/app/team_test.go
@@ -179,3 +179,217 @@ func TestPermanentDeleteTeam(t *testing.T) {
t.Fatal(err)
}
}
+
+func TestSanitizeTeam(t *testing.T) {
+ th := Setup()
+ defer th.TearDown()
+
+ team := &model.Team{
+ Id: model.NewId(),
+ Email: th.MakeEmail(),
+ AllowedDomains: "example.com",
+ }
+ copyTeam := func() *model.Team {
+ copy := &model.Team{}
+ *copy = *team
+ return copy
+ }
+
+ t.Run("not a user of the team", func(t *testing.T) {
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: model.NewId(),
+ Roles: model.ROLE_TEAM_USER.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeam(session, copyTeam())
+ if sanitized.Email != "" && sanitized.AllowedDomains != "" {
+ t.Fatal("should've sanitized team")
+ }
+ })
+
+ t.Run("user of the team", func(t *testing.T) {
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: team.Id,
+ Roles: model.ROLE_TEAM_USER.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeam(session, copyTeam())
+ if sanitized.Email != "" && sanitized.AllowedDomains != "" {
+ t.Fatal("should've sanitized team")
+ }
+ })
+
+ t.Run("team admin", func(t *testing.T) {
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: team.Id,
+ Roles: model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeam(session, copyTeam())
+ if sanitized.Email == "" && sanitized.AllowedDomains == "" {
+ t.Fatal("shouldn't have sanitized team")
+ }
+ })
+
+ t.Run("team admin of another team", func(t *testing.T) {
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: model.NewId(),
+ Roles: model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeam(session, copyTeam())
+ if sanitized.Email != "" && sanitized.AllowedDomains != "" {
+ t.Fatal("should've sanitized team")
+ }
+ })
+
+ t.Run("system admin, not a user of team", func(t *testing.T) {
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: model.NewId(),
+ Roles: model.ROLE_TEAM_USER.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeam(session, copyTeam())
+ if sanitized.Email == "" && sanitized.AllowedDomains == "" {
+ t.Fatal("shouldn't have sanitized team")
+ }
+ })
+
+ t.Run("system admin, user of team", func(t *testing.T) {
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: team.Id,
+ Roles: model.ROLE_TEAM_USER.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeam(session, copyTeam())
+ if sanitized.Email == "" && sanitized.AllowedDomains == "" {
+ t.Fatal("shouldn't have sanitized team")
+ }
+ })
+}
+
+func TestSanitizeTeams(t *testing.T) {
+ th := Setup()
+ defer th.TearDown()
+
+ t.Run("not a system admin", func(t *testing.T) {
+ teams := []*model.Team{
+ {
+ Id: model.NewId(),
+ Email: th.MakeEmail(),
+ AllowedDomains: "example.com",
+ },
+ {
+ Id: model.NewId(),
+ Email: th.MakeEmail(),
+ AllowedDomains: "example.com",
+ },
+ }
+
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: teams[0].Id,
+ Roles: model.ROLE_TEAM_USER.Id,
+ },
+ {
+ UserId: userId,
+ TeamId: teams[1].Id,
+ Roles: model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeams(session, teams)
+
+ if sanitized[0].Email != "" && sanitized[0].AllowedDomains != "" {
+ t.Fatal("should've sanitized first team")
+ }
+
+ if sanitized[1].Email == "" && sanitized[1].AllowedDomains == "" {
+ t.Fatal("shouldn't have sanitized second team")
+ }
+ })
+
+ t.Run("system admin", func(t *testing.T) {
+ teams := []*model.Team{
+ {
+ Id: model.NewId(),
+ Email: th.MakeEmail(),
+ AllowedDomains: "example.com",
+ },
+ {
+ Id: model.NewId(),
+ Email: th.MakeEmail(),
+ AllowedDomains: "example.com",
+ },
+ }
+
+ userId := model.NewId()
+ session := model.Session{
+ Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+ TeamMembers: []*model.TeamMember{
+ {
+ UserId: userId,
+ TeamId: teams[0].Id,
+ Roles: model.ROLE_TEAM_USER.Id,
+ },
+ },
+ }
+
+ sanitized := SanitizeTeams(session, teams)
+
+ if sanitized[0].Email == "" && sanitized[0].AllowedDomains == "" {
+ t.Fatal("shouldn't have sanitized first team")
+ }
+
+ if sanitized[1].Email == "" && sanitized[1].AllowedDomains == "" {
+ t.Fatal("shouldn't have sanitized second team")
+ }
+ })
+}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-01 15:15:36 +0000