From ee1700d6b2453fd2b4aaf236123ec383cbbdff8b Mon Sep 17 00:00:00 2001 From: Harshil Sharma Date: Fri, 5 Oct 2018 14:26:01 +0000 Subject: #MM-12130 Added permission check for createServiceTerms API (#9556) * #MM-12130 changes for custom service terms * Fixed styling * Added getServiceTerms API * removed unnecessary panic * removed custom service terms text from flat config * reverted user sql store as those changes are no longer needed * added tests * Updated a config key to be more standard * Added copyright info * Loading service terms only if the feature is enabled * Loading service terms only if the feature is enabled * removed unused index * added createservice termns API * made a param to bool instead of string * added createservice termns API * review fixes * fixed styling * Minor refactoring * removed saveConfig and loadConfig magic * added empty service terms text check to createServiceTerms API * refactoed some urls to be terms_of_service instead of service_terms * removed check for support settings * changed URLs in tests * removed unused code * fixed a bug * added service termd id in conif * fixed a test * review fixes * minor fixes * Fixed TestCreateServiceTerms * Fix incorrect key in en.json and changes some translations from service terms to terms of service * Improved translated messages * Added permission check in createServiceTerms API --- api4/service_terms.go | 5 +++++ api4/service_terms_test.go | 17 +++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'api4') diff --git a/api4/service_terms.go b/api4/service_terms.go index 549bad0a1..ff953102d 100644 --- a/api4/service_terms.go +++ b/api4/service_terms.go @@ -25,6 +25,11 @@ func getServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) { } func createServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + if license := c.App.License(); license == nil || !*license.Features.CustomTermsOfService { c.Err = model.NewAppError("createServiceTerms", "api.create_service_terms.custom_service_terms_disabled.app_error", nil, "", http.StatusBadRequest) return diff --git a/api4/service_terms_test.go b/api4/service_terms_test.go index 693388376..607c104a6 100644 --- a/api4/service_terms_test.go +++ b/api4/service_terms_test.go @@ -30,15 +30,24 @@ func TestCreateServiceTerms(t *testing.T) { defer th.TearDown() Client := th.Client - serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id) + _, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id) + CheckErrorMessage(t, resp, "api.context.permissions.app_error") +} + +func TestCreateServiceTermsAdminUser(t *testing.T) { + th := Setup().InitSystemAdmin() + defer th.TearDown() + Client := th.SystemAdminClient + + serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.SystemAdminUser.Id) CheckErrorMessage(t, resp, "api.create_service_terms.custom_service_terms_disabled.app_error") th.App.SetLicense(model.NewTestLicense("EnableCustomServiceTerms")) - serviceTerms, resp = Client.CreateServiceTerms("service terms new", th.BasicUser.Id) + serviceTerms, resp = Client.CreateServiceTerms("service terms new_2", th.SystemAdminUser.Id) CheckNoError(t, resp) assert.NotEmpty(t, serviceTerms.Id) assert.NotEmpty(t, serviceTerms.CreateAt) - assert.Equal(t, "service terms new", serviceTerms.Text) - assert.Equal(t, th.BasicUser.Id, serviceTerms.UserId) + assert.Equal(t, "service terms new_2", serviceTerms.Text) + assert.Equal(t, th.SystemAdminUser.Id, serviceTerms.UserId) } -- cgit v1.2.3-1-g7c22