From fd6856b674cc24deb708f2cd36c247662ee10bc7 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 9 Aug 2017 09:34:09 -0400 Subject: PLT-7206: Remove the "Delete Channel" option for private channels if you're the last channel member and policy setting restricts channel deletion (#7050) * PLT-7206: UI changes. Removed last user in channel loophole, refactored code to clean it up, added differentiated support for public and private channels, added unit tests. Still need to implement server-side checks * PLT-7206: All helper methods in channel_utils.jsx now accept the same three boolean variables in the same order and use the same boolean logic to check their values. * PLT-7206: Added unit tests for showManagementOptions(...) * PLT-7206: Fixed test case descriptions * Added unit tests for showCreateOption(...) * PLT-7206: Added unit tests for canManageMembers(...) * PLT-7206: Removed last person in channel loophole from server-side code * PLT-7206: Reverted config.json * PLT-7206: Fixed double negatives in unit test names * PLT-7206: PR feedback - Removed confusing comment and unused variable --- api4/channel.go | 9 +-------- api4/channel_test.go | 6 ++---- 2 files changed, 3 insertions(+), 12 deletions(-) (limited to 'api4') diff --git a/api4/channel.go b/api4/channel.go index 604c47464..281fb6ac4 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -534,19 +534,12 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - var memberCount int64 - if memberCount, err = app.GetChannelMemberCount(c.Params.ChannelId); err != nil { - c.Err = err - return - } - if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) return } - // Allow delete if there's only one member left in a private channel - if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { + if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) return } diff --git a/api4/channel_test.go b/api4/channel_test.go index a1c5d2ad8..5cc770332 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -1064,15 +1064,13 @@ func TestDeleteChannel(t *testing.T) { // last member of a public channel should have required permission to delete publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN) - _, resp = Client.DeleteChannel(publicChannel6.Id) CheckForbiddenStatus(t, resp) - // last member of a private channel should be able to delete it regardless of required permissions + // last member of a private channel should not be able to delete it if they don't have required permissions privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE) - _, resp = Client.DeleteChannel(privateChannel7.Id) - CheckNoError(t, resp) + CheckForbiddenStatus(t, resp) } func TestRestoreChannel(t *testing.T) { -- cgit v1.2.3-1-g7c22