From fd6856b674cc24deb708f2cd36c247662ee10bc7 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 9 Aug 2017 09:34:09 -0400 Subject: PLT-7206: Remove the "Delete Channel" option for private channels if you're the last channel member and policy setting restricts channel deletion (#7050) * PLT-7206: UI changes. Removed last user in channel loophole, refactored code to clean it up, added differentiated support for public and private channels, added unit tests. Still need to implement server-side checks * PLT-7206: All helper methods in channel_utils.jsx now accept the same three boolean variables in the same order and use the same boolean logic to check their values. * PLT-7206: Added unit tests for showManagementOptions(...) * PLT-7206: Fixed test case descriptions * Added unit tests for showCreateOption(...) * PLT-7206: Added unit tests for canManageMembers(...) * PLT-7206: Removed last person in channel loophole from server-side code * PLT-7206: Reverted config.json * PLT-7206: Fixed double negatives in unit test names * PLT-7206: PR feedback - Removed confusing comment and unused variable --- api/channel.go | 19 +++++-------------- api/channel_test.go | 5 ++--- 2 files changed, 7 insertions(+), 17 deletions(-) (limited to 'api') diff --git a/api/channel.go b/api/channel.go index 2a56e7c93..50dc840ff 100644 --- a/api/channel.go +++ b/api/channel.go @@ -448,23 +448,14 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - var memberCount int64 - if memberCount, err = app.GetChannelMemberCount(id); err != nil { - c.Err = err + if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) return } - // Allow delete if user is the only member left in channel - if memberCount > 1 { - if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { - c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) - return - } - - if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { - c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) - return - } + if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { + c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) + return } err = app.DeleteChannel(channel, c.Session.UserId) diff --git a/api/channel_test.go b/api/channel_test.go index 6ed4d55fa..bdb62677f 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -1476,9 +1476,8 @@ func TestDeleteChannel(t *testing.T) { t.Fatal("should have errored not system admin") } - // Only one left in channel, should be able to delete - if _, err := Client.DeleteChannel(channel4.Id); err != nil { - t.Fatal(err) + if _, err := Client.DeleteChannel(channel4.Id); err == nil { + t.Fatal("Should not be able to delete channel, even though only one user is left") } th.LoginSystemAdmin() -- cgit v1.2.3-1-g7c22