diff options
author | Saturnino Abril <saturnino.abril@gmail.com> | 2017-03-24 18:13:27 +0900 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2017-03-24 09:13:27 +0000 |
commit | f1274a7ec29919e9c99cf41f5c1b47589f38cfb1 (patch) | |
tree | 67e0c36cd13ba7ff74446d218141f706cb69240d | |
parent | 1167b391854957a5d58ed569c1dc2f80e9ccc599 (diff) | |
download | chat-f1274a7ec29919e9c99cf41f5c1b47589f38cfb1.tar.gz chat-f1274a7ec29919e9c99cf41f5c1b47589f38cfb1.tar.bz2 chat-f1274a7ec29919e9c99cf41f5c1b47589f38cfb1.zip |
Endpoint for APIv4 POST /teams/{team_id}/members (#5804)
-rw-r--r-- | api4/team.go | 52 | ||||
-rw-r--r-- | api4/team_test.go | 135 | ||||
-rw-r--r-- | app/team.go | 42 | ||||
-rw-r--r-- | i18n/en.json | 12 | ||||
-rw-r--r-- | model/client4.go | 22 |
5 files changed, 263 insertions, 0 deletions
diff --git a/api4/team.go b/api4/team.go index 1e63273e6..26fff7ce1 100644 --- a/api4/team.go +++ b/api4/team.go @@ -25,6 +25,7 @@ func InitTeam() { BaseRoutes.Team.Handle("/stats", ApiSessionRequired(getTeamStats)).Methods("GET") BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(getTeamMembers)).Methods("GET") BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST") + BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(addTeamMember)).Methods("POST") BaseRoutes.TeamForUser.Handle("/unread", ApiSessionRequired(getTeamUnread)).Methods("GET") @@ -235,6 +236,57 @@ func getTeamMembersByIds(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.TeamMembersToJson(members))) } +func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId() + if c.Err != nil { + return + } + + var err *model.AppError + member := model.TeamMemberFromJson(r.Body) + if member.TeamId != c.Params.TeamId { + c.SetInvalidParam("team_id") + return + } + + hash := r.URL.Query().Get("hash") + data := r.URL.Query().Get("data") + inviteId := r.URL.Query().Get("invite_id") + + if len(member.UserId) > 0 { + if len(member.UserId) != 26 { + c.SetInvalidParam("user_id") + return + } + + if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) + return + } + + member, err = app.AddTeamMember(member.TeamId, member.UserId, c.GetSiteURL()) + } else if len(hash) > 0 && len(data) > 0 { + member, err = app.AddTeamMemberByHash(c.Session.UserId, hash, data, c.GetSiteURL()) + if err != nil { + err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_data.app_error", nil, "", http.StatusNotFound) + } + } else if len(inviteId) > 0 { + member, err = app.AddTeamMemberByInviteId(inviteId, c.Session.UserId, c.GetSiteURL()) + if err != nil { + err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_invite_id.app_error", nil, "", http.StatusNotFound) + } + } else { + err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.missing_parameter.app_error", nil, "", http.StatusBadRequest) + } + + if err != nil { + c.Err = err + return + } + + w.Write([]byte(member.ToJson())) +} + func getTeamUnread(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireTeamId().RequireUserId() if c.Err != nil { diff --git a/api4/team_test.go b/api4/team_test.go index 4b69f5b62..2076a8c1d 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -4,6 +4,7 @@ package api4 import ( + "fmt" "net/http" "strconv" "testing" @@ -502,6 +503,140 @@ func TestGetTeamMembersByIds(t *testing.T) { CheckUnauthorizedStatus(t, resp) } +func TestAddTeamMember(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + otherUser := th.CreateUser() + + // by user_id + th.LoginTeamAdmin() + + tm, resp := Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckNoError(t, resp) + + if tm == nil { + t.Fatal("should have returned team member") + } + + if tm.UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm.TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + tm, resp = Client.AddTeamMember(team.Id, "junk", "", "", "") + CheckBadRequestStatus(t, resp) + + if tm != nil { + t.Fatal("should have not returned team member") + } + + _, resp = Client.AddTeamMember("junk", otherUser.Id, "", "", "") + CheckBadRequestStatus(t, resp) + + _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id, "", "", "") + CheckForbiddenStatus(t, resp) + + _, resp = Client.AddTeamMember(team.Id, GenerateTestId(), "", "", "") + CheckNotFoundStatus(t, resp) + + th.LoginBasic() + + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + + _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckUnauthorizedStatus(t, resp) + + _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id, "", "", "") + CheckNoError(t, resp) + + // by hash and data + Client.Login(otherUser.Email, otherUser.Password) + + dataObject := make(map[string]string) + dataObject["time"] = fmt.Sprintf("%v", model.GetMillis()) + dataObject["id"] = team.Id + + data := model.MapToJson(dataObject) + hashed := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) + + tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + CheckNoError(t, resp) + + if tm == nil { + t.Fatal("should have returned team member") + } + + if tm.UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm.TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + tm, resp = Client.AddTeamMember(team.Id, "", "junk", data, "") + CheckNotFoundStatus(t, resp) + + if tm != nil { + t.Fatal("should have not returned team member") + } + + _, resp = Client.AddTeamMember(team.Id, "", hashed, "junk", "") + CheckNotFoundStatus(t, resp) + + // expired data of more than 50 hours + dataObject["time"] = fmt.Sprintf("%v", model.GetMillis()-1000*60*60*50) + data = model.MapToJson(dataObject) + hashed = model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) + + tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + CheckNotFoundStatus(t, resp) + + // invalid team id + dataObject["id"] = GenerateTestId() + data = model.MapToJson(dataObject) + hashed = model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) + + tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + CheckNotFoundStatus(t, resp) + + // by invite_id + Client.Login(otherUser.Email, otherUser.Password) + + tm, resp = Client.AddTeamMember(team.Id, "", "", "", team.InviteId) + CheckNoError(t, resp) + + if tm == nil { + t.Fatal("should have returned team member") + } + + if tm.UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm.TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + tm, resp = Client.AddTeamMember(team.Id, "", "", "", "junk") + CheckNotFoundStatus(t, resp) + + if tm != nil { + t.Fatal("should have not returned team member") + } + + _, resp = Client.AddTeamMember(team.Id, "", "", "", "junk") + CheckNotFoundStatus(t, resp) +} + func TestGetTeamStats(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() diff --git a/app/team.go b/app/team.go index d0d907731..0de6cffc4 100644 --- a/app/team.go +++ b/app/team.go @@ -391,6 +391,48 @@ func GetTeamMembersByIds(teamId string, userIds []string) ([]*model.TeamMember, } } +func AddTeamMember(teamId, userId, siteURL string) (*model.TeamMember, *model.AppError) { + if _, err := AddUserToTeam(teamId, userId, siteURL); err != nil { + return nil, err + } + + if teamMember, err := GetTeamMember(teamId, userId); err != nil { + return nil, err + } else { + return teamMember, nil + } +} + +func AddTeamMemberByHash(userId, hash, data, siteURL string) (*model.TeamMember, *model.AppError) { + var team *model.Team + var err *model.AppError + + if team, err = AddUserToTeamByHash(userId, hash, data, siteURL); err != nil { + return nil, err + } + + if teamMember, err := GetTeamMember(team.Id, userId); err != nil { + return nil, err + } else { + return teamMember, nil + } +} + +func AddTeamMemberByInviteId(inviteId, userId, siteURL string) (*model.TeamMember, *model.AppError) { + var team *model.Team + var err *model.AppError + + if team, err = AddUserToTeamByInviteId(inviteId, userId, siteURL); err != nil { + return nil, err + } + + if teamMember, err := GetTeamMember(team.Id, userId); err != nil { + return nil, err + } else { + return teamMember, nil + } +} + func GetTeamUnread(teamId, userId string) (*model.TeamUnread, *model.AppError) { result := <-Srv.Store.Team().GetChannelUnreadsForTeam(teamId, userId) if result.Err != nil { diff --git a/i18n/en.json b/i18n/en.json index bec89c477..5d1889585 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -2044,6 +2044,18 @@ "translation": "Permanently deleted team %v id=%v" }, { + "id": "api.team.add_user_to_team.missing_parameter.app_error", + "translation": "Parameter required to add user to team." + }, + { + "id": "api.team.add_user_to_team.invalid_invite_id.app_error", + "translation": "Invalid invite id. No team matches with this invite id." + }, + { + "id": "api.team.add_user_to_team.invalid_data.app_error", + "translation": "Invalid data." + }, + { "id": "api.team.remove_user_from_team.missing.app_error", "translation": "The user does not appear to be part of this team." }, diff --git a/model/client4.go b/model/client4.go index c74d76e04..31b754bd3 100644 --- a/model/client4.go +++ b/model/client4.go @@ -803,6 +803,28 @@ func (c *Client4) GetTeamMembersByIds(teamId string, userIds []string) ([]*TeamM } } +// AddTeamMember adds user to a team and return a team member. +func (c *Client4) AddTeamMember(teamId, userId, hash, dataToHash, inviteId string) (*TeamMember, *Response) { + member := &TeamMember{TeamId: teamId, UserId: userId} + + var query string + + if inviteId != "" { + query += fmt.Sprintf("?invite_id=%v", inviteId) + } + + if hash != "" && dataToHash != "" { + query += fmt.Sprintf("?hash=%v&data=%v", hash, dataToHash) + } + + if r, err := c.DoApiPost(c.GetTeamMembersRoute(teamId)+query, member.ToJson()); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return TeamMemberFromJson(r.Body), BuildResponse(r) + } +} + // GetTeamStats returns a team stats based on the team id string. // Must be authenticated. func (c *Client4) GetTeamStats(teamId, etag string) (*TeamStats, *Response) { |