diff options
author | Joram Wilander <jwawilander@gmail.com> | 2018-02-13 11:08:49 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-13 11:08:49 -0500 |
commit | 5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf (patch) | |
tree | 6cd13db91ab4a768e33ba92e7f8a3cea71da4481 /api4 | |
parent | d88d2bc2ed3aefa68b5ed2942f493ae42bb40bfa (diff) | |
download | chat-5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf.tar.gz chat-5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf.tar.bz2 chat-5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf.zip |
ABC-176 Prevent changing PluginSettings.EnableUploads through the API (#8249)
* Prevent changing PluginSettings.EnableUploads through the API
* Contain api4 test case in it's own test
Diffstat (limited to 'api4')
-rw-r--r-- | api4/system.go | 3 | ||||
-rw-r--r-- | api4/system_test.go | 22 |
2 files changed, 23 insertions, 2 deletions
diff --git a/api4/system.go b/api4/system.go index 061ffe094..2355cb476 100644 --- a/api4/system.go +++ b/api4/system.go @@ -121,6 +121,9 @@ func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } + // Do not allow plugin uploads to be toggled through the API + cfg.PluginSettings.EnableUploads = c.App.GetConfig().PluginSettings.EnableUploads + err := c.App.SaveConfig(cfg, true) if err != nil { c.Err = err diff --git a/api4/system_test.go b/api4/system_test.go index 1b2bb5d99..01b4934ae 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -7,6 +7,7 @@ import ( l4g "github.com/alecthomas/log4go" "github.com/mattermost/mattermost-server/model" + "github.com/stretchr/testify/assert" ) func TestGetPing(t *testing.T) { @@ -106,9 +107,10 @@ func TestUpdateConfig(t *testing.T) { defer th.TearDown() Client := th.Client - cfg := th.App.GetConfig() + cfg, resp := th.SystemAdminClient.GetConfig() + CheckNoError(t, resp) - _, resp := Client.UpdateConfig(cfg) + _, resp = Client.UpdateConfig(cfg) CheckForbiddenStatus(t, resp) SiteName := th.App.Config().TeamSettings.SiteName @@ -139,6 +141,22 @@ func TestUpdateConfig(t *testing.T) { t.Fatal() } } + + t.Run("Should not be able to modify PluginSettings.EnableUploads", func(t *testing.T) { + oldEnableUploads := *th.App.GetConfig().PluginSettings.EnableUploads + *cfg.PluginSettings.EnableUploads = !oldEnableUploads + + cfg, resp = th.SystemAdminClient.UpdateConfig(cfg) + CheckNoError(t, resp) + assert.Equal(t, oldEnableUploads, *cfg.PluginSettings.EnableUploads) + assert.Equal(t, oldEnableUploads, *th.App.GetConfig().PluginSettings.EnableUploads) + + cfg.PluginSettings.EnableUploads = nil + cfg, resp = th.SystemAdminClient.UpdateConfig(cfg) + CheckNoError(t, resp) + assert.Equal(t, oldEnableUploads, *cfg.PluginSettings.EnableUploads) + assert.Equal(t, oldEnableUploads, *th.App.GetConfig().PluginSettings.EnableUploads) + }) } func TestGetOldClientConfig(t *testing.T) { |