diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-06-26 08:16:57 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-06-26 08:16:57 -0400 |
commit | 23ccfc845ca2350075f6027e16c6206fc7b71716 (patch) | |
tree | 3fd1f896a5a24b43913be03b21c85638dd7c356e /api4 | |
parent | fe7e9d95b30ae2195fcba68db960866db91ce045 (diff) | |
download | chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.gz chat-23ccfc845ca2350075f6027e16c6206fc7b71716.tar.bz2 chat-23ccfc845ca2350075f6027e16c6206fc7b71716.zip |
Move remaining actions over to use redux and v4 endpoints (#6720)
Diffstat (limited to 'api4')
-rw-r--r-- | api4/channel_test.go | 4 | ||||
-rw-r--r-- | api4/emoji.go | 7 | ||||
-rw-r--r-- | api4/post.go | 58 | ||||
-rw-r--r-- | api4/post_test.go | 34 | ||||
-rw-r--r-- | api4/team.go | 38 | ||||
-rw-r--r-- | api4/team_test.go | 42 | ||||
-rw-r--r-- | api4/user_test.go | 2 |
7 files changed, 140 insertions, 45 deletions
diff --git a/api4/channel_test.go b/api4/channel_test.go index f25cbf706..e1b5ee5a7 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -1091,7 +1091,7 @@ func TestRestoreChannel(t *testing.T) { _, resp = Client.RestoreChannel(privateChannel1.Id) CheckOKStatus(t, resp) - } +} func TestGetChannelByName(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() @@ -1684,7 +1684,7 @@ func TestAddChannelMember(t *testing.T) { privateChannel := th.CreatePrivateChannel() user3 := th.CreateUserWithClient(th.SystemAdminClient) - _, resp := th.SystemAdminClient.AddTeamMember(team.Id, user3.Id, "", "", team.InviteId) + _, resp := th.SystemAdminClient.AddTeamMember(team.Id, user3.Id) CheckNoError(t, resp) cm, resp := Client.AddChannelMember(publicChannel.Id, user2.Id) diff --git a/api4/emoji.go b/api4/emoji.go index a9bfae924..1d9188af0 100644 --- a/api4/emoji.go +++ b/api4/emoji.go @@ -55,9 +55,14 @@ func createEmoji(c *Context, w http.ResponseWriter, r *http.Request) { m := r.MultipartForm props := m.Value + if len(props["emoji"]) == 0 { + c.SetInvalidParam("emoji") + return + } + emoji := model.EmojiFromJson(strings.NewReader(props["emoji"][0])) if emoji == nil { - c.SetInvalidParam("createEmoji") + c.SetInvalidParam("emoji") return } diff --git a/api4/post.go b/api4/post.go index f8e4cc54b..7bfe5ad64 100644 --- a/api4/post.go +++ b/api4/post.go @@ -167,15 +167,32 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + var post *model.Post + var err *model.AppError + if post, err = app.GetSinglePost(c.Params.PostId); err != nil { + c.Err = err return } - if post, err := app.GetSinglePost(c.Params.PostId); err != nil { + var channel *model.Channel + if channel, err = app.GetChannel(post.ChannelId); err != nil { c.Err = err return - } else if HandleEtag(post.Etag(), "Get Post", w, r) { + } + + if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + if channel.Type == model.CHANNEL_OPEN { + if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) + return + } + } else { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + } + + if HandleEtag(post.Etag(), "Get Post", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, post.Etag()) @@ -208,15 +225,40 @@ func getPostThread(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !app.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + var list *model.PostList + var err *model.AppError + if list, err = app.GetPostThread(c.Params.PostId); err != nil { + c.Err = err + return + } + + var post *model.Post + if val, ok := list.Posts[c.Params.PostId]; ok { + post = val + } else { + c.SetInvalidUrlParam("post_id") return } - if list, err := app.GetPostThread(c.Params.PostId); err != nil { + var channel *model.Channel + if channel, err = app.GetChannel(post.ChannelId); err != nil { c.Err = err return - } else if HandleEtag(list.Etag(), "Get Post Thread", w, r) { + } + + if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + if channel.Type == model.CHANNEL_OPEN { + if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_READ_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_PUBLIC_CHANNEL) + return + } + } else { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + } + + if HandleEtag(list.Etag(), "Get Post Thread", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag()) diff --git a/api4/post_test.go b/api4/post_test.go index bfc0c286a..abfd83989 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -752,6 +752,23 @@ func TestGetPost(t *testing.T) { CheckBadRequestStatus(t, resp) _, resp = Client.GetPost(model.NewId(), "") + CheckNotFoundStatus(t, resp) + + Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) + + // Channel is public, should be able to read post + post, resp = Client.GetPost(th.BasicPost.Id, "") + CheckNoError(t, resp) + + privatePost := th.CreatePostWithClient(Client, th.BasicPrivateChannel) + + post, resp = Client.GetPost(privatePost.Id, "") + CheckNoError(t, resp) + + Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id) + + // Channel is private, should not be able to read post + post, resp = Client.GetPost(privatePost.Id, "") CheckForbiddenStatus(t, resp) Client.Logout() @@ -831,6 +848,23 @@ func TestGetPostThread(t *testing.T) { CheckBadRequestStatus(t, resp) _, resp = Client.GetPostThread(model.NewId(), "") + CheckNotFoundStatus(t, resp) + + Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) + + // Channel is public, should be able to read post + _, resp = Client.GetPostThread(th.BasicPost.Id, "") + CheckNoError(t, resp) + + privatePost := th.CreatePostWithClient(Client, th.BasicPrivateChannel) + + _, resp = Client.GetPostThread(privatePost.Id, "") + CheckNoError(t, resp) + + Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id) + + // Channel is private, should not be able to read post + _, resp = Client.GetPostThread(privatePost.Id, "") CheckForbiddenStatus(t, resp) Client.Logout() diff --git a/api4/team.go b/api4/team.go index 00a16d5c1..e51dcc16b 100644 --- a/api4/team.go +++ b/api4/team.go @@ -37,6 +37,7 @@ func InitTeam() { BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST") BaseRoutes.TeamMembersForUser.Handle("", ApiSessionRequired(getTeamMembersForUser)).Methods("GET") BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(addTeamMember)).Methods("POST") + BaseRoutes.Teams.Handle("/members/invite", ApiSessionRequired(addUserToTeamFromInvite)).Methods("POST") BaseRoutes.TeamMembers.Handle("/batch", ApiSessionRequired(addTeamMembers)).Methods("POST") BaseRoutes.TeamMember.Handle("", ApiSessionRequired(removeTeamMember)).Methods("DELETE") @@ -341,23 +342,36 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { return } + if len(member.UserId) != 26 { + c.SetInvalidParam("user_id") + return + } + + if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) + return + } + + member, err = app.AddTeamMember(member.TeamId, member.UserId) + + if err != nil { + c.Err = err + return + } + + w.WriteHeader(http.StatusCreated) + w.Write([]byte(member.ToJson())) +} + +func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) { hash := r.URL.Query().Get("hash") data := r.URL.Query().Get("data") inviteId := r.URL.Query().Get("invite_id") - if len(member.UserId) > 0 { - if len(member.UserId) != 26 { - c.SetInvalidParam("user_id") - return - } - - if !app.SessionHasPermissionToTeam(c.Session, member.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { - c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) - return - } + var member *model.TeamMember + var err *model.AppError - member, err = app.AddTeamMember(member.TeamId, member.UserId) - } else if len(hash) > 0 && len(data) > 0 { + if len(hash) > 0 && len(data) > 0 { member, err = app.AddTeamMemberByHash(c.Session.UserId, hash, data) if err != nil { err = model.NewAppError("addTeamMember", "api.team.add_user_to_team.invalid_data.app_error", nil, "", http.StatusNotFound) diff --git a/api4/team_test.go b/api4/team_test.go index 78ddc8e84..f21a93449 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -778,7 +778,7 @@ func TestAddTeamMember(t *testing.T) { // Regular user can't add a member to a team they don't belong to. th.LoginBasic2() - tm, resp := Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + tm, resp := Client.AddTeamMember(team.Id, otherUser.Id) CheckForbiddenStatus(t, resp) if resp.Error == nil { t.Fatalf("ERror is nhul") @@ -787,7 +787,7 @@ func TestAddTeamMember(t *testing.T) { // Regular user can add a member to a team they belong to. th.LoginBasic() - tm, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + tm, resp = Client.AddTeamMember(team.Id, otherUser.Id) CheckNoError(t, resp) CheckCreatedStatus(t, resp) @@ -805,20 +805,20 @@ func TestAddTeamMember(t *testing.T) { } // Check with various invalid requests. - tm, resp = Client.AddTeamMember(team.Id, "junk", "", "", "") + tm, resp = Client.AddTeamMember(team.Id, "junk") CheckBadRequestStatus(t, resp) if tm != nil { t.Fatal("should have not returned team member") } - _, resp = Client.AddTeamMember("junk", otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember("junk", otherUser.Id) CheckBadRequestStatus(t, resp) - _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id) CheckForbiddenStatus(t, resp) - _, resp = Client.AddTeamMember(team.Id, GenerateTestId(), "", "", "") + _, resp = Client.AddTeamMember(team.Id, GenerateTestId()) CheckNotFoundStatus(t, resp) Client.Logout() @@ -840,7 +840,7 @@ func TestAddTeamMember(t *testing.T) { th.LoginBasic() // Test without the EE license to see that the permission restriction is ignored. - _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember(team.Id, otherUser.Id) CheckNoError(t, resp) // Add an EE license. @@ -851,7 +851,7 @@ func TestAddTeamMember(t *testing.T) { th.LoginBasic() // Check that a regular user can't add someone to the team. - _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember(team.Id, otherUser.Id) CheckForbiddenStatus(t, resp) // Update user to team admin @@ -865,7 +865,7 @@ func TestAddTeamMember(t *testing.T) { th.LoginBasic() // Should work as a team admin. - _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember(team.Id, otherUser.Id) CheckNoError(t, resp) // Change permission level to System Admin @@ -873,11 +873,11 @@ func TestAddTeamMember(t *testing.T) { utils.SetDefaultRolesBasedOnConfig() // Should not work as team admin. - _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember(team.Id, otherUser.Id) CheckForbiddenStatus(t, resp) // Should work as system admin. - _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id, "", "", "") + _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id) CheckNoError(t, resp) // Change permission level to All @@ -891,7 +891,7 @@ func TestAddTeamMember(t *testing.T) { th.LoginBasic() // Should work as a regular user. - _, resp = Client.AddTeamMember(team.Id, otherUser.Id, "", "", "") + _, resp = Client.AddTeamMember(team.Id, otherUser.Id) CheckNoError(t, resp) // Reset config and license. @@ -911,7 +911,7 @@ func TestAddTeamMember(t *testing.T) { data := model.MapToJson(dataObject) hashed := utils.HashSha256(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) - tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + tm, resp = Client.AddTeamMemberFromInvite(hashed, data, "") CheckNoError(t, resp) if tm == nil { @@ -926,14 +926,14 @@ func TestAddTeamMember(t *testing.T) { t.Fatal("team ids should have matched") } - tm, resp = Client.AddTeamMember(team.Id, "", "junk", data, "") + tm, resp = Client.AddTeamMemberFromInvite("junk", data, "") CheckNotFoundStatus(t, resp) if tm != nil { t.Fatal("should have not returned team member") } - _, resp = Client.AddTeamMember(team.Id, "", hashed, "junk", "") + _, resp = Client.AddTeamMemberFromInvite(hashed, "junk", "") CheckNotFoundStatus(t, resp) // expired data of more than 50 hours @@ -941,7 +941,7 @@ func TestAddTeamMember(t *testing.T) { data = model.MapToJson(dataObject) hashed = utils.HashSha256(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) - tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + tm, resp = Client.AddTeamMemberFromInvite(hashed, data, "") CheckNotFoundStatus(t, resp) // invalid team id @@ -949,13 +949,13 @@ func TestAddTeamMember(t *testing.T) { data = model.MapToJson(dataObject) hashed = utils.HashSha256(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) - tm, resp = Client.AddTeamMember(team.Id, "", hashed, data, "") + tm, resp = Client.AddTeamMemberFromInvite(hashed, data, "") CheckNotFoundStatus(t, resp) // by invite_id Client.Login(otherUser.Email, otherUser.Password) - tm, resp = Client.AddTeamMember(team.Id, "", "", "", team.InviteId) + tm, resp = Client.AddTeamMemberFromInvite("", "", team.InviteId) CheckNoError(t, resp) if tm == nil { @@ -970,14 +970,14 @@ func TestAddTeamMember(t *testing.T) { t.Fatal("team ids should have matched") } - tm, resp = Client.AddTeamMember(team.Id, "", "", "", "junk") + tm, resp = Client.AddTeamMemberFromInvite("", "", "junk") CheckNotFoundStatus(t, resp) if tm != nil { t.Fatal("should have not returned team member") } - _, resp = Client.AddTeamMember(team.Id, "", "", "", "junk") + _, resp = Client.AddTeamMemberFromInvite("", "", "junk") CheckNotFoundStatus(t, resp) } @@ -1124,7 +1124,7 @@ func TestRemoveTeamMember(t *testing.T) { t.Fatal("should have passed") } - _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "", "", "") + _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id) CheckNoError(t, resp) _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, "junk") diff --git a/api4/user_test.go b/api4/user_test.go index 1598d2951..b3fd83760 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -649,7 +649,7 @@ func TestSearchUsers(t *testing.T) { t.Fatal("should have found user") } - _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id, "", "", th.BasicTeam.InviteId) + _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id) CheckNoError(t, resp) users, resp = Client.SearchUsers(search) |