diff options
author | Jesse Hallam <jesse.hallam@gmail.com> | 2018-07-05 03:17:43 -0400 |
---|---|---|
committer | Carlos Tadeu Panato Junior <ctadeu@gmail.com> | 2018-07-05 09:17:43 +0200 |
commit | 6b7a35b653cbb3fdcd27a542c8a7faec4352d153 (patch) | |
tree | 065d3c4d425af94fa630e5f0959b94aef65fdc35 /api4 | |
parent | 7c855c30dbb0326901a9c087bedd7286dafac47f (diff) | |
download | chat-6b7a35b653cbb3fdcd27a542c8a7faec4352d153.tar.gz chat-6b7a35b653cbb3fdcd27a542c8a7faec4352d153.tar.bz2 chat-6b7a35b653cbb3fdcd27a542c8a7faec4352d153.zip |
MM-11118: disallow deleting direct or group channels (#9054)
Diffstat (limited to 'api4')
-rw-r--r-- | api4/channel.go | 5 | ||||
-rw-r--r-- | api4/channel_test.go | 38 |
2 files changed, 43 insertions, 0 deletions
diff --git a/api4/channel.go b/api4/channel.go index cb9112677..1afadf39b 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -638,6 +638,11 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } + if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { + c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) + return + } + if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) return diff --git a/api4/channel_test.go b/api4/channel_test.go index d66c2a640..ab751f151 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -16,6 +16,7 @@ import ( "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestCreateChannel(t *testing.T) { @@ -320,6 +321,23 @@ func TestCreateDirectChannel(t *testing.T) { CheckNoError(t, resp) } +func TestDeleteDirectChannel(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer th.TearDown() + Client := th.Client + user := th.BasicUser + user2 := th.BasicUser2 + + rgc, resp := Client.CreateDirectChannel(user.Id, user2.Id) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + require.NotNil(t, rgc, "should have created a direct channel") + + deleted, resp := Client.DeleteChannel(rgc.Id) + CheckErrorMessage(t, resp, "api.channel.delete_channel.type.invalid") + require.False(t, deleted, "should not have been able to delete direct channel.") +} + func TestCreateGroupChannel(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer th.TearDown() @@ -392,6 +410,26 @@ func TestCreateGroupChannel(t *testing.T) { CheckNoError(t, resp) } +func TestDeleteGroupChannel(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer th.TearDown() + Client := th.Client + user := th.BasicUser + user2 := th.BasicUser2 + user3 := th.CreateUser() + + userIds := []string{user.Id, user2.Id, user3.Id} + + rgc, resp := Client.CreateGroupChannel(userIds) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + require.NotNil(t, rgc, "should have created a group channel") + + deleted, resp := Client.DeleteChannel(rgc.Id) + CheckErrorMessage(t, resp, "api.channel.delete_channel.type.invalid") + require.False(t, deleted, "should not have been able to delete group channel.") +} + func TestGetChannel(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer th.TearDown() |