diff options
author | George Goldberg <george@gberg.me> | 2017-04-03 18:13:28 +0100 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-03 13:13:28 -0400 |
commit | e49f5928c55ba57c39efa11c568c66342b962aae (patch) | |
tree | c3199ea07e1c17aebdd77d53ad1397b469a0f963 /api4 | |
parent | 232a99f0c7b9364cb4386264f9ff7f97549a4378 (diff) | |
download | chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.gz chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.bz2 chat-e49f5928c55ba57c39efa11c568c66342b962aae.zip |
PLT-6139 (Server): Private Channel member managing (#5941)
Adds an EE policy feature to allow restricting system-wide which level of
Admins can manage the membership of private channels.
Diffstat (limited to 'api4')
-rw-r--r-- | api4/channel_test.go | 248 |
1 files changed, 248 insertions, 0 deletions
diff --git a/api4/channel_test.go b/api4/channel_test.go index 1d8053a0a..0496be495 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -1497,9 +1497,14 @@ func TestAddChannelMember(t *testing.T) { Client := th.Client user := th.BasicUser user2 := th.BasicUser2 + team := th.BasicTeam publicChannel := th.CreatePublicChannel() privateChannel := th.CreatePrivateChannel() + user3 := th.CreateUserWithClient(th.SystemAdminClient) + _, resp := th.SystemAdminClient.AddTeamMember(team.Id, user3.Id, "", "", team.InviteId) + CheckNoError(t, resp) + cm, resp := Client.AddChannelMember(publicChannel.Id, user2.Id) CheckNoError(t, resp) CheckCreatedStatus(t, resp) @@ -1582,10 +1587,139 @@ func TestAddChannelMember(t *testing.T) { _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) CheckNoError(t, resp) + + // Test policy does not apply to TE. + restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers + defer func() { + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = restrictPrivateChannel + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.SetDefaultRolesBasedOnConfig() + + Client.Login(user2.Username, user2.Password) + privateChannel = th.CreatePrivateChannel() + _, resp = Client.AddChannelMember(privateChannel.Id, user.Id) + CheckNoError(t, resp) + Client.Logout() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckNoError(t, resp) + Client.Logout() + + // Add a license + isLicensed := utils.IsLicensed + license := utils.License + defer func() { + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + // Check that a regular channel user can add other users. + Client.Login(user2.Username, user2.Password) + privateChannel = th.CreatePrivateChannel() + _, resp = Client.AddChannelMember(privateChannel.Id, user.Id) + CheckNoError(t, resp) + Client.Logout() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckNoError(t, resp) + Client.Logout() + + // Test with CHANNEL_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + Client.Login(user2.Username, user2.Password) + privateChannel = th.CreatePrivateChannel() + _, resp = Client.AddChannelMember(privateChannel.Id, user.Id) + CheckNoError(t, resp) + Client.Logout() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckForbiddenStatus(t, resp) + Client.Logout() + + MakeUserChannelAdmin(user, privateChannel) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckNoError(t, resp) + Client.Logout() + + // Test with TEAM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + Client.Login(user2.Username, user2.Password) + privateChannel = th.CreatePrivateChannel() + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user.Id) + CheckNoError(t, resp) + Client.Logout() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckForbiddenStatus(t, resp) + Client.Logout() + + UpdateUserToTeamAdmin(user, team) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckNoError(t, resp) + Client.Logout() + + // Test with SYSTEM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + Client.Login(user2.Username, user2.Password) + privateChannel = th.CreatePrivateChannel() + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user.Id) + CheckNoError(t, resp) + Client.Logout() + + Client.Login(user.Username, user.Password) + _, resp = Client.AddChannelMember(privateChannel.Id, user3.Id) + CheckForbiddenStatus(t, resp) + Client.Logout() + + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user3.Id) + CheckNoError(t, resp) } func TestRemoveChannelMember(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() + user1 := th.BasicUser + user2 := th.BasicUser2 + team := th.BasicTeam defer TearDown() Client := th.Client @@ -1635,4 +1769,118 @@ func TestRemoveChannelMember(t *testing.T) { _, resp = th.SystemAdminClient.RemoveUserFromChannel(private.Id, th.BasicUser.Id) CheckNoError(t, resp) + + th.LoginBasic() + UpdateUserToNonTeamAdmin(user1, team) + app.InvalidateAllCaches() + + // Test policy does not apply to TE. + restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers + defer func() { + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = restrictPrivateChannel + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.SetDefaultRolesBasedOnConfig() + + privateChannel := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) + CheckNoError(t, resp) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + // Add a license + isLicensed := utils.IsLicensed + license := utils.License + defer func() { + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + }() + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + // Check that a regular channel user can remove other users. + privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) + CheckNoError(t, resp) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + // Test with CHANNEL_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) + CheckNoError(t, resp) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckForbiddenStatus(t, resp) + + MakeUserChannelAdmin(user1, privateChannel) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + // Test with TEAM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) + CheckNoError(t, resp) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckForbiddenStatus(t, resp) + + UpdateUserToTeamAdmin(user1, team) + app.InvalidateAllCaches() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + // Test with SYSTEM_ADMIN level permission. + *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + + privateChannel = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user1.Id) + CheckNoError(t, resp) + _, resp = th.SystemAdminClient.AddChannelMember(privateChannel.Id, user2.Id) + CheckNoError(t, resp) + + _, resp = Client.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.RemoveUserFromChannel(privateChannel.Id, user2.Id) + CheckNoError(t, resp) } |