diff options
author | Joram Wilander <jwawilander@gmail.com> | 2018-02-13 11:08:49 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-13 11:08:49 -0500 |
commit | 5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf (patch) | |
tree | 6cd13db91ab4a768e33ba92e7f8a3cea71da4481 /api | |
parent | d88d2bc2ed3aefa68b5ed2942f493ae42bb40bfa (diff) | |
download | chat-5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf.tar.gz chat-5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf.tar.bz2 chat-5c560db8102b8ce6dc29bf91ab5e24ca4af66fdf.zip |
ABC-176 Prevent changing PluginSettings.EnableUploads through the API (#8249)
* Prevent changing PluginSettings.EnableUploads through the API
* Contain api4 test case in it's own test
Diffstat (limited to 'api')
-rw-r--r-- | api/admin.go | 3 | ||||
-rw-r--r-- | api/admin_test.go | 13 |
2 files changed, 16 insertions, 0 deletions
diff --git a/api/admin.go b/api/admin.go index b3b74d5ea..3b58650cc 100644 --- a/api/admin.go +++ b/api/admin.go @@ -108,6 +108,9 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { return } + // Do not allow plugin uploads to be toggled through the API + cfg.PluginSettings.EnableUploads = c.App.GetConfig().PluginSettings.EnableUploads + err := c.App.SaveConfig(cfg, true) if err != nil { c.Err = err diff --git a/api/admin_test.go b/api/admin_test.go index d916e8c4b..00e5b3c7f 100644 --- a/api/admin_test.go +++ b/api/admin_test.go @@ -10,6 +10,7 @@ import ( "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/store" + "github.com/stretchr/testify/assert" ) func TestGetLogs(t *testing.T) { @@ -149,6 +150,18 @@ func TestSaveConfig(t *testing.T) { } th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = true }) + + // Should not be able to modify PluginSettings.EnableUploads + oldEnableUploads := *th.App.GetConfig().PluginSettings.EnableUploads + cfg := &model.Config{} + cfg.SetDefaults() + *cfg.PluginSettings.EnableUploads = !oldEnableUploads + + if _, err := th.SystemAdminClient.SaveConfig(cfg); err != nil { + t.Fatal(err) + } + + assert.Equal(t, oldEnableUploads, *th.App.Config().PluginSettings.EnableUploads) } func TestRecycleDatabaseConnection(t *testing.T) { |