diff options
author | Harrison Healey <harrisonmhealey@gmail.com> | 2016-07-11 14:21:51 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-11 14:21:51 -0400 |
commit | 9481a4f0ef753499c1d02e3be99a7c59c5467ab6 (patch) | |
tree | 4c4d459c1d1efed1a7f45de4acbc9b3521a6f93d /api | |
parent | 1283f6936def48398cca346acec1404a09d20e7b (diff) | |
download | chat-9481a4f0ef753499c1d02e3be99a7c59c5467ab6.tar.gz chat-9481a4f0ef753499c1d02e3be99a7c59c5467ab6.tar.bz2 chat-9481a4f0ef753499c1d02e3be99a7c59c5467ab6.zip |
Merge release 3.2 into master (#3548)
* Bumping version to: 3.2.0-rc1
* PLT-2863 fixing bad merge that broke this PR (#3523)
* PLT-2863 adding remove user from team
* PLT-2863 adding the client side UI
* Fixing trailing space
* Fixing reported issues
* Adding documentatino
* Switching to final javascript driver
* Fixing bad merge
* Fixing bad merge
* PLT-3538 Fix Login page doesn't show SAML option if gitlab is enabled (#3524)
* Login error messages fix (#3525)
* daily translations 20160708 (#3533)
* Fixed permissions when getting a file attachment to use the correct user id (#3535)
* PLT-3575 Fix Cannot upload certificates with .cer file extension on SAML (#3534)
* PLT-3560 blocking adding to channel once user is removed (#3537)
* Always allow system admins to see the Integrations sidebar (#3536)
* Plt 3475 - Post control improvements (#3538)
* Adding class to post when dropdown is active.
* plt-3475 - Post controls improvements
* daily translations 20160711 (#3544)
Diffstat (limited to 'api')
-rw-r--r-- | api/channel.go | 5 | ||||
-rw-r--r-- | api/channel_test.go | 19 | ||||
-rw-r--r-- | api/file.go | 2 | ||||
-rw-r--r-- | api/user.go | 10 |
4 files changed, 31 insertions, 5 deletions
diff --git a/api/channel.go b/api/channel.go index 038a4286a..2e4eb2bb5 100644 --- a/api/channel.go +++ b/api/channel.go @@ -562,6 +562,11 @@ func AddUserToChannel(user *model.User, channel *model.Channel) (*model.ChannelM if result := <-tmchan; result.Err != nil { return nil, result.Err + } else { + teamMember := result.Data.(model.TeamMember) + if teamMember.DeleteAt > 0 { + return nil, model.NewLocAppError("AddUserToChannel", "api.channel.add_user.to.channel.failed.deleted.app_error", nil, "") + } } if result := <-cmchan; result.Err != nil { diff --git a/api/channel_test.go b/api/channel_test.go index 93d097261..450aac877 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -833,6 +833,25 @@ func TestJoinChannelByName(t *testing.T) { } } +func TestJoinChannelByNameDisabledUser(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + team := th.BasicTeam + + channel1 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + + Client.Must(th.BasicClient.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser.Id)) + + if _, err := AddUserToChannel(th.BasicUser, channel1); err == nil { + t.Fatal("shoudn't be able to join channel") + } else { + if err.Id != "api.channel.add_user.to.channel.failed.deleted.app_error" { + t.Fatal("wrong error") + } + } +} + func TestLeaveChannel(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient diff --git a/api/file.go b/api/file.go index 92bceaa80..5b08804da 100644 --- a/api/file.go +++ b/api/file.go @@ -356,7 +356,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { userId := params["user_id"] filename := params["filename"] - if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, userId), "getFile") { + if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, c.Session.UserId), "getFile") { return } diff --git a/api/user.go b/api/user.go index daaa3a577..84906eece 100644 --- a/api/user.go +++ b/api/user.go @@ -449,8 +449,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { if result := <-Srv.Store.User().Get(id); result.Err != nil { c.LogAuditWithUserId(user.Id, "failure") - c.Err = result.Err - c.Err.StatusCode = http.StatusBadRequest + //c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, result.Err.Error()) + c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, "") return } else { user = result.Data.(*model.User) @@ -460,7 +460,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { if user, err = getUserForLogin(loginId, ldapOnly); err != nil { c.LogAudit("failure") - c.Err = err + //c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, err.Error()) + c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, "") return } @@ -470,7 +471,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { // and then authenticate them if user, err = authenticateUser(user, password, mfaToken); err != nil { c.LogAuditWithUserId(user.Id, "failure") - c.Err = err + //c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, err.Error()) + c.Err = model.NewLocAppError("login", "api.user.login.invalid_credentials", nil, "") return } |