PLT-7811 Standardized team sanitization flow (#7586)

* post-4.3 commit (#7581)

* reduce store boiler plate (#7585)

* fix GetPostsByIds error (#7591)

* PLT-7811 Standardized team sanitization flow

* Fixed TestGetAllTeamListings

* Stopped sanitizing teams for team admins

* Removed debug logging

* Added TearDown to sanitization tests that needed it

2 files changed, 235 insertions, 5 deletions

diff --git a/app/team.go b/app/team.go
index 4bfb617a8..1bc77c9f0 100644
--- a/app/team.go
+++ b/app/team.go
@@ -104,8 +104,6 @@ func (a *App) UpdateTeam(team *model.Team) (*model.Team, *model.AppError) {
 		return nil, result.Err
 	}
 
-	oldTeam.Sanitize()
-
 	a.sendUpdatedTeamEvent(oldTeam)
 
 	return oldTeam, nil
@@ -124,16 +122,18 @@ func (a *App) PatchTeam(teamId string, patch *model.TeamPatch) (*model.Team, *mo
 		return nil, err
 	}
 
-	updatedTeam.Sanitize()
-
 	a.sendUpdatedTeamEvent(updatedTeam)
 
 	return updatedTeam, nil
 }
 
 func (a *App) sendUpdatedTeamEvent(team *model.Team) {
+	sanitizedTeam := &model.Team{}
+	*sanitizedTeam = *team
+	sanitizedTeam.Sanitize()
+
 	message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_UPDATE_TEAM, "", "", "", nil)
-	message.Add("team", team.ToJson())
+	message.Add("team", sanitizedTeam.ToJson())
 	a.Go(func() {
 		a.Publish(message)
 	})
@@ -833,3 +833,19 @@ func (a *App) GetTeamIdFromQuery(query url.Values) (string, *model.AppError) {
 
 	return "", nil
 }
+
+func SanitizeTeam(session model.Session, team *model.Team) *model.Team {
+	if !SessionHasPermissionToTeam(session, team.Id, model.PERMISSION_MANAGE_TEAM) {
+		team.Sanitize()
+	}
+
+	return team
+}
+
+func SanitizeTeams(session model.Session, teams []*model.Team) []*model.Team {
+	for _, team := range teams {
+		SanitizeTeam(session, team)
+	}
+
+	return teams
+}
diff --git a/app/team_test.go b/app/team_test.go
index 7992dd0c3..61ae03f74 100644
--- a/app/team_test.go
+++ b/app/team_test.go
@@ -179,3 +179,217 @@ func TestPermanentDeleteTeam(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestSanitizeTeam(t *testing.T) {
+	th := Setup()
+	defer th.TearDown()
+
+	team := &model.Team{
+		Id:             model.NewId(),
+		Email:          th.MakeEmail(),
+		AllowedDomains: "example.com",
+	}
+	copyTeam := func() *model.Team {
+		copy := &model.Team{}
+		*copy = *team
+		return copy
+	}
+
+	t.Run("not a user of the team", func(t *testing.T) {
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: model.NewId(),
+					Roles:  model.ROLE_TEAM_USER.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeam(session, copyTeam())
+		if sanitized.Email != "" && sanitized.AllowedDomains != "" {
+			t.Fatal("should've sanitized team")
+		}
+	})
+
+	t.Run("user of the team", func(t *testing.T) {
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: team.Id,
+					Roles:  model.ROLE_TEAM_USER.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeam(session, copyTeam())
+		if sanitized.Email != "" && sanitized.AllowedDomains != "" {
+			t.Fatal("should've sanitized team")
+		}
+	})
+
+	t.Run("team admin", func(t *testing.T) {
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: team.Id,
+					Roles:  model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeam(session, copyTeam())
+		if sanitized.Email == "" && sanitized.AllowedDomains == "" {
+			t.Fatal("shouldn't have sanitized team")
+		}
+	})
+
+	t.Run("team admin of another team", func(t *testing.T) {
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: model.NewId(),
+					Roles:  model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeam(session, copyTeam())
+		if sanitized.Email != "" && sanitized.AllowedDomains != "" {
+			t.Fatal("should've sanitized team")
+		}
+	})
+
+	t.Run("system admin, not a user of team", func(t *testing.T) {
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: model.NewId(),
+					Roles:  model.ROLE_TEAM_USER.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeam(session, copyTeam())
+		if sanitized.Email == "" && sanitized.AllowedDomains == "" {
+			t.Fatal("shouldn't have sanitized team")
+		}
+	})
+
+	t.Run("system admin, user of team", func(t *testing.T) {
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: team.Id,
+					Roles:  model.ROLE_TEAM_USER.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeam(session, copyTeam())
+		if sanitized.Email == "" && sanitized.AllowedDomains == "" {
+			t.Fatal("shouldn't have sanitized team")
+		}
+	})
+}
+
+func TestSanitizeTeams(t *testing.T) {
+	th := Setup()
+	defer th.TearDown()
+
+	t.Run("not a system admin", func(t *testing.T) {
+		teams := []*model.Team{
+			{
+				Id:             model.NewId(),
+				Email:          th.MakeEmail(),
+				AllowedDomains: "example.com",
+			},
+			{
+				Id:             model.NewId(),
+				Email:          th.MakeEmail(),
+				AllowedDomains: "example.com",
+			},
+		}
+
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: teams[0].Id,
+					Roles:  model.ROLE_TEAM_USER.Id,
+				},
+				{
+					UserId: userId,
+					TeamId: teams[1].Id,
+					Roles:  model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeams(session, teams)
+
+		if sanitized[0].Email != "" && sanitized[0].AllowedDomains != "" {
+			t.Fatal("should've sanitized first team")
+		}
+
+		if sanitized[1].Email == "" && sanitized[1].AllowedDomains == "" {
+			t.Fatal("shouldn't have sanitized second team")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		teams := []*model.Team{
+			{
+				Id:             model.NewId(),
+				Email:          th.MakeEmail(),
+				AllowedDomains: "example.com",
+			},
+			{
+				Id:             model.NewId(),
+				Email:          th.MakeEmail(),
+				AllowedDomains: "example.com",
+			},
+		}
+
+		userId := model.NewId()
+		session := model.Session{
+			Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+			TeamMembers: []*model.TeamMember{
+				{
+					UserId: userId,
+					TeamId: teams[0].Id,
+					Roles:  model.ROLE_TEAM_USER.Id,
+				},
+			},
+		}
+
+		sanitized := SanitizeTeams(session, teams)
+
+		if sanitized[0].Email == "" && sanitized[0].AllowedDomains == "" {
+			t.Fatal("shouldn't have sanitized first team")
+		}
+
+		if sanitized[1].Email == "" && sanitized[1].AllowedDomains == "" {
+			t.Fatal("shouldn't have sanitized second team")
+		}
+	})
+}