diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/team.go | 50 | ||||
-rw-r--r-- | api4/team_test.go | 131 |
2 files changed, 181 insertions, 0 deletions
diff --git a/api4/team.go b/api4/team.go index 6ea989a9b..a420e77f4 100644 --- a/api4/team.go +++ b/api4/team.go @@ -15,6 +15,10 @@ import ( "github.com/mattermost/platform/utils" ) +const ( + MAX_ADD_MEMBERS_BATCH = 20 +) + func InitTeam() { l4g.Debug(utils.T("api.team.init.debug")) @@ -33,6 +37,7 @@ func InitTeam() { BaseRoutes.TeamMembers.Handle("/ids", ApiSessionRequired(getTeamMembersByIds)).Methods("POST") BaseRoutes.TeamMembersForUser.Handle("", ApiSessionRequired(getTeamMembersForUser)).Methods("GET") BaseRoutes.TeamMembers.Handle("", ApiSessionRequired(addTeamMember)).Methods("POST") + BaseRoutes.TeamMembers.Handle("/batch", ApiSessionRequired(addTeamMembers)).Methods("POST") BaseRoutes.TeamMember.Handle("", ApiSessionRequired(removeTeamMember)).Methods("DELETE") BaseRoutes.TeamForUser.Handle("/unread", ApiSessionRequired(getTeamUnread)).Methods("GET") @@ -367,6 +372,51 @@ func addTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(member.ToJson())) } +func addTeamMembers(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId() + if c.Err != nil { + return + } + + var err *model.AppError + members := model.TeamMembersFromJson(r.Body) + + if len(members) > MAX_ADD_MEMBERS_BATCH || len(members) == 0 { + c.SetInvalidParam("too many members in batch") + return + } + + var userIds []string + for _, member := range members { + if member.TeamId != c.Params.TeamId { + c.SetInvalidParam("team_id for member with user_id=" + member.UserId) + return + } + + if len(member.UserId) != 26 { + c.SetInvalidParam("user_id") + return + } + + userIds = append(userIds, member.UserId) + } + + if !app.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_ADD_USER_TO_TEAM) { + c.SetPermissionError(model.PERMISSION_ADD_USER_TO_TEAM) + return + } + + members, err = app.AddTeamMembers(c.Params.TeamId, userIds, c.GetSiteURL()) + + if err != nil { + c.Err = err + return + } + + w.WriteHeader(http.StatusCreated) + w.Write([]byte(model.TeamMembersToJson(members))) +} + func removeTeamMember(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireTeamId().RequireUserId() if c.Err != nil { diff --git a/api4/team_test.go b/api4/team_test.go index 86160fb6f..f145515aa 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -948,6 +948,137 @@ func TestAddTeamMember(t *testing.T) { CheckNotFoundStatus(t, resp) } +func TestAddTeamMembers(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + team := th.BasicTeam + otherUser := th.CreateUser() + userList := []string{ + otherUser.Id, + } + + if err := app.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id); err != nil { + t.Fatalf(err.Error()) + } + + // Regular user can't add a member to a team they don't belong to. + th.LoginBasic2() + tm, resp := Client.AddTeamMembers(team.Id, userList) + CheckForbiddenStatus(t, resp) + Client.Logout() + + // Regular user can add a member to a team they belong to. + th.LoginBasic() + tm, resp = Client.AddTeamMembers(team.Id, userList) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + + // Check all the returned data. + if tm[0] == nil { + t.Fatal("should have returned team member") + } + + if tm[0].UserId != otherUser.Id { + t.Fatal("user ids should have matched") + } + + if tm[0].TeamId != team.Id { + t.Fatal("team ids should have matched") + } + + // Check with various invalid requests. + _, resp = Client.AddTeamMembers("junk", userList) + CheckBadRequestStatus(t, resp) + + _, resp = Client.AddTeamMembers(GenerateTestId(), userList) + CheckForbiddenStatus(t, resp) + + testUserList := append(userList, GenerateTestId()) + _, resp = Client.AddTeamMembers(team.Id, testUserList) + CheckNotFoundStatus(t, resp) + + // Test with many users. + for i := 0; i < 25; i++ { + testUserList = append(testUserList, GenerateTestId()) + } + _, resp = Client.AddTeamMembers(team.Id, testUserList) + CheckBadRequestStatus(t, resp) + + Client.Logout() + + // Check effects of config and license changes. + restrictTeamInvite := *utils.Cfg.TeamSettings.RestrictTeamInvite + isLicensed := utils.IsLicensed + license := utils.License + defer func() { + *utils.Cfg.TeamSettings.RestrictTeamInvite = restrictTeamInvite + utils.IsLicensed = isLicensed + utils.License = license + utils.SetDefaultRolesBasedOnConfig() + }() + + // Set the config so that only team admins can add a user to a team. + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + + // Test without the EE license to see that the permission restriction is ignored. + _, resp = Client.AddTeamMembers(team.Id, userList) + CheckNoError(t, resp) + + // Add an EE license. + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + + // Check that a regular user can't add someone to the team. + _, resp = Client.AddTeamMembers(team.Id, userList) + CheckForbiddenStatus(t, resp) + + // Update user to team admin + UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) + app.InvalidateAllCaches() + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_TEAM_ADMIN + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + + // Should work as a team admin. + _, resp = Client.AddTeamMembers(team.Id, userList) + CheckNoError(t, resp) + + // Change permission level to System Admin + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_SYSTEM_ADMIN + utils.SetDefaultRolesBasedOnConfig() + + // Should not work as team admin. + _, resp = Client.AddTeamMembers(team.Id, userList) + CheckForbiddenStatus(t, resp) + + // Should work as system admin. + _, resp = th.SystemAdminClient.AddTeamMembers(team.Id, userList) + CheckNoError(t, resp) + + // Change permission level to All + UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) + app.InvalidateAllCaches() + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.PERMISSIONS_ALL + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + utils.SetDefaultRolesBasedOnConfig() + th.LoginBasic() + + // Should work as a regular user. + _, resp = Client.AddTeamMembers(team.Id, userList) + CheckNoError(t, resp) +} + func TestRemoveTeamMember(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() |