diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/channel.go | 20 | ||||
-rw-r--r-- | api4/channel_test.go | 14 |
2 files changed, 20 insertions, 14 deletions
diff --git a/api4/channel.go b/api4/channel.go index 26892bf2f..604c47464 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -428,7 +428,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques return } - if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page * c.Params.PerPage, c.Params.PerPage); err != nil { + if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil { c.Err = err return } else { @@ -540,17 +540,15 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - // Allow delete if user is the only member left in channel - if memberCount > 1 { - if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { - c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) - return - } + if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { + c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) + return + } - if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { - c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) - return - } + // Allow delete if there's only one member left in a private channel + if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) { + c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL) + return } err = app.DeleteChannel(channel, c.Session.UserId) diff --git a/api4/channel_test.go b/api4/channel_test.go index e1b5ee5a7..a1c5d2ad8 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -901,12 +901,14 @@ func TestDeleteChannel(t *testing.T) { Client = th.Client team = th.BasicTeam user = th.BasicUser + user2 = th.BasicUser2 // channels created by SystemAdmin publicChannel6 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN) privateChannel7 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // successful delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -924,6 +926,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // cannot delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -948,6 +951,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // successful delete by team admin UpdateUserToTeamAdmin(user, team) @@ -976,6 +980,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // cannot delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -1017,6 +1022,7 @@ func TestDeleteChannel(t *testing.T) { privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE) app.AddUserToChannel(user, publicChannel6) app.AddUserToChannel(user, privateChannel7) + app.AddUserToChannel(user2, privateChannel7) // cannot delete by user _, resp = Client.DeleteChannel(publicChannel6.Id) @@ -1056,12 +1062,14 @@ func TestDeleteChannel(t *testing.T) { _, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id) CheckNoError(t, resp) - // last member of a channel should be able to delete it regardless of required permissions + // last member of a public channel should have required permission to delete publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN) - privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE) _, resp = Client.DeleteChannel(publicChannel6.Id) - CheckNoError(t, resp) + CheckForbiddenStatus(t, resp) + + // last member of a private channel should be able to delete it regardless of required permissions + privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE) _, resp = Client.DeleteChannel(privateChannel7.Id) CheckNoError(t, resp) |