summaryrefslogtreecommitdiffstats
path: root/api4
diff options
context:
space:
mode:
Diffstat (limited to 'api4')
-rw-r--r--api4/channel.go20
-rw-r--r--api4/channel_test.go14
2 files changed, 20 insertions, 14 deletions
diff --git a/api4/channel.go b/api4/channel.go
index 26892bf2f..604c47464 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -428,7 +428,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques
return
}
- if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page * c.Params.PerPage, c.Params.PerPage); err != nil {
+ if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil {
c.Err = err
return
} else {
@@ -540,17 +540,15 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- // Allow delete if user is the only member left in channel
- if memberCount > 1 {
- if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
- c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
- return
- }
+ if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
+ c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
+ return
+ }
- if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
- c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
- return
- }
+ // Allow delete if there's only one member left in a private channel
+ if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
+ c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
+ return
}
err = app.DeleteChannel(channel, c.Session.UserId)
diff --git a/api4/channel_test.go b/api4/channel_test.go
index e1b5ee5a7..a1c5d2ad8 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -901,12 +901,14 @@ func TestDeleteChannel(t *testing.T) {
Client = th.Client
team = th.BasicTeam
user = th.BasicUser
+ user2 = th.BasicUser2
// channels created by SystemAdmin
publicChannel6 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN)
privateChannel7 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
+ app.AddUserToChannel(user2, privateChannel7)
// successful delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -924,6 +926,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
+ app.AddUserToChannel(user2, privateChannel7)
// cannot delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -948,6 +951,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
+ app.AddUserToChannel(user2, privateChannel7)
// successful delete by team admin
UpdateUserToTeamAdmin(user, team)
@@ -976,6 +980,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
+ app.AddUserToChannel(user2, privateChannel7)
// cannot delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1017,6 +1022,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
+ app.AddUserToChannel(user2, privateChannel7)
// cannot delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1056,12 +1062,14 @@ func TestDeleteChannel(t *testing.T) {
_, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id)
CheckNoError(t, resp)
- // last member of a channel should be able to delete it regardless of required permissions
+ // last member of a public channel should have required permission to delete
publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN)
- privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
_, resp = Client.DeleteChannel(publicChannel6.Id)
- CheckNoError(t, resp)
+ CheckForbiddenStatus(t, resp)
+
+ // last member of a private channel should be able to delete it regardless of required permissions
+ privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
_, resp = Client.DeleteChannel(privateChannel7.Id)
CheckNoError(t, resp)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-08-18 00:33:47 +0000