diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/team.go | 14 | ||||
-rw-r--r-- | api/team_test.go | 51 |
2 files changed, 61 insertions, 4 deletions
diff --git a/api/team.go b/api/team.go index 0f7298b57..cb942bb35 100644 --- a/api/team.go +++ b/api/team.go @@ -394,11 +394,23 @@ func revokeAllSessions(c *Context, w http.ResponseWriter, r *http.Request) { func inviteMembers(c *Context, w http.ResponseWriter, r *http.Request) { invites := model.InvitesFromJson(r.Body) if len(invites.Invites) == 0 { - c.Err = model.NewLocAppError("Team.InviteMembers", "api.team.invite_members.no_one.app_error", nil, "") + c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.no_one.app_error", nil, "") c.Err.StatusCode = http.StatusBadRequest return } + if utils.IsLicensed { + if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.TEAM_INVITE_SYSTEM_ADMIN && !c.IsSystemAdmin() { + c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.restricted_system_admin.app_error", nil, "") + return + } + + if *utils.Cfg.TeamSettings.RestrictTeamInvite == model.TEAM_INVITE_TEAM_ADMIN && !c.IsTeamAdmin() { + c.Err = model.NewLocAppError("inviteMembers", "api.team.invite_members.restricted_team_admin.app_error", nil, "") + return + } + } + tchan := Srv.Store.Team().Get(c.TeamId) uchan := Srv.Store.User().Get(c.Session.UserId) diff --git a/api/team_test.go b/api/team_test.go index 30952b4d8..91c73bed5 100644 --- a/api/team_test.go +++ b/api/team_test.go @@ -363,9 +363,10 @@ func TestTeamPermDelete(t *testing.T) { } func TestInviteMembers(t *testing.T) { - th := Setup().InitBasic() + th := Setup().InitBasic().InitSystemAdmin() th.BasicClient.Logout() Client := th.BasicClient + SystemAdminClient := th.SystemAdminClient team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) @@ -389,10 +390,54 @@ func TestInviteMembers(t *testing.T) { t.Fatal(err) } - invites = &model.Invites{Invites: []map[string]string{}} - if _, err := Client.InviteMembers(invites); err == nil { + invites2 := &model.Invites{Invites: []map[string]string{}} + if _, err := Client.InviteMembers(invites2); err == nil { t.Fatal("Should have errored out on no invites to send") } + + restrictTeamInvite := *utils.Cfg.TeamSettings.RestrictTeamInvite + defer func() { + *utils.Cfg.TeamSettings.RestrictTeamInvite = restrictTeamInvite + }() + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.TEAM_INVITE_TEAM_ADMIN + + th.LoginBasic2() + LinkUserToTeam(th.BasicUser2, team) + + if _, err := Client.InviteMembers(invites); err != nil { + t.Fatal(err) + } + + isLicensed := utils.IsLicensed + defer func() { + utils.IsLicensed = isLicensed + }() + utils.IsLicensed = true + + if _, err := Client.InviteMembers(invites); err == nil { + t.Fatal("should have errored not team admin and licensed") + } + + UpdateUserToTeamAdmin(th.BasicUser2, team) + Client.Logout() + th.LoginBasic2() + Client.SetTeamId(team.Id) + + if _, err := Client.InviteMembers(invites); err != nil { + t.Fatal(err) + } + + *utils.Cfg.TeamSettings.RestrictTeamInvite = model.TEAM_INVITE_SYSTEM_ADMIN + + if _, err := Client.InviteMembers(invites); err == nil { + t.Fatal("should have errored not system admin and licensed") + } + + LinkUserToTeam(th.SystemAdminUser, team) + + if _, err := SystemAdminClient.InviteMembers(invites); err != nil { + t.Fatal(err) + } } func TestUpdateTeamDisplayName(t *testing.T) { |