From 6b7a35b653cbb3fdcd27a542c8a7faec4352d153 Mon Sep 17 00:00:00 2001 From: Jesse Hallam Date: Thu, 5 Jul 2018 03:17:43 -0400 Subject: MM-11118: disallow deleting direct or group channels (#9054) --- api4/channel.go | 5 +++++ api4/channel_test.go | 38 ++++++++++++++++++++++++++++++++++++++ i18n/en.json | 4 ++++ 3 files changed, 47 insertions(+) diff --git a/api4/channel.go b/api4/channel.go index cb9112677..1afadf39b 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -638,6 +638,11 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } + if channel.Type == model.CHANNEL_DIRECT || channel.Type == model.CHANNEL_GROUP { + c.Err = model.NewAppError("deleteChannel", "api.channel.delete_channel.type.invalid", nil, "", http.StatusBadRequest) + return + } + if channel.Type == model.CHANNEL_OPEN && !c.App.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) { c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL) return diff --git a/api4/channel_test.go b/api4/channel_test.go index d66c2a640..ab751f151 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -16,6 +16,7 @@ import ( "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/utils" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestCreateChannel(t *testing.T) { @@ -320,6 +321,23 @@ func TestCreateDirectChannel(t *testing.T) { CheckNoError(t, resp) } +func TestDeleteDirectChannel(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer th.TearDown() + Client := th.Client + user := th.BasicUser + user2 := th.BasicUser2 + + rgc, resp := Client.CreateDirectChannel(user.Id, user2.Id) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + require.NotNil(t, rgc, "should have created a direct channel") + + deleted, resp := Client.DeleteChannel(rgc.Id) + CheckErrorMessage(t, resp, "api.channel.delete_channel.type.invalid") + require.False(t, deleted, "should not have been able to delete direct channel.") +} + func TestCreateGroupChannel(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer th.TearDown() @@ -392,6 +410,26 @@ func TestCreateGroupChannel(t *testing.T) { CheckNoError(t, resp) } +func TestDeleteGroupChannel(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer th.TearDown() + Client := th.Client + user := th.BasicUser + user2 := th.BasicUser2 + user3 := th.CreateUser() + + userIds := []string{user.Id, user2.Id, user3.Id} + + rgc, resp := Client.CreateGroupChannel(userIds) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + require.NotNil(t, rgc, "should have created a group channel") + + deleted, resp := Client.DeleteChannel(rgc.Id) + CheckErrorMessage(t, resp, "api.channel.delete_channel.type.invalid") + require.False(t, deleted, "should not have been able to delete group channel.") +} + func TestGetChannel(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer th.TearDown() diff --git a/i18n/en.json b/i18n/en.json index 36bf8772b..730fc2b63 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -159,6 +159,10 @@ "id": "api.channel.delete_channel.deleted.app_error", "translation": "The channel has been archived or deleted" }, + { + "id": "api.channel.delete_channel.type.invalid", + "translation": "Cannot delete direct or group message channels" + }, { "id": "api.channel.join_channel.already_deleted.app_error", "translation": "Channel is already deleted" -- cgit v1.2.3-1-g7c22 From 8d3ea1bbf6f6ef6164d26b6801c46cfe7f936fa1 Mon Sep 17 00:00:00 2001 From: Asaad Mahmood Date: Thu, 5 Jul 2018 12:18:26 +0500 Subject: MM-10766 - Replacing default profile image font (#8955) * Updating default profile pic font * Updating profile image font * Updating test * Use new default font if configured for old one * Update OFL.txt --- app/user.go | 25 +++++++++---- app/user_test.go | 2 +- config/default.json | 2 +- fonts/OFL.txt | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++ fonts/luximbi.ttf | Bin 69872 -> 0 bytes fonts/nunito-bold.ttf | Bin 0 -> 115852 bytes model/config.go | 4 +-- 7 files changed, 117 insertions(+), 11 deletions(-) create mode 100755 fonts/OFL.txt delete mode 100644 fonts/luximbi.ttf create mode 100755 fonts/nunito-bold.ttf diff --git a/app/user.go b/app/user.go index b00ef19ef..acd3ee9aa 100644 --- a/app/user.go +++ b/app/user.go @@ -24,6 +24,7 @@ import ( "github.com/disintegration/imaging" "github.com/golang/freetype" + "github.com/golang/freetype/truetype" "github.com/mattermost/mattermost-server/einterfaces" "github.com/mattermost/mattermost-server/mlog" "github.com/mattermost/mattermost-server/model" @@ -696,12 +697,7 @@ func CreateProfileImage(username string, userId string, initialFont string) ([]b initial := string(strings.ToUpper(username)[0]) - fontDir, _ := utils.FindDir("fonts") - fontBytes, err := ioutil.ReadFile(filepath.Join(fontDir, initialFont)) - if err != nil { - return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) - } - font, err := freetype.ParseFont(fontBytes) + font, err := getFont(initialFont) if err != nil { return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) } @@ -719,7 +715,7 @@ func CreateProfileImage(username string, userId string, initialFont string) ([]b c.SetDst(dstImg) c.SetSrc(srcImg) - pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/6, IMAGE_PROFILE_PIXEL_DIMENSION*2/3) + pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/5, IMAGE_PROFILE_PIXEL_DIMENSION*2/3) _, err = c.DrawString(initial, pt) if err != nil { return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.initial.app_error", nil, err.Error(), http.StatusInternalServerError) @@ -734,6 +730,21 @@ func CreateProfileImage(username string, userId string, initialFont string) ([]b } } +func getFont(initialFont string) (*truetype.Font, error) { + // Some people have the old default font still set, so just treat that as if they're using the new default + if initialFont == "luximbi.ttf" { + initialFont = "nunito-bold.ttf" + } + + fontDir, _ := utils.FindDir("fonts") + fontBytes, err := ioutil.ReadFile(filepath.Join(fontDir, initialFont)) + if err != nil { + return nil, err + } + + return freetype.ParseFont(fontBytes) +} + func (a *App) GetProfileImage(user *model.User) ([]byte, bool, *model.AppError) { var img []byte readFailed := false diff --git a/app/user_test.go b/app/user_test.go index 7952eaa1f..959455121 100644 --- a/app/user_test.go +++ b/app/user_test.go @@ -97,7 +97,7 @@ func TestCreateOAuthUser(t *testing.T) { } func TestCreateProfileImage(t *testing.T) { - b, err := CreateProfileImage("Corey Hulen", "eo1zkdr96pdj98pjmq8zy35wba", "luximbi.ttf") + b, err := CreateProfileImage("Corey Hulen", "eo1zkdr96pdj98pjmq8zy35wba", "nunito-bold.ttf") if err != nil { t.Fatal(err) } diff --git a/config/default.json b/config/default.json index 2bfef25cf..a4487888e 100644 --- a/config/default.json +++ b/config/default.json @@ -152,7 +152,7 @@ "Directory": "./data/", "EnablePublicLink": false, "PublicLinkSalt": "", - "InitialFont": "luximbi.ttf", + "InitialFont": "nunito-bold.ttf", "AmazonS3AccessKeyId": "", "AmazonS3SecretAccessKey": "", "AmazonS3Bucket": "", diff --git a/fonts/OFL.txt b/fonts/OFL.txt new file mode 100755 index 000000000..2f3aa8de7 --- /dev/null +++ b/fonts/OFL.txt @@ -0,0 +1,95 @@ +Copyright 2014 The Nunito Project Authors (contact@sansoxygen.com) + +This Font Software is licensed under the SIL Open Font License, Version 1.1. +This license is copied below, and is also available with a FAQ at: +http://scripts.sil.org/OFL + +The font was downloaded from https://fonts.google.com/specimen/Nunito?selection.family=Nunito:700 +Its source is available at https://github.com/google/fonts/blob/master/ofl/nunito/Nunito-Bold.ttf + +----------------------------------------------------------- +SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007 +----------------------------------------------------------- + +PREAMBLE +The goals of the Open Font License (OFL) are to stimulate worldwide +development of collaborative font projects, to support the font creation +efforts of academic and linguistic communities, and to provide a free and +open framework in which fonts may be shared and improved in partnership +with others. + +The OFL allows the licensed fonts to be used, studied, modified and +redistributed freely as long as they are not sold by themselves. The +fonts, including any derivative works, can be bundled, embedded, +redistributed and/or sold with any software provided that any reserved +names are not used by derivative works. The fonts and derivatives, +however, cannot be released under any other type of license. The +requirement for fonts to remain under this license does not apply +to any document created using the fonts or their derivatives. + +DEFINITIONS +"Font Software" refers to the set of files released by the Copyright +Holder(s) under this license and clearly marked as such. This may +include source files, build scripts and documentation. + +"Reserved Font Name" refers to any names specified as such after the +copyright statement(s). + +"Original Version" refers to the collection of Font Software components as +distributed by the Copyright Holder(s). + +"Modified Version" refers to any derivative made by adding to, deleting, +or substituting -- in part or in whole -- any of the components of the +Original Version, by changing formats or by porting the Font Software to a +new environment. + +"Author" refers to any designer, engineer, programmer, technical +writer or other person who contributed to the Font Software. + +PERMISSION & CONDITIONS +Permission is hereby granted, free of charge, to any person obtaining +a copy of the Font Software, to use, study, copy, merge, embed, modify, +redistribute, and sell modified and unmodified copies of the Font +Software, subject to the following conditions: + +1) Neither the Font Software nor any of its individual components, +in Original or Modified Versions, may be sold by itself. + +2) Original or Modified Versions of the Font Software may be bundled, +redistributed and/or sold with any software, provided that each copy +contains the above copyright notice and this license. These can be +included either as stand-alone text files, human-readable headers or +in the appropriate machine-readable metadata fields within text or +binary files as long as those fields can be easily viewed by the user. + +3) No Modified Version of the Font Software may use the Reserved Font +Name(s) unless explicit written permission is granted by the corresponding +Copyright Holder. This restriction only applies to the primary font name as +presented to the users. + +4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font +Software shall not be used to promote, endorse or advertise any +Modified Version, except to acknowledge the contribution(s) of the +Copyright Holder(s) and the Author(s) or with their explicit written +permission. + +5) The Font Software, modified or unmodified, in part or in whole, +must be distributed entirely under this license, and must not be +distributed under any other license. The requirement for fonts to +remain under this license does not apply to any document created +using the Font Software. + +TERMINATION +This license becomes null and void if any of the above conditions are +not met. + +DISCLAIMER +THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT +OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE +COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL +DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM +OTHER DEALINGS IN THE FONT SOFTWARE. diff --git a/fonts/luximbi.ttf b/fonts/luximbi.ttf deleted file mode 100644 index 734201bed..000000000 Binary files a/fonts/luximbi.ttf and /dev/null differ diff --git a/fonts/nunito-bold.ttf b/fonts/nunito-bold.ttf new file mode 100755 index 000000000..d20373348 Binary files /dev/null and b/fonts/nunito-bold.ttf differ diff --git a/model/config.go b/model/config.go index 7b3a197b5..7105af893 100644 --- a/model/config.go +++ b/model/config.go @@ -774,8 +774,8 @@ func (s *FileSettings) SetDefaults() { } if s.InitialFont == "" { - // Defaults to "luximbi.ttf" - s.InitialFont = "luximbi.ttf" + // Defaults to "nunito-bold.ttf" + s.InitialFont = "nunito-bold.ttf" } if s.Directory == "" { -- cgit v1.2.3-1-g7c22 From 0896b5c64ef224f0f8835b9727d1c1b94cbe7c29 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Fri, 6 Jul 2018 09:07:36 +0100 Subject: MM-11106: Allow systeadmin webook to post to read only town square. (#9051) --- app/webhook.go | 11 ++++++++++- web/web_test.go | 15 ++++++++++----- web/webhook_test.go | 29 +++++++++++++++++++++++------ 3 files changed, 43 insertions(+), 12 deletions(-) diff --git a/app/webhook.go b/app/webhook.go index c887fec97..8926c94a8 100644 --- a/app/webhook.go +++ b/app/webhook.go @@ -587,6 +587,8 @@ func (a *App) HandleIncomingWebhook(hookId string, req *model.IncomingWebhookReq hook = result.Data.(*model.IncomingWebhook) } + uchan := a.Srv.Store.User().Get(hook.UserId) + if len(req.Props) == 0 { req.Props = make(model.StringInterface) } @@ -637,8 +639,15 @@ func (a *App) HandleIncomingWebhook(hookId string, req *model.IncomingWebhookReq return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel_locked.app_error", nil, "", http.StatusForbidden) } + var user *model.User + if result := <-uchan; result.Err != nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.user.app_error", nil, "err="+result.Err.Message, http.StatusForbidden) + } else { + user = result.Data.(*model.User) + } + if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly && - channel.Name == model.DEFAULT_CHANNEL { + channel.Name == model.DEFAULT_CHANNEL && !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) { return model.NewAppError("HandleIncomingWebhook", "api.post.create_post.town_square_read_only", nil, "", http.StatusForbidden) } diff --git a/web/web_test.go b/web/web_test.go index b53ed9618..4befa8e37 100644 --- a/web/web_test.go +++ b/web/web_test.go @@ -37,10 +37,13 @@ func StopTestStore() { } type TestHelper struct { - App *app.App - BasicUser *model.User - BasicChannel *model.Channel - BasicTeam *model.Team + App *app.App + + BasicUser *model.User + BasicChannel *model.Channel + BasicTeam *model.Team + + SystemAdminUser *model.User } func Setup() *TestHelper { @@ -77,7 +80,9 @@ func Setup() *TestHelper { } func (th *TestHelper) InitBasic() *TestHelper { - user, _ := th.App.CreateUser(&model.User{Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1", EmailVerified: true, Roles: model.SYSTEM_ADMIN_ROLE_ID}) + th.SystemAdminUser, _ = th.App.CreateUser(&model.User{Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1", EmailVerified: true, Roles: model.SYSTEM_ADMIN_ROLE_ID}) + + user, _ := th.App.CreateUser(&model.User{Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1", EmailVerified: true, Roles: model.SYSTEM_USER_ROLE_ID}) team, _ := th.App.CreateTeam(&model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: user.Email, Type: model.TEAM_OPEN}) diff --git a/web/webhook_test.go b/web/webhook_test.go index 64ce7bf25..07fca70ed 100644 --- a/web/webhook_test.go +++ b/web/webhook_test.go @@ -97,13 +97,30 @@ func TestIncomingWebhook(t *testing.T) { assert.True(t, resp.StatusCode == http.StatusOK) }) - t.Run("WebhookExperimentReadOnly", func(t *testing.T) { - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = false }) - _, err := http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", model.DEFAULT_CHANNEL))) - assert.Nil(t, err, "Not read only") - - th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = true }) + t.Run("WebhookExperimentalReadOnly", func(t *testing.T) { th.App.SetLicense(model.NewTestLicense()) + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = true }) + + // Read only default channel should fail. + resp, err := http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", model.DEFAULT_CHANNEL))) + require.Nil(t, err) + assert.True(t, resp.StatusCode != http.StatusOK) + + // None-default channel should still work. + resp, err = http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", th.BasicChannel.Name))) + require.Nil(t, err) + assert.True(t, resp.StatusCode == http.StatusOK) + + // System-Admin Owned Hook + adminHook, err := th.App.CreateIncomingWebhookForChannel(th.SystemAdminUser.Id, th.BasicChannel, &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}) + require.Nil(t, err) + adminUrl := ApiClient.Url + "/hooks/" + adminHook.Id + + resp, err = http.Post(adminUrl, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", model.DEFAULT_CHANNEL))) + require.Nil(t, err) + assert.True(t, resp.StatusCode == http.StatusOK) + + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = false }) }) t.Run("WebhookAttachments", func(t *testing.T) { -- cgit v1.2.3-1-g7c22