From 61b1237c20bc71334acc4f96606a077a6b8c262a Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Wed, 22 Mar 2017 11:13:44 -0400 Subject: Update channel permissions for v4 endpoints (#5829) * Fix join channel permission for v4 endpoint * Allow regular users to get public channels they are not in * Fix unit test --- api4/channel_test.go | 53 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 3 deletions(-) (limited to 'api4/channel_test.go') diff --git a/api4/channel_test.go b/api4/channel_test.go index 754413300..e8e79cebd 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -308,9 +308,24 @@ func TestGetChannel(t *testing.T) { t.Fatal("ids did not match") } - _, resp = Client.GetChannel(model.NewId(), "") + Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) + _, resp = Client.GetChannel(th.BasicChannel.Id, "") + CheckNoError(t, resp) + + channel, resp = Client.GetChannel(th.BasicPrivateChannel.Id, "") + CheckNoError(t, resp) + + if channel.Id != th.BasicPrivateChannel.Id { + t.Fatal("ids did not match") + } + + Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id) + _, resp = Client.GetChannel(th.BasicPrivateChannel.Id, "") CheckForbiddenStatus(t, resp) + _, resp = Client.GetChannel(model.NewId(), "") + CheckNotFoundStatus(t, resp) + Client.Logout() _, resp = Client.GetChannel(th.BasicChannel.Id, "") CheckUnauthorizedStatus(t, resp) @@ -323,6 +338,9 @@ func TestGetChannel(t *testing.T) { _, resp = th.SystemAdminClient.GetChannel(th.BasicChannel.Id, "") CheckNoError(t, resp) + _, resp = th.SystemAdminClient.GetChannel(th.BasicPrivateChannel.Id, "") + CheckNoError(t, resp) + _, resp = th.SystemAdminClient.GetChannel(th.BasicUser.Id, "") CheckNotFoundStatus(t, resp) } @@ -657,9 +675,27 @@ func TestGetChannelByName(t *testing.T) { t.Fatal("names did not match") } + channel, resp = Client.GetChannelByName(th.BasicPrivateChannel.Name, th.BasicTeam.Id, "") + CheckNoError(t, resp) + + if channel.Name != th.BasicPrivateChannel.Name { + t.Fatal("names did not match") + } + + Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) + _, resp = Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") + CheckNoError(t, resp) + + Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id) + _, resp = Client.GetChannelByName(th.BasicPrivateChannel.Name, th.BasicTeam.Id, "") + CheckForbiddenStatus(t, resp) + _, resp = Client.GetChannelByName(GenerateTestChannelName(), th.BasicTeam.Id, "") CheckNotFoundStatus(t, resp) + _, resp = Client.GetChannelByName(GenerateTestChannelName(), "junk", "") + CheckBadRequestStatus(t, resp) + Client.Logout() _, resp = Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") CheckUnauthorizedStatus(t, resp) @@ -861,8 +897,8 @@ func TestGetChannelMembersForUser(t *testing.T) { members, resp := Client.GetChannelMembersForUser(th.BasicUser.Id, th.BasicTeam.Id, "") CheckNoError(t, resp) - if len(*members) != 4 { - t.Fatal("should have 4 members on team") + if len(*members) != 5 { + t.Fatal("should have 5 members on team") } _, resp = Client.GetChannelMembersForUser("", th.BasicTeam.Id, "") @@ -1149,6 +1185,10 @@ func TestAddChannelMember(t *testing.T) { t.Fatal("should have returned exact user added to private channel") } + Client.RemoveUserFromChannel(publicChannel.Id, user.Id) + _, resp = Client.AddChannelMember(publicChannel.Id, user.Id) + CheckNoError(t, resp) + cm, resp = Client.AddChannelMember(publicChannel.Id, "junk") CheckBadRequestStatus(t, resp) @@ -1227,6 +1267,9 @@ func TestRemoveChannelMember(t *testing.T) { _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, model.NewId()) CheckNotFoundStatus(t, resp) + _, resp = Client.RemoveUserFromChannel(model.NewId(), th.BasicUser2.Id) + CheckNotFoundStatus(t, resp) + th.LoginBasic2() _, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id) CheckForbiddenStatus(t, resp) @@ -1248,6 +1291,10 @@ func TestRemoveChannelMember(t *testing.T) { _, resp = Client.RemoveUserFromChannel(private.Id, th.BasicUser2.Id) CheckNoError(t, resp) + th.LoginBasic2() + _, resp = Client.RemoveUserFromChannel(private.Id, th.BasicUser.Id) + CheckForbiddenStatus(t, resp) + _, resp = th.SystemAdminClient.RemoveUserFromChannel(private.Id, th.BasicUser.Id) CheckNoError(t, resp) } -- cgit v1.2.3-1-g7c22