From a14e44b4ec19f7005328aa28d9137d25d30dd4eb Mon Sep 17 00:00:00 2001 From: Saturnino Abril Date: Tue, 21 Feb 2017 21:13:26 +0900 Subject: Implement endpoint for APIv4: PUT /teams/{team_id}/members/{user_id}/roles (#5471) --- api4/team_test.go | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) (limited to 'api4/team_test.go') diff --git a/api4/team_test.go b/api4/team_test.go index 4381f903c..8f0becaa7 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -283,3 +283,81 @@ func TestGetTeamStats(t *testing.T) { _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") CheckUnauthorizedStatus(t, resp) } + +func TestUpdateTeamMemberRoles(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + SystemAdminClient := th.SystemAdminClient + + const TEAM_MEMBER = "team_user" + const TEAM_ADMIN = "team_user team_admin" + + // user 1 tries to promote user 2 + ok, resp := Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) + CheckForbiddenStatus(t, resp) + if ok { + t.Fatal("should have returned false") + } + + // user 1 tries to promote himself + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) + CheckForbiddenStatus(t, resp) + + // user 1 tries to demote someone + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) + CheckForbiddenStatus(t, resp) + + // system admin promotes user 1 + ok, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) + CheckNoError(t, resp) + if !ok { + t.Fatal("should have returned true") + } + + // user 1 (team admin) promotes user 2 + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) + CheckNoError(t, resp) + + // user 1 (team admin) demotes user 2 (team admin) + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) + CheckNoError(t, resp) + + // user 1 (team admin) tries to demote system admin (not member of a team) + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) + CheckBadRequestStatus(t, resp) + + // user 1 (team admin) demotes system admin (member of a team) + LinkUserToTeam(th.SystemAdminUser, th.BasicTeam) + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) + CheckNoError(t, resp) + // Note from API v3 + // Note to anyone who thinks this (above) test is wrong: + // This operation will not affect the system admin's permissions because they have global access to all teams. + // Their team level permissions are irrelavent. A team admin should be able to manage team level permissions. + + // System admins should be able to manipulate permission no matter what their team level permissions are. + // system admin promotes user 2 + _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) + CheckNoError(t, resp) + + // system admin demotes user 2 (team admin) + _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) + CheckNoError(t, resp) + + // user 1 (team admin) tries to promote himself to a random team + _, resp = Client.UpdateTeamMemberRoles(model.NewId(), th.BasicUser.Id, TEAM_ADMIN) + CheckForbiddenStatus(t, resp) + + // user 1 (team admin) tries to promote a random user + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, model.NewId(), TEAM_ADMIN) + CheckBadRequestStatus(t, resp) + + // user 1 (team admin) tries to promote invalid team permission + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, "junk") + CheckBadRequestStatus(t, resp) + + // user 1 (team admin) demotes himself + _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_MEMBER) + CheckNoError(t, resp) +} -- cgit v1.2.3-1-g7c22