From 1f609e9cf799ddb6bedd5fe3c0eeb36b92ed243d Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Mon, 16 May 2016 12:55:22 -0400 Subject: Check team member instead of session for team admin role when updating/deleting channels (#3007) --- store/sql_team_store.go | 21 +++++++++++++++++++++ store/sql_team_store_test.go | 31 +++++++++++++++++++++++++++++++ store/store.go | 1 + 3 files changed, 53 insertions(+) (limited to 'store') diff --git a/store/sql_team_store.go b/store/sql_team_store.go index c17a45d97..daaa1bac1 100644 --- a/store/sql_team_store.go +++ b/store/sql_team_store.go @@ -411,6 +411,27 @@ func (s SqlTeamStore) UpdateMember(member *model.TeamMember) StoreChannel { return storeChannel } +func (s SqlTeamStore) GetMember(teamId string, userId string) StoreChannel { + storeChannel := make(StoreChannel) + + go func() { + result := StoreResult{} + + var member model.TeamMember + err := s.GetReplica().SelectOne(&member, "SELECT * FROM TeamMembers WHERE TeamId = :TeamId AND UserId = :UserId", map[string]interface{}{"TeamId": teamId, "UserId": userId}) + if err != nil { + result.Err = model.NewLocAppError("SqlTeamStore.GetMember", "store.sql_team.get_member.app_error", nil, "teamId="+teamId+" userId="+userId+" "+err.Error()) + } else { + result.Data = member + } + + storeChannel <- result + close(storeChannel) + }() + + return storeChannel +} + func (s SqlTeamStore) GetMembers(teamId string) StoreChannel { storeChannel := make(StoreChannel) diff --git a/store/sql_team_store_test.go b/store/sql_team_store_test.go index d5ee15bc6..be72786d3 100644 --- a/store/sql_team_store_test.go +++ b/store/sql_team_store_test.go @@ -403,3 +403,34 @@ func TestTeamMembers(t *testing.T) { } } } + +func TestGetTeamMember(t *testing.T) { + Setup() + + teamId1 := model.NewId() + + m1 := &model.TeamMember{TeamId: teamId1, UserId: model.NewId()} + Must(store.Team().SaveMember(m1)) + + if r := <-store.Team().GetMember(m1.TeamId, m1.UserId); r.Err != nil { + t.Fatal(r.Err) + } else { + rm1 := r.Data.(model.TeamMember) + + if rm1.TeamId != m1.TeamId { + t.Fatal("bad team id") + } + + if rm1.UserId != m1.UserId { + t.Fatal("bad user id") + } + } + + if r := <-store.Team().GetMember(m1.TeamId, ""); r.Err == nil { + t.Fatal("empty user id - should have failed") + } + + if r := <-store.Team().GetMember("", m1.UserId); r.Err == nil { + t.Fatal("empty team id - should have failed") + } +} diff --git a/store/store.go b/store/store.go index 7f62fcd97..ebbd2e454 100644 --- a/store/store.go +++ b/store/store.go @@ -61,6 +61,7 @@ type TeamStore interface { AnalyticsTeamCount() StoreChannel SaveMember(member *model.TeamMember) StoreChannel UpdateMember(member *model.TeamMember) StoreChannel + GetMember(teamId string, userId string) StoreChannel GetMembers(teamId string) StoreChannel GetTeamsForUser(userId string) StoreChannel RemoveMember(teamId string, userId string) StoreChannel -- cgit v1.2.3-1-g7c22