teams: editor/viewer team admin cant remove the last admin.

This commit is contained in:
Leonard Gram 2019-03-13 10:11:53 +01:00
parent 246e128048
commit c420af16b1
4 changed files with 33 additions and 6 deletions

View File

@ -67,6 +67,10 @@ func UpdateTeamMember(c *m.ReqContext, cmd m.UpdateTeamMemberCommand) Response {
return Error(403, "Not allowed to update team member", err)
}
if c.OrgRole != m.ROLE_ADMIN {
cmd.ProtectLastAdmin = true
}
cmd.TeamId = teamId
cmd.UserId = c.ParamsInt64(":userId")
cmd.OrgId = orgId
@ -91,7 +95,7 @@ func (hs *HTTPServer) RemoveTeamMember(c *m.ReqContext) Response {
}
protectLastAdmin := false
if c.OrgRole == m.ROLE_EDITOR {
if c.OrgRole != m.ROLE_ADMIN {
protectLastAdmin = true
}

View File

@ -35,10 +35,11 @@ type AddTeamMemberCommand struct {
}
type UpdateTeamMemberCommand struct {
UserId int64 `json:"-"`
OrgId int64 `json:"-"`
TeamId int64 `json:"-"`
Permission PermissionType `json:"permission"`
UserId int64 `json:"-"`
OrgId int64 `json:"-"`
TeamId int64 `json:"-"`
Permission PermissionType `json:"permission"`
ProtectLastAdmin bool `json:"-"`
}
type RemoveTeamMemberCommand struct {

View File

@ -271,6 +271,18 @@ func UpdateTeamMember(cmd *m.UpdateTeamMemberCommand) error {
return m.ErrTeamMemberNotFound
}
if cmd.ProtectLastAdmin {
lastAdmin, err := isLastAdmin(sess, cmd.OrgId, cmd.TeamId, cmd.UserId)
if err != nil {
return err
}
if lastAdmin {
return m.ErrLastTeamAdmin
}
}
if cmd.Permission != m.PERMISSION_ADMIN {
cmd.Permission = 0
}

View File

@ -190,11 +190,21 @@ func TestTeamCommandsAndQueries(t *testing.T) {
})
Convey("A user should be able to remove an admin if there are other admins", func() {
err = AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
err = RemoveTeamMember(&m.RemoveTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], ProtectLastAdmin: true})
So(err, ShouldEqual, nil)
})
Convey("A user should not be able to remove the admin permission for the last admin", func() {
err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
So(err, ShouldEqual, m.ErrLastTeamAdmin)
})
Convey("A user should be able to remove the admin permission if there are other admins", func() {
AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
So(err, ShouldEqual, nil)
})
})
Convey("Should be able to remove a group with users and permissions", func() {