MM-21727 add an endpoint to move a command to another team (#13624)

* MM-21727 add an endpoint to move a command to another team

* endpoint
* mock / client
* unit tests

* MM-21727 PR feedback, addressed nits

* MM-21727 remove CommandMove base route

* MM-21272 replace TeamId struct with CommandMoveRequest struct

* MM-21727 fixed typo in CommandMoveRequest struct name

* MM-21727 return not-found for all getCommandById calls

* MM-21727 ensure no command ids leak

* when calling GetCommandById with invalid id return not_found
* when checking perms to manage commands for team return same not_found
* update unit tests to check for not_found

* MM-21727 Rename TeamIdFromCommandMoveRequestJson -> CommandMoveRequestFromJson

api4/command_test.go

@@ -128,13 +128,71 @@ func TestUpdateCommand(t *testing.T) {
 	cmd2.TeamId = team.Id
 
 	_, resp = th.Client.UpdateCommand(cmd2)
-	CheckForbiddenStatus(t, resp)
+	CheckNotFoundStatus(t, resp)
 
 	Client.Logout()
 	_, resp = Client.UpdateCommand(cmd2)
 	CheckUnauthorizedStatus(t, resp)
 }
 
+func TestMoveCommand(t *testing.T) {
+	th := Setup().InitBasic()
+	defer th.TearDown()
+	Client := th.SystemAdminClient
+	user := th.SystemAdminUser
+	team := th.BasicTeam
+	newTeam := th.CreateTeam()
+
+	enableCommands := *th.App.Config().ServiceSettings.EnableCommands
+	defer func() {
+		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands })
+	}()
+	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true })
+
+	cmd1 := &model.Command{
+		CreatorId: user.Id,
+		TeamId:    team.Id,
+		URL:       "http://nowhere.com",
+		Method:    model.COMMAND_METHOD_POST,
+		Trigger:   "trigger1",
+	}
+
+	rcmd1, _ := th.App.CreateCommand(cmd1)
+
+	ok, resp := Client.MoveCommand(newTeam.Id, rcmd1.Id)
+	CheckNoError(t, resp)
+	require.True(t, ok)
+
+	rcmd1, _ = th.App.GetCommand(rcmd1.Id)
+	require.NotNil(t, rcmd1)
+	require.Equal(t, newTeam.Id, rcmd1.TeamId)
+
+	ok, resp = Client.MoveCommand(newTeam.Id, "bogus")
+	CheckBadRequestStatus(t, resp)
+	require.False(t, ok)
+
+	ok, resp = Client.MoveCommand(GenerateTestId(), rcmd1.Id)
+	CheckNotFoundStatus(t, resp)
+	require.False(t, ok)
+
+	cmd2 := &model.Command{
+		CreatorId: user.Id,
+		TeamId:    team.Id,
+		URL:       "http://nowhere.com",
+		Method:    model.COMMAND_METHOD_POST,
+		Trigger:   "trigger2",
+	}
+
+	rcmd2, _ := th.App.CreateCommand(cmd2)
+
+	_, resp = th.Client.MoveCommand(newTeam.Id, rcmd2.Id)
+	CheckNotFoundStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.MoveCommand(newTeam.Id, rcmd2.Id)
+	CheckUnauthorizedStatus(t, resp)
+}
+
 func TestDeleteCommand(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
@@ -185,7 +243,7 @@ func TestDeleteCommand(t *testing.T) {
 	rcmd2, _ := th.App.CreateCommand(cmd2)
 
 	_, resp = th.Client.DeleteCommand(rcmd2.Id)
-	CheckForbiddenStatus(t, resp)
+	CheckNotFoundStatus(t, resp)
 
 	Client.Logout()
 	_, resp = Client.DeleteCommand(rcmd2.Id)
@@ -435,7 +493,7 @@ func TestRegenToken(t *testing.T) {
 	require.NotEqual(t, createdCmd.Token, token, "should update the token")
 
 	token, resp = Client.RegenCommandToken(createdCmd.Id)
-	CheckForbiddenStatus(t, resp)
+	CheckNotFoundStatus(t, resp)
 	require.Empty(t, token, "should not return the token")
 }