IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

MM-56536 Do not update team members scheme roles if user is guest (#25957)

Browse Source 
* MM-56536 Do not update team members scheme roles if user is guest

* feedback review

---------

Co-authored-by: Mattermost Build <build@mattermost.com>
This commit is contained in:
Elias Nahum 2024-02-05 09:05:05 +08:00 committed by GitHub
parent 2a6d5a1da5
commit 8bc3c402d1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/channels/api4/team_test.go
View File

@ -2977,6 +2977,10 @@ func TestUpdateTeamMemberSchemeRoles(t *testing.T) {
require.Error(t, err)
CheckNotFoundStatus(t, resp)
resp, err = SystemAdminClient.UpdateTeamMemberSchemeRoles(context.Background(), th.BasicTeam.Id, th.BasicUser.Id, s4)
require.Error(t, err) // user is a guest, cannot be set as member or admin
CheckBadRequestStatus(t, resp)
resp, err = SystemAdminClient.UpdateTeamMemberSchemeRoles(context.Background(), "ASDF", th.BasicUser.Id, s4)
require.Error(t, err)
CheckBadRequestStatus(t, resp)

16
server/channels/app/team.go
View File

@ -510,14 +510,22 @@ func (a *App) UpdateTeamMemberSchemeRoles(c request.CTX, teamID string, userID s
return nil, err
}
if member.SchemeGuest {
return nil, model.NewAppError("UpdateTeamMemberSchemeRoles", "api.team.update_team_member_roles.guest.app_error", nil, "", http.StatusBadRequest)
}
if isSchemeUser && isSchemeGuest {
return nil, model.NewAppError("UpdateTeamMemberSchemeRoles", "api.team.update_team_member_roles.guest_and_user.app_error", nil, "", http.StatusBadRequest)
}
if isSchemeAdmin && isSchemeGuest {
return nil, model.NewAppError("UpdateTeamMemberSchemeRoles", "api.team.update_team_member_roles.guest_and_admin.app_error", nil, "", http.StatusBadRequest)
}
member.SchemeAdmin = isSchemeAdmin
member.SchemeUser = isSchemeUser
member.SchemeGuest = isSchemeGuest
if member.SchemeUser && member.SchemeGuest {
return nil, model.NewAppError("UpdateTeamMemberSchemeRoles", "api.team.update_team_member_roles.guest_and_user.app_error", nil, "", http.StatusBadRequest)
}
// If the migration is not completed, we also need to check the default team_admin/team_user roles are not present in the roles field.
if err = a.IsPhase2MigrationCompleted(); err != nil {
member.ExplicitRoles = RemoveRoles([]string{model.TeamGuestRoleId, model.TeamUserRoleId, model.TeamAdminRoleId}, member.ExplicitRoles)

8
server/i18n/en.json
View File

@ -3362,6 +3362,14 @@
"id": "api.team.update_restricted_domains.mismatch.app_error",
"translation": "Restricting team to {{ .Domain }} is not allowed by the system config. Please contact your system administrator."
},
{
"id": "api.team.update_team_member_roles.guest.app_error",
"translation": "Invalid team member update: A guest cannot be made team member or team admin, please promote as a user first."
},
{
"id": "api.team.update_team_member_roles.guest_and_admin.app_error",
"translation": "Invalid team member update: A user must cannot be set as a guest and admin at the same time."
},
{
"id": "api.team.update_team_member_roles.guest_and_user.app_error",
"translation": "Invalid team member update: A user must be a guest or a user but not both."