IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

[PLT-6838] Restrict channel delete option per permission policy even for last channel member (#6706)

Browse Source 
* channel delete option is hidden from the menu unless there is appropriate permissions as set in the policy page

* apply to public channel only and add restriction to API layer

* updated channel deletion
This commit is contained in:
Saturnino Abril
2017-07-05 06:32:27 +08:00
committed by GitHub
parent 6d6ed309b9
commit 8f8a978e84
6 changed files with 45 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
api4/channel.go
View File

@@ -428,7 +428,7 @@ func getDeletedChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Reques
return
}
if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page * c.Params.PerPage, c.Params.PerPage); err != nil {
if channels, err := app.GetDeletedChannels(c.Params.TeamId, c.Params.Page*c.Params.PerPage, c.Params.PerPage); err != nil {
c.Err = err
return
} else {
@@ -540,17 +540,15 @@ func deleteChannel(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
// Allow delete if user is the only member left in channel
if memberCount > 1 {
if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
return
}
if channel.Type == model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL) {
c.SetPermissionError(model.PERMISSION_DELETE_PUBLIC_CHANNEL)
return
}
if channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
return
}
// Allow delete if there's only one member left in a private channel
if memberCount > 1 && channel.Type == model.CHANNEL_PRIVATE && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL) {
c.SetPermissionError(model.PERMISSION_DELETE_PRIVATE_CHANNEL)
return
}
err = app.DeleteChannel(channel, c.Session.UserId)

14
api4/channel_test.go
View File

@@ -901,12 +901,14 @@ func TestDeleteChannel(t *testing.T) {
Client = th.Client
team = th.BasicTeam
user = th.BasicUser
user2 = th.BasicUser2
// channels created by SystemAdmin
publicChannel6 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN)
privateChannel7 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
app.AddUserToChannel(user2, privateChannel7)
// successful delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -924,6 +926,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
app.AddUserToChannel(user2, privateChannel7)
// cannot delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -948,6 +951,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
app.AddUserToChannel(user2, privateChannel7)
// successful delete by team admin
UpdateUserToTeamAdmin(user, team)
@@ -976,6 +980,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
app.AddUserToChannel(user2, privateChannel7)
// cannot delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1017,6 +1022,7 @@ func TestDeleteChannel(t *testing.T) {
privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
app.AddUserToChannel(user, publicChannel6)
app.AddUserToChannel(user, privateChannel7)
app.AddUserToChannel(user2, privateChannel7)
// cannot delete by user
_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1056,12 +1062,14 @@ func TestDeleteChannel(t *testing.T) {
_, resp = th.SystemAdminClient.DeleteChannel(privateChannel7.Id)
CheckNoError(t, resp)
// last member of a channel should be able to delete it regardless of required permissions
// last member of a public channel should have required permission to delete
publicChannel6 = th.CreateChannelWithClient(th.Client, model.CHANNEL_OPEN)
privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
_, resp = Client.DeleteChannel(publicChannel6.Id)
CheckNoError(t, resp)
CheckForbiddenStatus(t, resp)
// last member of a private channel should be able to delete it regardless of required permissions
privateChannel7 = th.CreateChannelWithClient(th.Client, model.CHANNEL_PRIVATE)
_, resp = Client.DeleteChannel(privateChannel7.Id)
CheckNoError(t, resp)

6
webapp/components/channel_header.jsx
View File

@@ -720,11 +720,7 @@ export default class ChannelHeader extends React.Component {
);
}
if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin)) {
if (!ChannelStore.isDefault(channel)) {
dropdownContents.push(deleteOption);
}
} else if (this.state.userCount === 1) {
if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin, this.state.userCount)) {
dropdownContents.push(deleteOption);
}

1
webapp/components/delete_channel_modal.jsx
View File

@@ -33,6 +33,7 @@ export default class DeleteChannelModal extends React.Component {
browserHistory.push(TeamStore.getCurrentTeamRelativeUrl() + '/channels/town-square');
deleteChannel(this.props.channel.id);
this.onHide();
}
onHide() {

32
webapp/components/navbar.jsx
View File

@@ -529,23 +529,21 @@ export default class Navbar extends React.Component {
);
}
if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin) || this.state.userCount === 1) {
if (!ChannelStore.isDefault(channel)) {
deleteChannelOption = (
<li role='presentation'>
<ToggleModalButton
role='menuitem'
dialogType={DeleteChannelModal}
dialogProps={{channel}}
>
<FormattedMessage
id='channel_header.delete'
defaultMessage='Delete Channel'
/>
</ToggleModalButton>
</li>
);
}
if (ChannelUtils.showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin, this.state.userCount)) {
deleteChannelOption = (
<li role='presentation'>
<ToggleModalButton
role='menuitem'
dialogType={DeleteChannelModal}
dialogProps={{channel}}
>
<FormattedMessage
id='channel_header.delete'
defaultMessage='Delete Channel'
/>
</ToggleModalButton>
</li>
);
}
const canLeave = channel.type === Constants.PRIVATE_CHANNEL ? this.state.userCount > 1 : true;

9
webapp/utils/channel_utils.jsx
View File

@@ -190,11 +190,15 @@ export function showManagementOptions(channel, isAdmin, isSystemAdmin, isChannel
return true;
}
export function showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin) {
export function showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin, userCount) {
if (global.window.mm_license.IsLicensed !== 'true') {
return true;
}
if (ChannelStore.isDefault(channel)) {
return false;
}
if (channel.type === Constants.OPEN_CHANNEL) {
if (global.window.mm_config.RestrictPublicChannelDeletion === Constants.PERMISSIONS_SYSTEM_ADMIN && !isSystemAdmin) {
return false;
@@ -206,6 +210,9 @@ export function showDeleteOption(channel, isAdmin, isSystemAdmin, isChannelAdmin
return false;
}
} else if (channel.type === Constants.PRIVATE_CHANNEL) {
if (userCount === 1) {
return true;
}
if (global.window.mm_config.RestrictPrivateChannelDeletion === Constants.PERMISSIONS_SYSTEM_ADMIN && !isSystemAdmin) {
return false;
}