IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Return http.StatusNotFound error when trying to get a channel by name without permissions (#13443)

Browse Source
This commit is contained in:
Claudio Costa
2019-12-23 21:46:52 +01:00
committed by GitHub
parent b3e49ec45c
commit 9ab7bee0a6
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api4/channel.go
View File

@@ -992,7 +992,7 @@ func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) {
}
} else {
if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
c.Err = model.NewAppError("getChannelByName", store.MISSING_CHANNEL_ERROR, nil, "teamId="+channel.TeamId+", "+"name="+channel.Name+"", http.StatusNotFound)
return
}
}
@@ -1021,7 +1021,7 @@ func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Requ
}
if !c.App.SessionHasPermissionToChannel(c.App.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
c.Err = model.NewAppError("getChannelByNameForTeamName", store.MISSING_CHANNEL_ERROR, nil, "teamId="+channel.TeamId+", "+"name="+channel.Name+"", http.StatusNotFound)
return
}

4
api4/channel_test.go
View File

@@ -1500,7 +1500,7 @@ func TestGetChannelByName(t *testing.T) {
Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id)
_, resp = Client.GetChannelByName(th.BasicPrivateChannel.Name, th.BasicTeam.Id, "")
CheckForbiddenStatus(t, resp)
CheckNotFoundStatus(t, resp)
_, resp = Client.GetChannelByName(GenerateTestChannelName(), th.BasicTeam.Id, "")
CheckNotFoundStatus(t, resp)
@@ -1553,7 +1553,7 @@ func TestGetChannelByNameForTeamName(t *testing.T) {
user := th.CreateUser()
Client.Login(user.Email, user.Password)
_, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "")
CheckForbiddenStatus(t, resp)
CheckNotFoundStatus(t, resp)
}
func TestGetChannelMembers(t *testing.T) {

2
store/sqlstore/channel_store.go
View File

@@ -1181,7 +1181,7 @@ func (s SqlChannelStore) getByName(teamId string, name string, includeDeleted bo
if err := s.GetReplica().SelectOne(&channel, query, map[string]interface{}{"TeamId": teamId, "Name": name}); err != nil {
if err == sql.ErrNoRows {
return nil, model.NewAppError("SqlChannelStore.GetByName", store.MISSING_CHANNEL_ERROR, nil, "teamId="+teamId+", "+"name="+name+", "+err.Error(), http.StatusNotFound)
return nil, model.NewAppError("SqlChannelStore.GetByName", store.MISSING_CHANNEL_ERROR, nil, "teamId="+teamId+", "+"name="+name+"", http.StatusNotFound)
}
return nil, model.NewAppError("SqlChannelStore.GetByName", "store.sql_channel.get_by_name.existing.app_error", nil, "teamId="+teamId+", "+"name="+name+", "+err.Error(), http.StatusInternalServerError)
}