mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
MM-12110: Don't /invite or /kick deactivated users. (#9494)
This commit is contained in:
George Goldberg
GitHub
@@ -49,15 +49,21 @@ func (me *InviteProvider) DoCommand(a *App, args *model.CommandArgs, message str
|
||||
targetUsername := splitMessage[0]
|
||||
targetUsername = strings.TrimPrefix(targetUsername, "@")
|
||||
|
||||
var userProfile *model.User
|
||||
if result := <-a.Srv.Store.User().GetByUsername(targetUsername); result.Err != nil {
|
||||
result := <-a.Srv.Store.User().GetByUsername(targetUsername)
|
||||
if result.Err != nil {
|
||||
mlog.Error(result.Err.Error())
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_invite.missing_user.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
} else {
|
||||
userProfile = result.Data.(*model.User)
|
||||
}
|
||||
|
||||
userProfile := result.Data.(*model.User)
|
||||
if userProfile.DeleteAt != 0 {
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_invite.missing_user.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
var channelToJoin *model.Channel
|
||||
|
||||
@@ -23,6 +23,8 @@ func TestInviteProvider(t *testing.T) {
|
||||
basicUser3 := th.CreateUser()
|
||||
th.LinkUserToTeam(basicUser3, th.BasicTeam)
|
||||
basicUser4 := th.CreateUser()
|
||||
deactivatedUser := th.CreateUser()
|
||||
th.App.UpdateActive(deactivatedUser, false)
|
||||
|
||||
InviteP := InviteProvider{}
|
||||
args := &model.CommandArgs{
|
||||
@@ -38,6 +40,7 @@ func TestInviteProvider(t *testing.T) {
|
||||
userAndPrivateChannel := "@" + th.BasicUser2.Username + " ~" + privateChannel.Name
|
||||
userAndDMChannel := "@" + basicUser3.Username + " ~" + dmChannel.Name
|
||||
userAndInvalidPrivate := "@" + basicUser3.Username + " ~" + privateChannel2.Name
|
||||
deactivatedUserPublicChannel := "@" + deactivatedUser.Username + " ~" + channel.Name
|
||||
|
||||
tests := []struct {
|
||||
desc string
|
||||
@@ -99,6 +102,11 @@ func TestInviteProvider(t *testing.T) {
|
||||
expected: "api.command_invite.private_channel.app_error",
|
||||
msg: userAndInvalidPrivate,
|
||||
},
|
||||
{
|
||||
desc: "try to add a deleted user to a public channel",
|
||||
expected: "api.command_invite.missing_user.app_error",
|
||||
msg: deactivatedUserPublicChannel,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
|
||||
@@ -67,24 +67,39 @@ func (me *KickProvider) DoCommand(a *App, args *model.CommandArgs, message strin
|
||||
func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandResponse {
|
||||
channel, err := a.GetChannel(args.ChannelId)
|
||||
if err != nil {
|
||||
return &model.CommandResponse{Text: args.T("api.command_channel_rename.channel.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_channel_remove.channel.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
switch channel.Type {
|
||||
case model.CHANNEL_OPEN:
|
||||
if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) {
|
||||
return &model.CommandResponse{Text: args.T("api.command_remove.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.permission.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
case model.CHANNEL_PRIVATE:
|
||||
if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
|
||||
return &model.CommandResponse{Text: args.T("api.command_remove.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.permission.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
default:
|
||||
return &model.CommandResponse{Text: args.T("api.command_remove.direct_group.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.direct_group.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
if len(message) == 0 {
|
||||
return &model.CommandResponse{Text: args.T("api.command_remove.message.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.message.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
targetUsername := ""
|
||||
@@ -92,22 +107,40 @@ func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandRe
|
||||
targetUsername = strings.SplitN(message, " ", 2)[0]
|
||||
targetUsername = strings.TrimPrefix(targetUsername, "@")
|
||||
|
||||
var userProfile *model.User
|
||||
if result := <-a.Srv.Store.User().GetByUsername(targetUsername); result.Err != nil {
|
||||
result := <-a.Srv.Store.User().GetByUsername(targetUsername)
|
||||
if result.Err != nil {
|
||||
mlog.Error(result.Err.Error())
|
||||
return &model.CommandResponse{Text: args.T("api.command_remove.missing.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
} else {
|
||||
userProfile = result.Data.(*model.User)
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.missing.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
userProfile := result.Data.(*model.User)
|
||||
if userProfile.DeleteAt != 0 {
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.missing.app_error"),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
_, err = a.GetChannelMember(args.ChannelId, userProfile.Id)
|
||||
if err != nil {
|
||||
nameFormat := *a.Config().TeamSettings.TeammateNameDisplay
|
||||
return &model.CommandResponse{Text: args.T("api.command_remove.user_not_in_channel", map[string]interface{}{"Username": userProfile.GetDisplayName(nameFormat)}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T("api.command_remove.user_not_in_channel", map[string]interface{}{
|
||||
"Username": userProfile.GetDisplayName(nameFormat),
|
||||
}),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
if err = a.RemoveUserFromChannel(userProfile.Id, args.UserId, channel); err != nil {
|
||||
return &model.CommandResponse{Text: args.T(err.Id, map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
|
||||
return &model.CommandResponse{
|
||||
Text: args.T(err.Id, map[string]interface{}{
|
||||
"Channel": model.DEFAULT_CHANNEL,
|
||||
}),
|
||||
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
|
||||
}
|
||||
}
|
||||
|
||||
return &model.CommandResponse{}
|
||||
|
||||
@@ -106,4 +106,19 @@ func TestRemoveProviderDoCommand(t *testing.T) {
|
||||
|
||||
actual = rp.DoCommand(th.App, args, user1.Username).Text
|
||||
assert.Equal(t, "api.command_remove.direct_group.app_error", actual)
|
||||
|
||||
// Try a public channel with a deactivated user.
|
||||
deactivatedUser := th.CreateUser()
|
||||
th.App.AddUserToTeam(th.BasicTeam.Id, deactivatedUser.Id, deactivatedUser.Id)
|
||||
th.App.AddUserToChannel(deactivatedUser, publicChannel)
|
||||
th.App.UpdateActive(deactivatedUser, false)
|
||||
|
||||
args = &model.CommandArgs{
|
||||
T: func(s string, args ...interface{}) string { return s },
|
||||
ChannelId: publicChannel.Id,
|
||||
Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: ""}}},
|
||||
}
|
||||
|
||||
actual = rp.DoCommand(th.App, args, deactivatedUser.Username).Text
|
||||
assert.Equal(t, "api.command_remove.missing.app_error", actual)
|
||||
}
|
||||
|
||||
@@ -411,6 +411,10 @@
|
||||
"id": "api.command_channel_purpose.update_channel.app_error",
|
||||
"translation": "Error to update the current channel."
|
||||
},
|
||||
{
|
||||
"id": "api.command_channel_remove.channel.app_error",
|
||||
"translation": "Error retrieving the current channel."
|
||||
},
|
||||
{
|
||||
"id": "api.command_channel_rename.channel.app_error",
|
||||
"translation": "Error to retrieve the current channel."
|
||||
@@ -616,7 +620,7 @@
|
||||
},
|
||||
{
|
||||
"id": "api.command_invite.missing_user.app_error",
|
||||
"translation": "Unable to find the user."
|
||||
"translation": "We couldn't find the user. They may have been deactivated by the System Administrator."
|
||||
},
|
||||
{
|
||||
"id": "api.command_invite.name",
|
||||
@@ -824,7 +828,7 @@
|
||||
},
|
||||
{
|
||||
"id": "api.command_remove.missing.app_error",
|
||||
"translation": "Unable to find the user"
|
||||
"translation": "We couldn't find the user. They may have been deactivated by the System Administrator."
|
||||
},
|
||||
{
|
||||
"id": "api.command_remove.name",
|
||||
|
||||
Reference in New Issue
Block a user