MM-24694: Add getGroupsByUserId to API layer (#14443)

* add getGroupsByUserId to API layer * update for lint errors * add check for contextId = userId or ManageSystem Permission Co-authored-by: mattermod <mattermod@users.noreply.github.com>
2025-02-25 18:55:24 -06:00 · 2020-05-07 13:35:56 -06:00
parent 882b0324b5
commit bdd0e9febb
3 changed files with 113 additions and 0 deletions
--- a/api4/group.go
+++ b/api4/group.go
@@ -55,6 +55,10 @@ func (api *API) InitGroup() {
 	api.BaseRoutes.Groups.Handle("/{group_id:[A-Za-z0-9]+}/members",
 		api.ApiSessionRequired(getGroupMembers)).Methods("GET")

+	// GET /api/v4/users/:user_id/groups?page=0&per_page=100
+	api.BaseRoutes.Users.Handle("/{user_id:[A-Za-z0-9]+}/groups",
+		api.ApiSessionRequired(getGroupsByUserId)).Methods("GET")
+
 	// GET /api/v4/channels/:channel_id/groups?page=0&per_page=100
 	api.BaseRoutes.Channels.Handle("/{channel_id:[A-Za-z0-9]+}/groups",
 		api.ApiSessionRequired(getGroupsByChannel)).Methods("GET")
@@ -505,6 +509,37 @@ func getGroupMembers(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write(b)
 }

+func getGroupsByUserId(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	if c.App.Session().UserId != c.Params.UserId && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	if c.App.License() == nil || !*c.App.License().Features.LDAPGroups {
+		c.Err = model.NewAppError("Api4.getGroupsByUserId", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
+		return
+	}
+
+	groups, err := c.App.GetGroupsByUserId(c.Params.UserId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	b, marshalErr := json.Marshal(groups)
+	if marshalErr != nil {
+		c.Err = model.NewAppError("Api4.getGroupsByUserId", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Write(b)
+}
+
 func getGroupsByChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequireChannelId()
 	if c.Err != nil {
--- a/api4/group_test.go
+++ b/api4/group_test.go
@@ -912,3 +912,65 @@ func TestGetGroups(t *testing.T) {
 	_, response = th.Client.GetGroups(opts)
 	assert.Nil(t, response.Error)
 }
+
+func TestGetGroupsByUserId(t *testing.T) {
+	th := Setup(t).InitBasic()
+	defer th.TearDown()
+
+	id := model.NewId()
+	group1, err := th.App.CreateGroup(&model.Group{
+		DisplayName: "dn-foo_" + id,
+		Name:        "name" + id,
+		Source:      model.GroupSourceLdap,
+		Description: "description_" + id,
+		RemoteId:    model.NewId(),
+	})
+	assert.Nil(t, err)
+
+	user1, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user1", Password: "test-password-1", Username: "test-user-1", Roles: model.SYSTEM_USER_ROLE_ID})
+	assert.Nil(t, err)
+	user1.Password = "test-password-1"
+	_, err = th.App.UpsertGroupMember(group1.Id, user1.Id)
+	assert.Nil(t, err)
+
+	id = model.NewId()
+	group2, err := th.App.CreateGroup(&model.Group{
+		DisplayName: "dn-foo_" + id,
+		Name:        "name" + id,
+		Source:      model.GroupSourceLdap,
+		Description: "description_" + id,
+		RemoteId:    model.NewId(),
+	})
+	assert.Nil(t, err)
+
+	_, err = th.App.UpsertGroupMember(group2.Id, user1.Id)
+	assert.Nil(t, err)
+
+	th.App.SetLicense(nil)
+	_, response := th.SystemAdminClient.GetGroupsByUserId(user1.Id)
+	CheckNotImplementedStatus(t, response)
+
+	th.App.SetLicense(model.NewTestLicense("ldap"))
+	_, response = th.SystemAdminClient.GetGroupsByUserId("")
+	CheckBadRequestStatus(t, response)
+
+	_, response = th.SystemAdminClient.GetGroupsByUserId("notvaliduserid")
+	CheckBadRequestStatus(t, response)
+
+	groups, response := th.SystemAdminClient.GetGroupsByUserId(user1.Id)
+	require.Nil(t, response.Error)
+	assert.ElementsMatch(t, []*model.Group{group1, group2}, groups)
+
+	// test permissions
+	th.Client.Logout()
+	th.Client.Login(th.BasicUser.Email, th.BasicUser.Password)
+	_, response = th.Client.GetGroupsByUserId(user1.Id)
+	CheckForbiddenStatus(t, response)
+
+	th.Client.Logout()
+	th.Client.Login(user1.Email, user1.Password)
+	groups, response = th.Client.GetGroupsByUserId(user1.Id)
+	require.Nil(t, response.Error)
+	assert.ElementsMatch(t, []*model.Group{group1, group2}, groups)
+
+}