mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
MM-53687: Block changes to name, display name or purpose for direct and group messages (#24199)
* block changes to name, display name or purpose for direct and group messages * add test * fix condition * update patch_channel * update error message * fix message * fix lint * fix i18n ```release-note NONE ``` --------- Co-authored-by: Agniva De Sarker <agnivade@yahoo.co.in> Co-authored-by: Mattermost Build <build@mattermost.com>
This commit is contained in:
KyeongSoo Kim
GitHub
parent
947f71ae74
commit
de000e888d
@ -170,6 +170,10 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
if (channel.Name != "" && channel.Name != oldChannel.Name) || (channel.DisplayName != "" && channel.DisplayName != oldChannel.DisplayName) || (channel.Purpose != oldChannel.Purpose) {
|
||||
c.Err = model.NewAppError("updateChannel", "api.channel.update_channel.update_direct_or_group_messages_not_allowed.app_error", nil, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
default:
|
||||
c.Err = model.NewAppError("updateChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
|
||||
@ -342,6 +346,10 @@ func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
||||
c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
if (patch.Name != nil && *patch.Name != oldChannel.Name) || (patch.DisplayName != nil && *patch.DisplayName != oldChannel.DisplayName) || (patch.Purpose != nil && *patch.Purpose != oldChannel.Purpose) {
|
||||
c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.update_direct_or_group_messages_not_allowed.app_error", nil, "", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
default:
|
||||
c.Err = model.NewAppError("patchChannel", "api.channel.patch_update_channel.forbidden.app_error", nil, "", http.StatusForbidden)
|
||||
|
||||
@ -259,6 +259,58 @@ func TestUpdateChannel(t *testing.T) {
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
})
|
||||
t.Run("Should block changes to name, display name or purpose for group messages", func(t *testing.T) {
|
||||
user1 := th.CreateUser()
|
||||
user2 := th.CreateUser()
|
||||
user3 := th.CreateUser()
|
||||
|
||||
client.Logout(context.Background())
|
||||
client.Login(context.Background(), user1.Email, user1.Password)
|
||||
|
||||
groupChannel, _, err := client.CreateGroupChannel(context.Background(), []string{user1.Id, user2.Id, user3.Id})
|
||||
require.NoError(t, err)
|
||||
|
||||
updatedChannel := &model.Channel{Id: groupChannel.Id, Name: "test name"}
|
||||
_, resp, err := client.UpdateChannel(context.Background(), updatedChannel)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
updatedChannel2 := &model.Channel{Id: groupChannel.Id, DisplayName: "test display name"}
|
||||
_, resp, err = client.UpdateChannel(context.Background(), updatedChannel2)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
updatedChannel3 := &model.Channel{Id: groupChannel.Id, Purpose: "test purpose"}
|
||||
_, resp, err = client.UpdateChannel(context.Background(), updatedChannel3)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
})
|
||||
|
||||
t.Run("Should block changes to name, display name or purpose for direct messages", func(t *testing.T) {
|
||||
user1 := th.CreateUser()
|
||||
user2 := th.CreateUser()
|
||||
|
||||
client.Logout(context.Background())
|
||||
client.Login(context.Background(), user1.Email, user1.Password)
|
||||
|
||||
directChannel, _, err := client.CreateDirectChannel(context.Background(), user1.Id, user2.Id)
|
||||
require.NoError(t, err)
|
||||
|
||||
updatedChannel := &model.Channel{Id: directChannel.Id, Name: "test name"}
|
||||
_, resp, err := client.UpdateChannel(context.Background(), updatedChannel)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
updatedChannel2 := &model.Channel{Id: directChannel.Id, DisplayName: "test display name"}
|
||||
_, resp, err = client.UpdateChannel(context.Background(), updatedChannel2)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
updatedChannel3 := &model.Channel{Id: directChannel.Id, Purpose: "test purpose"}
|
||||
_, resp, err = client.UpdateChannel(context.Background(), updatedChannel3)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
})
|
||||
}
|
||||
|
||||
func TestPatchChannel(t *testing.T) {
|
||||
@ -365,6 +417,77 @@ func TestPatchChannel(t *testing.T) {
|
||||
_, resp, err = client.PatchChannel(context.Background(), directChannel.Id, channelPatch)
|
||||
require.Error(t, err)
|
||||
CheckForbiddenStatus(t, resp)
|
||||
|
||||
t.Run("Should block changes to name, display name or purpose for group messages", func(t *testing.T) {
|
||||
user1 := th.CreateUser()
|
||||
user2 := th.CreateUser()
|
||||
user3 := th.CreateUser()
|
||||
|
||||
client.Logout(context.Background())
|
||||
client.Login(context.Background(), user1.Email, user1.Password)
|
||||
|
||||
groupChannel, _, err := client.CreateGroupChannel(context.Background(), []string{user1.Id, user2.Id, user3.Id})
|
||||
require.NoError(t, err)
|
||||
|
||||
groupChannelPatch := &model.ChannelPatch{
|
||||
Name: new(string),
|
||||
}
|
||||
*groupChannelPatch.Name = "testing"
|
||||
_, resp, err := client.PatchChannel(context.Background(), groupChannel.Id, groupChannelPatch)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
groupChannelPatch2 := &model.ChannelPatch{
|
||||
DisplayName: new(string),
|
||||
}
|
||||
*groupChannelPatch2.DisplayName = "test display name"
|
||||
_, resp, err = client.PatchChannel(context.Background(), groupChannel.Id, groupChannelPatch2)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
groupChannelPatch3 := &model.ChannelPatch{
|
||||
Purpose: new(string),
|
||||
}
|
||||
*groupChannelPatch3.Purpose = "test purpose"
|
||||
_, resp, err = client.PatchChannel(context.Background(), groupChannel.Id, groupChannelPatch3)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
})
|
||||
|
||||
t.Run("Should block changes to name, display name or purpose for direct messages", func(t *testing.T) {
|
||||
user1 := th.CreateUser()
|
||||
user2 := th.CreateUser()
|
||||
|
||||
client.Logout(context.Background())
|
||||
client.Login(context.Background(), user1.Email, user1.Password)
|
||||
|
||||
directChannel, _, err := client.CreateDirectChannel(context.Background(), user1.Id, user2.Id)
|
||||
require.NoError(t, err)
|
||||
|
||||
directChannelPatch := &model.ChannelPatch{
|
||||
Name: new(string),
|
||||
}
|
||||
*directChannelPatch.Name = "test"
|
||||
_, resp, err := client.PatchChannel(context.Background(), directChannel.Id, directChannelPatch)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
directChannelPatch2 := &model.ChannelPatch{
|
||||
DisplayName: new(string),
|
||||
}
|
||||
*directChannelPatch2.DisplayName = "test display name"
|
||||
_, resp, err = client.PatchChannel(context.Background(), directChannel.Id, directChannelPatch2)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
|
||||
directChannelPatch3 := &model.ChannelPatch{
|
||||
Purpose: new(string),
|
||||
}
|
||||
*directChannelPatch3.Purpose = "test purpose"
|
||||
_, resp, err = client.PatchChannel(context.Background(), directChannel.Id, directChannelPatch3)
|
||||
require.Error(t, err)
|
||||
CheckBadRequestStatus(t, resp)
|
||||
})
|
||||
}
|
||||
|
||||
func TestChannelUnicodeNames(t *testing.T) {
|
||||
|
||||
@ -339,6 +339,10 @@
|
||||
"id": "api.channel.patch_update_channel.forbidden.app_error",
|
||||
"translation": "Failed to update the channel."
|
||||
},
|
||||
{
|
||||
"id": "api.channel.patch_update_channel.update_direct_or_group_messages_not_allowed.app_error",
|
||||
"translation": "You are not allowed to update the name, display_name, and purpose of direct or group messages."
|
||||
},
|
||||
{
|
||||
"id": "api.channel.post_channel_privacy_message.error",
|
||||
"translation": "Failed to post channel privacy update message."
|
||||
@ -431,6 +435,10 @@
|
||||
"id": "api.channel.update_channel.typechange.app_error",
|
||||
"translation": "Channel type cannot be updated."
|
||||
},
|
||||
{
|
||||
"id": "api.channel.update_channel.update_direct_or_group_messages_not_allowed.app_error",
|
||||
"translation": "You are not allowed to update the name, display_name, and purpose of direct or group messages."
|
||||
},
|
||||
{
|
||||
"id": "api.channel.update_channel_member_roles.changing_guest_role.app_error",
|
||||
"translation": "Invalid channel member update: You can't add or remove the guest role manually."
|
||||
|
||||
Loading…
Reference in New Issue
Block a user