mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
PLT-6139 (Server): Private Channel member managing (#5941)
Adds an EE policy feature to allow restricting system-wide which level of Admins can manage the membership of private channels.
This commit is contained in:
George Goldberg
committed by
Harrison Healey
Harrison Healey
parent
232a99f0c7
commit
e49f5928c5
@@ -1532,9 +1532,10 @@ func TestGetChannelStats(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAddChannelMember(t *testing.T) {
|
||||
th := Setup().InitBasic()
|
||||
th := Setup().InitBasic().InitSystemAdmin()
|
||||
Client := th.BasicClient
|
||||
team := th.BasicTeam
|
||||
user1 := th.BasicUser
|
||||
user2 := th.BasicUser2
|
||||
user3 := th.CreateUser(Client)
|
||||
|
||||
@@ -1581,12 +1582,118 @@ func TestAddChannelMember(t *testing.T) {
|
||||
if _, err := Client.AddChannelMember(channel1.Id, user3.Id); err == nil {
|
||||
t.Fatal("Should have errored, user not on team")
|
||||
}
|
||||
|
||||
// Test policy does not apply to TE.
|
||||
restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers
|
||||
defer func() {
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = restrictPrivateChannel
|
||||
}()
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel3 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel3 = Client.Must(th.SystemAdminClient.CreateChannel(channel3)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel3.Id, user1.Id))
|
||||
if _, err := Client.AddChannelMember(channel3.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Add a license
|
||||
isLicensed := utils.IsLicensed
|
||||
license := utils.License
|
||||
defer func() {
|
||||
utils.IsLicensed = isLicensed
|
||||
utils.License = license
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
}()
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
// Check that a regular channel user can add other users.
|
||||
channel4 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel4 = Client.Must(th.SystemAdminClient.CreateChannel(channel4)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel4.Id, user1.Id))
|
||||
if _, err := Client.AddChannelMember(channel4.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test with CHANNEL_ADMIN level permission.
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel5 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel5 = Client.Must(th.SystemAdminClient.CreateChannel(channel5)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel5.Id, user1.Id))
|
||||
if _, err := Client.AddChannelMember(channel5.Id, user2.Id); err == nil {
|
||||
t.Fatal("Should have failed due to permissions")
|
||||
}
|
||||
|
||||
MakeUserChannelAdmin(user1, channel5)
|
||||
app.InvalidateAllCaches()
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
if _, err := Client.AddChannelMember(channel5.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test with TEAM_ADMIN level permission.
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel6 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel6 = Client.Must(th.SystemAdminClient.CreateChannel(channel6)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel6.Id, user1.Id))
|
||||
if _, err := Client.AddChannelMember(channel6.Id, user2.Id); err == nil {
|
||||
t.Fatal("Should have failed due to permissions")
|
||||
}
|
||||
|
||||
UpdateUserToTeamAdmin(user1, team)
|
||||
app.InvalidateAllCaches()
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
if _, err := Client.AddChannelMember(channel6.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test with SYSTEM_ADMIN level permission.
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel7 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel7 = Client.Must(th.SystemAdminClient.CreateChannel(channel7)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel7.Id, user1.Id))
|
||||
if _, err := Client.AddChannelMember(channel7.Id, user2.Id); err == nil {
|
||||
t.Fatal("Should have failed due to permissions")
|
||||
}
|
||||
|
||||
if _, err := th.SystemAdminClient.AddChannelMember(channel7.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRemoveChannelMember(t *testing.T) {
|
||||
th := Setup().InitBasic()
|
||||
th := Setup().InitBasic().InitSystemAdmin()
|
||||
Client := th.BasicClient
|
||||
team := th.BasicTeam
|
||||
user1 := th.BasicUser
|
||||
user2 := th.BasicUser2
|
||||
UpdateUserToTeamAdmin(user2, team)
|
||||
|
||||
@@ -1646,6 +1753,117 @@ func TestRemoveChannelMember(t *testing.T) {
|
||||
if _, err := Client.RemoveChannelMember(townSquare.Id, userStd.Id); err == nil {
|
||||
t.Fatal("should have errored, channel is default")
|
||||
}
|
||||
|
||||
th.LoginBasic()
|
||||
|
||||
// Test policy does not apply to TE.
|
||||
restrictPrivateChannel := *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers
|
||||
defer func() {
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = restrictPrivateChannel
|
||||
}()
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel3 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel3 = Client.Must(th.SystemAdminClient.CreateChannel(channel3)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel3.Id, user1.Id))
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel3.Id, user2.Id))
|
||||
if _, err := Client.RemoveChannelMember(channel3.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Add a license
|
||||
isLicensed := utils.IsLicensed
|
||||
license := utils.License
|
||||
defer func() {
|
||||
utils.IsLicensed = isLicensed
|
||||
utils.License = license
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
}()
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_ALL
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
// Check that a regular channel user can remove other users.
|
||||
channel4 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel4 = Client.Must(th.SystemAdminClient.CreateChannel(channel4)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel4.Id, user1.Id))
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel4.Id, user2.Id))
|
||||
if _, err := Client.RemoveChannelMember(channel4.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test with CHANNEL_ADMIN level permission.
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_CHANNEL_ADMIN
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel5 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel5 = Client.Must(th.SystemAdminClient.CreateChannel(channel5)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel5.Id, user1.Id))
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel5.Id, user2.Id))
|
||||
if _, err := Client.RemoveChannelMember(channel5.Id, user2.Id); err == nil {
|
||||
t.Fatal("Should have failed due to permissions")
|
||||
}
|
||||
|
||||
MakeUserChannelAdmin(user1, channel5)
|
||||
app.InvalidateAllCaches()
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
|
||||
if _, err := Client.RemoveChannelMember(channel5.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test with TEAM_ADMIN level permission.
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_TEAM_ADMIN
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel6 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel6 = Client.Must(th.SystemAdminClient.CreateChannel(channel6)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel6.Id, user1.Id))
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel6.Id, user2.Id))
|
||||
if _, err := Client.RemoveChannelMember(channel6.Id, user2.Id); err == nil {
|
||||
t.Fatal("Should have failed due to permissions")
|
||||
}
|
||||
|
||||
UpdateUserToTeamAdmin(user1, team)
|
||||
app.InvalidateAllCaches()
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
if _, err := Client.RemoveChannelMember(channel6.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test with SYSTEM_ADMIN level permission.
|
||||
*utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers = model.PERMISSIONS_SYSTEM_ADMIN
|
||||
utils.IsLicensed = true
|
||||
utils.License = &model.License{Features: &model.Features{}}
|
||||
utils.License.Features.SetDefaults()
|
||||
utils.SetDefaultRolesBasedOnConfig()
|
||||
|
||||
channel7 := &model.Channel{DisplayName: "A Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
|
||||
channel7 = Client.Must(th.SystemAdminClient.CreateChannel(channel7)).Data.(*model.Channel)
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel7.Id, user1.Id))
|
||||
Client.Must(th.SystemAdminClient.AddChannelMember(channel7.Id, user2.Id))
|
||||
if _, err := Client.RemoveChannelMember(channel7.Id, user2.Id); err == nil {
|
||||
t.Fatal("Should have failed due to permissions")
|
||||
}
|
||||
|
||||
if _, err := th.SystemAdminClient.RemoveChannelMember(channel7.Id, user2.Id); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdateNotifyProps(t *testing.T) {
|
||||
|
||||
Reference in New Issue
Block a user