mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
Fix 55496 (#25585)
This commit is contained in:
Daniel Espino García
GitHub
parent
a7f8347f01
commit
f6d41bcf5b
@ -760,6 +760,17 @@ func (a *App) UpdatePost(c request.CTX, receivedUpdatedPost *model.Post, safeUpd
|
|||||||
|
|
||||||
a.invalidateCacheForChannelPosts(rpost.ChannelId)
|
a.invalidateCacheForChannelPosts(rpost.ChannelId)
|
||||||
|
|
||||||
|
userID := c.Session().UserId
|
||||||
|
sanitizedPost, err := a.SanitizePostMetadataForUser(c, rpost, userID)
|
||||||
|
if err != nil {
|
||||||
|
mlog.Error("Failed to sanitize post metadata for user", mlog.String("user_id", userID), mlog.Err(err))
|
||||||
|
|
||||||
|
// If we failed to sanitize the post, we still want to remove the metadata.
|
||||||
|
sanitizedPost = rpost.Clone()
|
||||||
|
sanitizedPost.Metadata = nil
|
||||||
|
}
|
||||||
|
rpost = sanitizedPost
|
||||||
|
|
||||||
return rpost, nil
|
return rpost, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1449,6 +1449,70 @@ func TestUpdatePost(t *testing.T) {
|
|||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
assert.Equal(t, testPost.GetProps(), model.StringInterface{"previewed_post": referencedPost.Id})
|
assert.Equal(t, testPost.GetProps(), model.StringInterface{"previewed_post": referencedPost.Id})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("sanitizes post metadata appropriately", func(t *testing.T) {
|
||||||
|
th := Setup(t).InitBasic()
|
||||||
|
defer th.TearDown()
|
||||||
|
|
||||||
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
||||||
|
*cfg.ServiceSettings.SiteURL = "http://mymattermost.com"
|
||||||
|
})
|
||||||
|
|
||||||
|
th.AddUserToChannel(th.BasicUser, th.BasicChannel)
|
||||||
|
|
||||||
|
user1 := th.CreateUser()
|
||||||
|
user2 := th.CreateUser()
|
||||||
|
directChannel, err := th.App.createDirectChannel(th.Context, user1.Id, user2.Id)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
th.Context.Session().UserId = th.BasicUser.Id
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
Description string
|
||||||
|
Channel *model.Channel
|
||||||
|
Author string
|
||||||
|
Length int
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
Description: "removes metadata from post for members who cannot read channel",
|
||||||
|
Channel: directChannel,
|
||||||
|
Author: user1.Id,
|
||||||
|
Length: 0,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Description: "does not remove metadata from post for members who can read channel",
|
||||||
|
Channel: th.BasicChannel,
|
||||||
|
Author: th.BasicUser.Id,
|
||||||
|
Length: 1,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, testCase := range testCases {
|
||||||
|
t.Run(testCase.Description, func(t *testing.T) {
|
||||||
|
referencedPost := &model.Post{
|
||||||
|
ChannelId: testCase.Channel.Id,
|
||||||
|
Message: "hello world",
|
||||||
|
UserId: testCase.Author,
|
||||||
|
}
|
||||||
|
_, err = th.App.CreatePost(th.Context, referencedPost, testCase.Channel, false, false)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
previewPost := &model.Post{
|
||||||
|
ChannelId: th.BasicChannel.Id,
|
||||||
|
UserId: th.BasicUser.Id,
|
||||||
|
}
|
||||||
|
previewPost, err = th.App.CreatePost(th.Context, previewPost, th.BasicChannel, false, false)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
permalink := fmt.Sprintf("%s/%s/pl/%s", *th.App.Config().ServiceSettings.SiteURL, th.BasicTeam.Name, referencedPost.Id)
|
||||||
|
previewPost.Message = permalink
|
||||||
|
previewPost, err = th.App.UpdatePost(th.Context, previewPost, false)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
require.Len(t, previewPost.Metadata.Embeds, testCase.Length)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSearchPostsForUser(t *testing.T) {
|
func TestSearchPostsForUser(t *testing.T) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user