mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
516a097e1a
* MM-10757: Default roles from scheme should be keyed by name not ID. * Update permissions import/export.
738 lines
22 KiB
Go
738 lines
22 KiB
Go
// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/mattermost/mattermost-server/model"
|
|
)
|
|
|
|
func TestCreateScheme(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
// Basic test of creating a team scheme.
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
|
|
s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
assert.Equal(t, s1.DisplayName, scheme1.DisplayName)
|
|
assert.Equal(t, s1.Name, scheme1.Name)
|
|
assert.Equal(t, s1.Description, scheme1.Description)
|
|
assert.NotZero(t, s1.CreateAt)
|
|
assert.Equal(t, s1.CreateAt, s1.UpdateAt)
|
|
assert.Zero(t, s1.DeleteAt)
|
|
assert.Equal(t, s1.Scope, scheme1.Scope)
|
|
assert.NotZero(t, len(s1.DefaultTeamAdminRole))
|
|
assert.NotZero(t, len(s1.DefaultTeamUserRole))
|
|
assert.NotZero(t, len(s1.DefaultChannelAdminRole))
|
|
assert.NotZero(t, len(s1.DefaultChannelUserRole))
|
|
|
|
// Check the default roles have been created.
|
|
_, roleRes1 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole)
|
|
CheckNoError(t, roleRes1)
|
|
_, roleRes2 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole)
|
|
CheckNoError(t, roleRes2)
|
|
_, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
|
|
CheckNoError(t, roleRes3)
|
|
_, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
|
|
CheckNoError(t, roleRes4)
|
|
|
|
// Basic Test of a Channel scheme.
|
|
scheme2 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_CHANNEL,
|
|
}
|
|
|
|
s2, r2 := th.SystemAdminClient.CreateScheme(scheme2)
|
|
CheckNoError(t, r2)
|
|
|
|
assert.Equal(t, s2.DisplayName, scheme2.DisplayName)
|
|
assert.Equal(t, s2.Name, scheme2.Name)
|
|
assert.Equal(t, s2.Description, scheme2.Description)
|
|
assert.NotZero(t, s2.CreateAt)
|
|
assert.Equal(t, s2.CreateAt, s2.UpdateAt)
|
|
assert.Zero(t, s2.DeleteAt)
|
|
assert.Equal(t, s2.Scope, scheme2.Scope)
|
|
assert.Zero(t, len(s2.DefaultTeamAdminRole))
|
|
assert.Zero(t, len(s2.DefaultTeamUserRole))
|
|
assert.NotZero(t, len(s2.DefaultChannelAdminRole))
|
|
assert.NotZero(t, len(s2.DefaultChannelUserRole))
|
|
|
|
// Check the default roles have been created.
|
|
_, roleRes5 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelAdminRole)
|
|
CheckNoError(t, roleRes5)
|
|
_, roleRes6 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelUserRole)
|
|
CheckNoError(t, roleRes6)
|
|
|
|
// Try and create a scheme with an invalid scope.
|
|
scheme3 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.NewId(),
|
|
}
|
|
|
|
_, r3 := th.SystemAdminClient.CreateScheme(scheme3)
|
|
CheckBadRequestStatus(t, r3)
|
|
|
|
// Try and create a scheme with an invalid display name.
|
|
scheme4 := &model.Scheme{
|
|
DisplayName: strings.Repeat(model.NewId(), 100),
|
|
Name: "Name",
|
|
Description: model.NewId(),
|
|
Scope: model.NewId(),
|
|
}
|
|
_, r4 := th.SystemAdminClient.CreateScheme(scheme4)
|
|
CheckBadRequestStatus(t, r4)
|
|
|
|
// Try and create a scheme with an invalid name.
|
|
scheme8 := &model.Scheme{
|
|
DisplayName: "DisplayName",
|
|
Name: strings.Repeat(model.NewId(), 100),
|
|
Description: model.NewId(),
|
|
Scope: model.NewId(),
|
|
}
|
|
_, r8 := th.SystemAdminClient.CreateScheme(scheme8)
|
|
CheckBadRequestStatus(t, r8)
|
|
|
|
// Try and create a scheme without the appropriate permissions.
|
|
scheme5 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
_, r5 := th.Client.CreateScheme(scheme5)
|
|
CheckForbiddenStatus(t, r5)
|
|
|
|
// Try and create a scheme without a license.
|
|
th.App.SetLicense(nil)
|
|
scheme6 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
_, r6 := th.SystemAdminClient.CreateScheme(scheme6)
|
|
CheckNotImplementedStatus(t, r6)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
th.LoginSystemAdmin()
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
scheme7 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
_, r7 := th.SystemAdminClient.CreateScheme(scheme7)
|
|
CheckNotImplementedStatus(t, r7)
|
|
}
|
|
|
|
func TestGetScheme(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
// Basic test of creating a team scheme.
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
assert.Equal(t, s1.DisplayName, scheme1.DisplayName)
|
|
assert.Equal(t, s1.Name, scheme1.Name)
|
|
assert.Equal(t, s1.Description, scheme1.Description)
|
|
assert.NotZero(t, s1.CreateAt)
|
|
assert.Equal(t, s1.CreateAt, s1.UpdateAt)
|
|
assert.Zero(t, s1.DeleteAt)
|
|
assert.Equal(t, s1.Scope, scheme1.Scope)
|
|
assert.NotZero(t, len(s1.DefaultTeamAdminRole))
|
|
assert.NotZero(t, len(s1.DefaultTeamUserRole))
|
|
assert.NotZero(t, len(s1.DefaultChannelAdminRole))
|
|
assert.NotZero(t, len(s1.DefaultChannelUserRole))
|
|
|
|
s2, r2 := th.SystemAdminClient.GetScheme(s1.Id)
|
|
CheckNoError(t, r2)
|
|
|
|
assert.Equal(t, s1, s2)
|
|
|
|
_, r3 := th.SystemAdminClient.GetScheme(model.NewId())
|
|
CheckNotFoundStatus(t, r3)
|
|
|
|
_, r4 := th.SystemAdminClient.GetScheme("12345")
|
|
CheckBadRequestStatus(t, r4)
|
|
|
|
th.SystemAdminClient.Logout()
|
|
_, r5 := th.SystemAdminClient.GetScheme(s1.Id)
|
|
CheckUnauthorizedStatus(t, r5)
|
|
|
|
th.SystemAdminClient.Login(th.SystemAdminUser.Username, th.SystemAdminUser.Password)
|
|
th.App.SetLicense(nil)
|
|
_, r6 := th.SystemAdminClient.GetScheme(s1.Id)
|
|
CheckNoError(t, r6)
|
|
|
|
_, r7 := th.Client.GetScheme(s1.Id)
|
|
CheckForbiddenStatus(t, r7)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
_, r8 := th.SystemAdminClient.GetScheme(s1.Id)
|
|
CheckNotImplementedStatus(t, r8)
|
|
}
|
|
|
|
func TestGetSchemes(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
|
|
scheme2 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_CHANNEL,
|
|
}
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
_, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
_, r2 := th.SystemAdminClient.CreateScheme(scheme2)
|
|
CheckNoError(t, r2)
|
|
|
|
l3, r3 := th.SystemAdminClient.GetSchemes("", 0, 100)
|
|
CheckNoError(t, r3)
|
|
|
|
assert.NotZero(t, len(l3))
|
|
|
|
l4, r4 := th.SystemAdminClient.GetSchemes("team", 0, 100)
|
|
CheckNoError(t, r4)
|
|
|
|
for _, s := range l4 {
|
|
assert.Equal(t, "team", s.Scope)
|
|
}
|
|
|
|
l5, r5 := th.SystemAdminClient.GetSchemes("channel", 0, 100)
|
|
CheckNoError(t, r5)
|
|
|
|
for _, s := range l5 {
|
|
assert.Equal(t, "channel", s.Scope)
|
|
}
|
|
|
|
_, r6 := th.SystemAdminClient.GetSchemes("asdf", 0, 100)
|
|
CheckBadRequestStatus(t, r6)
|
|
|
|
th.Client.Logout()
|
|
_, r7 := th.Client.GetSchemes("", 0, 100)
|
|
CheckUnauthorizedStatus(t, r7)
|
|
|
|
th.Client.Login(th.BasicUser.Username, th.BasicUser.Password)
|
|
_, r8 := th.Client.GetSchemes("", 0, 100)
|
|
CheckForbiddenStatus(t, r8)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
_, r9 := th.SystemAdminClient.GetSchemes("", 0, 100)
|
|
CheckNotImplementedStatus(t, r9)
|
|
}
|
|
|
|
func TestGetTeamsForScheme(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
scheme1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
team1 := &model.Team{
|
|
Name: GenerateTestUsername(),
|
|
DisplayName: "A Test Team",
|
|
Type: model.TEAM_OPEN,
|
|
}
|
|
|
|
result1 := <-th.App.Srv.Store.Team().Save(team1)
|
|
assert.Nil(t, result1.Err)
|
|
team1 = result1.Data.(*model.Team)
|
|
|
|
l2, r2 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
|
|
CheckNoError(t, r2)
|
|
assert.Zero(t, len(l2))
|
|
|
|
team1.SchemeId = &scheme1.Id
|
|
result2 := <-th.App.Srv.Store.Team().Update(team1)
|
|
assert.Nil(t, result2.Err)
|
|
team1 = result2.Data.(*model.Team)
|
|
|
|
l3, r3 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
|
|
CheckNoError(t, r3)
|
|
assert.Len(t, l3, 1)
|
|
assert.Equal(t, team1.Id, l3[0].Id)
|
|
|
|
team2 := &model.Team{
|
|
Name: GenerateTestUsername(),
|
|
DisplayName: "B Test Team",
|
|
Type: model.TEAM_OPEN,
|
|
SchemeId: &scheme1.Id,
|
|
}
|
|
result3 := <-th.App.Srv.Store.Team().Save(team2)
|
|
assert.Nil(t, result3.Err)
|
|
team2 = result3.Data.(*model.Team)
|
|
|
|
l4, r4 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
|
|
CheckNoError(t, r4)
|
|
assert.Len(t, l4, 2)
|
|
assert.Equal(t, team1.Id, l4[0].Id)
|
|
assert.Equal(t, team2.Id, l4[1].Id)
|
|
|
|
l5, r5 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 1, 1)
|
|
CheckNoError(t, r5)
|
|
assert.Len(t, l5, 1)
|
|
assert.Equal(t, team2.Id, l5[0].Id)
|
|
|
|
// Check various error cases.
|
|
_, ri1 := th.SystemAdminClient.GetTeamsForScheme(model.NewId(), 0, 100)
|
|
CheckNotFoundStatus(t, ri1)
|
|
|
|
_, ri2 := th.SystemAdminClient.GetTeamsForScheme("", 0, 100)
|
|
CheckBadRequestStatus(t, ri2)
|
|
|
|
th.Client.Logout()
|
|
_, ri3 := th.Client.GetTeamsForScheme(model.NewId(), 0, 100)
|
|
CheckUnauthorizedStatus(t, ri3)
|
|
|
|
th.Client.Login(th.BasicUser.Username, th.BasicUser.Password)
|
|
_, ri4 := th.Client.GetTeamsForScheme(model.NewId(), 0, 100)
|
|
CheckForbiddenStatus(t, ri4)
|
|
|
|
scheme2 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_CHANNEL,
|
|
}
|
|
scheme2, rs2 := th.SystemAdminClient.CreateScheme(scheme2)
|
|
CheckNoError(t, rs2)
|
|
|
|
_, ri5 := th.SystemAdminClient.GetTeamsForScheme(scheme2.Id, 0, 100)
|
|
CheckBadRequestStatus(t, ri5)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
_, ri6 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
|
|
CheckNotImplementedStatus(t, ri6)
|
|
}
|
|
|
|
func TestGetChannelsForScheme(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_CHANNEL,
|
|
}
|
|
scheme1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
channel1 := &model.Channel{
|
|
TeamId: model.NewId(),
|
|
DisplayName: "A Name",
|
|
Name: model.NewId(),
|
|
Type: model.CHANNEL_OPEN,
|
|
}
|
|
|
|
result1 := <-th.App.Srv.Store.Channel().Save(channel1, 1000000)
|
|
assert.Nil(t, result1.Err)
|
|
channel1 = result1.Data.(*model.Channel)
|
|
|
|
l2, r2 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
|
|
CheckNoError(t, r2)
|
|
assert.Zero(t, len(l2))
|
|
|
|
channel1.SchemeId = &scheme1.Id
|
|
result2 := <-th.App.Srv.Store.Channel().Update(channel1)
|
|
assert.Nil(t, result2.Err)
|
|
channel1 = result2.Data.(*model.Channel)
|
|
|
|
l3, r3 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
|
|
CheckNoError(t, r3)
|
|
assert.Len(t, l3, 1)
|
|
assert.Equal(t, channel1.Id, l3[0].Id)
|
|
|
|
channel2 := &model.Channel{
|
|
TeamId: model.NewId(),
|
|
DisplayName: "B Name",
|
|
Name: model.NewId(),
|
|
Type: model.CHANNEL_OPEN,
|
|
SchemeId: &scheme1.Id,
|
|
}
|
|
result3 := <-th.App.Srv.Store.Channel().Save(channel2, 1000000)
|
|
assert.Nil(t, result3.Err)
|
|
channel2 = result3.Data.(*model.Channel)
|
|
|
|
l4, r4 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
|
|
CheckNoError(t, r4)
|
|
assert.Len(t, l4, 2)
|
|
assert.Equal(t, channel1.Id, l4[0].Id)
|
|
assert.Equal(t, channel2.Id, l4[1].Id)
|
|
|
|
l5, r5 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 1, 1)
|
|
CheckNoError(t, r5)
|
|
assert.Len(t, l5, 1)
|
|
assert.Equal(t, channel2.Id, l5[0].Id)
|
|
|
|
// Check various error cases.
|
|
_, ri1 := th.SystemAdminClient.GetChannelsForScheme(model.NewId(), 0, 100)
|
|
CheckNotFoundStatus(t, ri1)
|
|
|
|
_, ri2 := th.SystemAdminClient.GetChannelsForScheme("", 0, 100)
|
|
CheckBadRequestStatus(t, ri2)
|
|
|
|
th.Client.Logout()
|
|
_, ri3 := th.Client.GetChannelsForScheme(model.NewId(), 0, 100)
|
|
CheckUnauthorizedStatus(t, ri3)
|
|
|
|
th.Client.Login(th.BasicUser.Username, th.BasicUser.Password)
|
|
_, ri4 := th.Client.GetChannelsForScheme(model.NewId(), 0, 100)
|
|
CheckForbiddenStatus(t, ri4)
|
|
|
|
scheme2 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
scheme2, rs2 := th.SystemAdminClient.CreateScheme(scheme2)
|
|
CheckNoError(t, rs2)
|
|
|
|
_, ri5 := th.SystemAdminClient.GetChannelsForScheme(scheme2.Id, 0, 100)
|
|
CheckBadRequestStatus(t, ri5)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
_, ri6 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
|
|
CheckNotImplementedStatus(t, ri6)
|
|
}
|
|
|
|
func TestPatchScheme(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
// Basic test of creating a team scheme.
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
|
|
s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
assert.Equal(t, s1.DisplayName, scheme1.DisplayName)
|
|
assert.Equal(t, s1.Name, scheme1.Name)
|
|
assert.Equal(t, s1.Description, scheme1.Description)
|
|
assert.NotZero(t, s1.CreateAt)
|
|
assert.Equal(t, s1.CreateAt, s1.UpdateAt)
|
|
assert.Zero(t, s1.DeleteAt)
|
|
assert.Equal(t, s1.Scope, scheme1.Scope)
|
|
assert.NotZero(t, len(s1.DefaultTeamAdminRole))
|
|
assert.NotZero(t, len(s1.DefaultTeamUserRole))
|
|
assert.NotZero(t, len(s1.DefaultChannelAdminRole))
|
|
assert.NotZero(t, len(s1.DefaultChannelUserRole))
|
|
|
|
s2, r2 := th.SystemAdminClient.GetScheme(s1.Id)
|
|
CheckNoError(t, r2)
|
|
|
|
assert.Equal(t, s1, s2)
|
|
|
|
// Test with a valid patch.
|
|
schemePatch := &model.SchemePatch{
|
|
DisplayName: new(string),
|
|
Name: new(string),
|
|
Description: new(string),
|
|
}
|
|
*schemePatch.DisplayName = model.NewId()
|
|
*schemePatch.Name = model.NewId()
|
|
*schemePatch.Description = model.NewId()
|
|
|
|
s3, r3 := th.SystemAdminClient.PatchScheme(s2.Id, schemePatch)
|
|
CheckNoError(t, r3)
|
|
assert.Equal(t, s3.Id, s2.Id)
|
|
assert.Equal(t, s3.DisplayName, *schemePatch.DisplayName)
|
|
assert.Equal(t, s3.Name, *schemePatch.Name)
|
|
assert.Equal(t, s3.Description, *schemePatch.Description)
|
|
|
|
s4, r4 := th.SystemAdminClient.GetScheme(s3.Id)
|
|
CheckNoError(t, r4)
|
|
assert.Equal(t, s3, s4)
|
|
|
|
// Test with a partial patch.
|
|
*schemePatch.Name = model.NewId()
|
|
*schemePatch.DisplayName = model.NewId()
|
|
schemePatch.Description = nil
|
|
|
|
s5, r5 := th.SystemAdminClient.PatchScheme(s4.Id, schemePatch)
|
|
CheckNoError(t, r5)
|
|
assert.Equal(t, s5.Id, s4.Id)
|
|
assert.Equal(t, s5.DisplayName, *schemePatch.DisplayName)
|
|
assert.Equal(t, s5.Name, *schemePatch.Name)
|
|
assert.Equal(t, s5.Description, s4.Description)
|
|
|
|
s6, r6 := th.SystemAdminClient.GetScheme(s5.Id)
|
|
CheckNoError(t, r6)
|
|
assert.Equal(t, s5, s6)
|
|
|
|
// Test with invalid patch.
|
|
*schemePatch.Name = strings.Repeat(model.NewId(), 20)
|
|
_, r7 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch)
|
|
CheckBadRequestStatus(t, r7)
|
|
|
|
// Test with unknown ID.
|
|
*schemePatch.Name = model.NewId()
|
|
_, r8 := th.SystemAdminClient.PatchScheme(model.NewId(), schemePatch)
|
|
CheckNotFoundStatus(t, r8)
|
|
|
|
// Test with invalid ID.
|
|
_, r9 := th.SystemAdminClient.PatchScheme("12345", schemePatch)
|
|
CheckBadRequestStatus(t, r9)
|
|
|
|
// Test without required permissions.
|
|
_, r10 := th.Client.PatchScheme(s6.Id, schemePatch)
|
|
CheckForbiddenStatus(t, r10)
|
|
|
|
// Test without license.
|
|
th.App.SetLicense(nil)
|
|
_, r11 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch)
|
|
CheckNotImplementedStatus(t, r11)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
th.LoginSystemAdmin()
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
_, r12 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch)
|
|
CheckNotImplementedStatus(t, r12)
|
|
}
|
|
|
|
func TestDeleteScheme(t *testing.T) {
|
|
th := Setup().InitBasic().InitSystemAdmin()
|
|
defer th.TearDown()
|
|
|
|
t.Run("ValidTeamScheme", func(t *testing.T) {
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
// Create a team scheme.
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_TEAM,
|
|
}
|
|
|
|
s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
// Retrieve the roles and check they are not deleted.
|
|
role1, roleRes1 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole)
|
|
CheckNoError(t, roleRes1)
|
|
role2, roleRes2 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole)
|
|
CheckNoError(t, roleRes2)
|
|
role3, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
|
|
CheckNoError(t, roleRes3)
|
|
role4, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
|
|
CheckNoError(t, roleRes4)
|
|
|
|
assert.Zero(t, role1.DeleteAt)
|
|
assert.Zero(t, role2.DeleteAt)
|
|
assert.Zero(t, role3.DeleteAt)
|
|
assert.Zero(t, role4.DeleteAt)
|
|
|
|
// Make sure this scheme is in use by a team.
|
|
res := <-th.App.Srv.Store.Team().Save(&model.Team{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Email: model.NewId() + "@nowhere.com",
|
|
Type: model.TEAM_OPEN,
|
|
SchemeId: &s1.Id,
|
|
})
|
|
assert.Nil(t, res.Err)
|
|
team := res.Data.(*model.Team)
|
|
|
|
// Delete the Scheme.
|
|
_, r3 := th.SystemAdminClient.DeleteScheme(s1.Id)
|
|
CheckNoError(t, r3)
|
|
|
|
// Check the roles were deleted.
|
|
role1, roleRes1 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole)
|
|
CheckNoError(t, roleRes1)
|
|
role2, roleRes2 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole)
|
|
CheckNoError(t, roleRes2)
|
|
role3, roleRes3 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
|
|
CheckNoError(t, roleRes3)
|
|
role4, roleRes4 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
|
|
CheckNoError(t, roleRes4)
|
|
|
|
assert.NotZero(t, role1.DeleteAt)
|
|
assert.NotZero(t, role2.DeleteAt)
|
|
assert.NotZero(t, role3.DeleteAt)
|
|
assert.NotZero(t, role4.DeleteAt)
|
|
|
|
// Check the team now uses the default scheme
|
|
c2, resp := th.SystemAdminClient.GetTeam(team.Id, "")
|
|
CheckNoError(t, resp)
|
|
assert.Equal(t, "", *c2.SchemeId)
|
|
})
|
|
|
|
t.Run("ValidChannelScheme", func(t *testing.T) {
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
// Create a channel scheme.
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_CHANNEL,
|
|
}
|
|
|
|
s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
// Retrieve the roles and check they are not deleted.
|
|
role3, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
|
|
CheckNoError(t, roleRes3)
|
|
role4, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
|
|
CheckNoError(t, roleRes4)
|
|
|
|
assert.Zero(t, role3.DeleteAt)
|
|
assert.Zero(t, role4.DeleteAt)
|
|
|
|
// Make sure this scheme is in use by a team.
|
|
res := <-th.App.Srv.Store.Channel().Save(&model.Channel{
|
|
TeamId: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Type: model.CHANNEL_OPEN,
|
|
SchemeId: &s1.Id,
|
|
}, -1)
|
|
assert.Nil(t, res.Err)
|
|
channel := res.Data.(*model.Channel)
|
|
|
|
// Delete the Scheme.
|
|
_, r3 := th.SystemAdminClient.DeleteScheme(s1.Id)
|
|
CheckNoError(t, r3)
|
|
|
|
// Check the roles were deleted.
|
|
role3, roleRes3 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
|
|
CheckNoError(t, roleRes3)
|
|
role4, roleRes4 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
|
|
CheckNoError(t, roleRes4)
|
|
|
|
assert.NotZero(t, role3.DeleteAt)
|
|
assert.NotZero(t, role4.DeleteAt)
|
|
|
|
// Check the channel now uses the default scheme
|
|
c2, resp := th.SystemAdminClient.GetChannelByName(channel.Name, channel.TeamId, "")
|
|
CheckNoError(t, resp)
|
|
assert.Equal(t, "", *c2.SchemeId)
|
|
})
|
|
|
|
t.Run("FailureCases", func(t *testing.T) {
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
|
|
scheme1 := &model.Scheme{
|
|
DisplayName: model.NewId(),
|
|
Name: model.NewId(),
|
|
Description: model.NewId(),
|
|
Scope: model.SCHEME_SCOPE_CHANNEL,
|
|
}
|
|
|
|
s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
|
|
CheckNoError(t, r1)
|
|
|
|
// Test with unknown ID.
|
|
_, r2 := th.SystemAdminClient.DeleteScheme(model.NewId())
|
|
CheckNotFoundStatus(t, r2)
|
|
|
|
// Test with invalid ID.
|
|
_, r3 := th.SystemAdminClient.DeleteScheme("12345")
|
|
CheckBadRequestStatus(t, r3)
|
|
|
|
// Test without required permissions.
|
|
_, r4 := th.Client.DeleteScheme(s1.Id)
|
|
CheckForbiddenStatus(t, r4)
|
|
|
|
// Test without license.
|
|
th.App.SetLicense(nil)
|
|
_, r5 := th.SystemAdminClient.DeleteScheme(s1.Id)
|
|
CheckNotImplementedStatus(t, r5)
|
|
|
|
th.App.SetPhase2PermissionsMigrationStatus(false)
|
|
|
|
th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
|
|
|
|
_, r6 := th.SystemAdminClient.DeleteScheme(s1.Id)
|
|
CheckNotImplementedStatus(t, r6)
|
|
})
|
|
}
|