mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
fe8a0f6485
* MM-14139: Creating permissions for invite/promote/demote guests (#10778) * MM-14139: Creating permissions for invite/promote/demote guests * Fixing tests * Adding invite guest api endpoint (#10792) * Adding invite guest api endpoint * Adding i18n * Adding some tests * WIP * Migrating Token.Extra info to bigger size (2048) * Fixing tests * Adding client function for invite guests * Adding send guests invites tests * Renaming file from guest to guest_invite * Adding Promote/Demote users from/to guest endpoints (#10791) * Adding Promote/Demote users from/to guest endpoints * Adding i18n translations * Adding the client functions * Using getQueryBuilder function * Addressing PR review comments * Adding default channels to users on promte from guest (#10851) * Adding default channels to users on promte from guest * Addressing PR review comments * Fixing merge problems * Sending websockets events on promote/demote (#11403) * Sending websockets events on promote/demote * Fixing merge problems * Fixing govet shadowing problem * Fixing feature branch tests * Avoiding leaking users data through websockets for guest accounts (#11489) * Avoiding leaking users data through websockets for guest accounts * Adding tests and fixing code error * Fixing i18n * Allow to enable/disable guests and other extra config settings (#11481) * Allow to enable/disable guests and other extra config settings * Fixing tests and moving license and config validation to api level * Update api4/role_test.go Co-Authored-By: George Goldberg <george@gberg.me> * Update api4/role_test.go Co-Authored-By: George Goldberg <george@gberg.me> * Fixing typo * fixing tests * Managing correctly the guest channel leave behavior (#11578) * MM-15134: Removing guests from teams or system on leave channels if needed * WIP * No deactivating the guest user when leave the last team * Adding a couple of tests * Fixing shadow variables * Fixing tests * fixing tests * fixing shadow variables * Adding guest counts for channel stats (#11646) * Adding guest counts for channel stats * Adding tests * Fixing tests * Fixing guest domain restrictions (#11660) * Adding needed migration for the database * Fixing migration
233 lines
7.3 KiB
Go
233 lines
7.3 KiB
Go
// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/mattermost/mattermost-server/model"
|
|
)
|
|
|
|
func TestGetRole(t *testing.T) {
|
|
th := Setup().InitBasic()
|
|
defer th.TearDown()
|
|
|
|
role := &model.Role{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Description: model.NewId(),
|
|
Permissions: []string{"manage_system", "create_public_channel"},
|
|
SchemeManaged: true,
|
|
}
|
|
|
|
role, err := th.App.Srv.Store.Role().Save(role)
|
|
assert.Nil(t, err)
|
|
defer th.App.Srv.Store.Job().Delete(role.Id)
|
|
|
|
received, resp := th.Client.GetRole(role.Id)
|
|
CheckNoError(t, resp)
|
|
|
|
assert.Equal(t, received.Id, role.Id)
|
|
assert.Equal(t, received.Name, role.Name)
|
|
assert.Equal(t, received.DisplayName, role.DisplayName)
|
|
assert.Equal(t, received.Description, role.Description)
|
|
assert.EqualValues(t, received.Permissions, role.Permissions)
|
|
assert.Equal(t, received.SchemeManaged, role.SchemeManaged)
|
|
|
|
_, resp = th.SystemAdminClient.GetRole("1234")
|
|
CheckBadRequestStatus(t, resp)
|
|
|
|
_, resp = th.SystemAdminClient.GetRole(model.NewId())
|
|
CheckNotFoundStatus(t, resp)
|
|
}
|
|
|
|
func TestGetRoleByName(t *testing.T) {
|
|
th := Setup().InitBasic()
|
|
defer th.TearDown()
|
|
|
|
role := &model.Role{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Description: model.NewId(),
|
|
Permissions: []string{"manage_system", "create_public_channel"},
|
|
SchemeManaged: true,
|
|
}
|
|
|
|
role, err := th.App.Srv.Store.Role().Save(role)
|
|
assert.Nil(t, err)
|
|
defer th.App.Srv.Store.Job().Delete(role.Id)
|
|
|
|
received, resp := th.Client.GetRoleByName(role.Name)
|
|
CheckNoError(t, resp)
|
|
|
|
assert.Equal(t, received.Id, role.Id)
|
|
assert.Equal(t, received.Name, role.Name)
|
|
assert.Equal(t, received.DisplayName, role.DisplayName)
|
|
assert.Equal(t, received.Description, role.Description)
|
|
assert.EqualValues(t, received.Permissions, role.Permissions)
|
|
assert.Equal(t, received.SchemeManaged, role.SchemeManaged)
|
|
|
|
_, resp = th.SystemAdminClient.GetRoleByName(strings.Repeat("abcdefghij", 10))
|
|
CheckBadRequestStatus(t, resp)
|
|
|
|
_, resp = th.SystemAdminClient.GetRoleByName(model.NewId())
|
|
CheckNotFoundStatus(t, resp)
|
|
}
|
|
|
|
func TestGetRolesByNames(t *testing.T) {
|
|
th := Setup().InitBasic()
|
|
defer th.TearDown()
|
|
|
|
role1 := &model.Role{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Description: model.NewId(),
|
|
Permissions: []string{"manage_system", "create_public_channel"},
|
|
SchemeManaged: true,
|
|
}
|
|
role2 := &model.Role{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Description: model.NewId(),
|
|
Permissions: []string{"manage_system", "delete_private_channel"},
|
|
SchemeManaged: true,
|
|
}
|
|
role3 := &model.Role{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Description: model.NewId(),
|
|
Permissions: []string{"manage_system", "manage_public_channel_properties"},
|
|
SchemeManaged: true,
|
|
}
|
|
|
|
role1, err := th.App.Srv.Store.Role().Save(role1)
|
|
assert.Nil(t, err)
|
|
defer th.App.Srv.Store.Job().Delete(role1.Id)
|
|
|
|
role2, err = th.App.Srv.Store.Role().Save(role2)
|
|
assert.Nil(t, err)
|
|
defer th.App.Srv.Store.Job().Delete(role2.Id)
|
|
|
|
role3, err = th.App.Srv.Store.Role().Save(role3)
|
|
assert.Nil(t, err)
|
|
defer th.App.Srv.Store.Job().Delete(role3.Id)
|
|
|
|
// Check all three roles can be found.
|
|
received, resp := th.Client.GetRolesByNames([]string{role1.Name, role2.Name, role3.Name})
|
|
CheckNoError(t, resp)
|
|
|
|
assert.Contains(t, received, role1)
|
|
assert.Contains(t, received, role2)
|
|
assert.Contains(t, received, role3)
|
|
|
|
// Check a list of non-existent roles.
|
|
_, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId()})
|
|
CheckNoError(t, resp)
|
|
|
|
// Empty list should error.
|
|
_, resp = th.SystemAdminClient.GetRolesByNames([]string{})
|
|
CheckBadRequestStatus(t, resp)
|
|
|
|
// Invalid role name should error.
|
|
_, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId(), "!!!!!!"})
|
|
CheckBadRequestStatus(t, resp)
|
|
|
|
// Empty/whitespace rolenames should be ignored.
|
|
_, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId(), "", " "})
|
|
CheckNoError(t, resp)
|
|
}
|
|
|
|
func TestPatchRole(t *testing.T) {
|
|
th := Setup().InitBasic()
|
|
defer th.TearDown()
|
|
|
|
role := &model.Role{
|
|
Name: model.NewId(),
|
|
DisplayName: model.NewId(),
|
|
Description: model.NewId(),
|
|
Permissions: []string{"manage_system", "create_public_channel", "manage_slash_commands"},
|
|
SchemeManaged: true,
|
|
}
|
|
|
|
role, err := th.App.Srv.Store.Role().Save(role)
|
|
assert.Nil(t, err)
|
|
defer th.App.Srv.Store.Job().Delete(role.Id)
|
|
|
|
patch := &model.RolePatch{
|
|
Permissions: &[]string{"manage_system", "create_public_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"},
|
|
}
|
|
|
|
received, resp := th.SystemAdminClient.PatchRole(role.Id, patch)
|
|
CheckNoError(t, resp)
|
|
|
|
assert.Equal(t, received.Id, role.Id)
|
|
assert.Equal(t, received.Name, role.Name)
|
|
assert.Equal(t, received.DisplayName, role.DisplayName)
|
|
assert.Equal(t, received.Description, role.Description)
|
|
assert.EqualValues(t, received.Permissions, []string{"manage_system", "create_public_channel", "manage_incoming_webhooks", "manage_outgoing_webhooks"})
|
|
assert.Equal(t, received.SchemeManaged, role.SchemeManaged)
|
|
|
|
// Check a no-op patch succeeds.
|
|
_, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
|
|
CheckNoError(t, resp)
|
|
|
|
_, resp = th.SystemAdminClient.PatchRole("junk", patch)
|
|
CheckBadRequestStatus(t, resp)
|
|
|
|
_, resp = th.Client.PatchRole(model.NewId(), patch)
|
|
CheckNotFoundStatus(t, resp)
|
|
|
|
_, resp = th.Client.PatchRole(role.Id, patch)
|
|
CheckForbiddenStatus(t, resp)
|
|
|
|
// Check a change that the license would not allow.
|
|
patch = &model.RolePatch{
|
|
Permissions: &[]string{"manage_system", "manage_incoming_webhooks", "manage_outgoing_webhooks"},
|
|
}
|
|
|
|
_, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
|
|
CheckNotImplementedStatus(t, resp)
|
|
|
|
// Add a license.
|
|
license := model.NewTestLicense()
|
|
license.Features.GuestAccountsPermissions = model.NewBool(false)
|
|
th.App.SetLicense(license)
|
|
|
|
// Try again, should succeed
|
|
received, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
|
|
CheckNoError(t, resp)
|
|
|
|
assert.Equal(t, received.Id, role.Id)
|
|
assert.Equal(t, received.Name, role.Name)
|
|
assert.Equal(t, received.DisplayName, role.DisplayName)
|
|
assert.Equal(t, received.Description, role.Description)
|
|
assert.EqualValues(t, received.Permissions, []string{"manage_system", "manage_incoming_webhooks", "manage_outgoing_webhooks"})
|
|
assert.Equal(t, received.SchemeManaged, role.SchemeManaged)
|
|
|
|
t.Run("Check guest permissions editing without E20 license", func(t *testing.T) {
|
|
license := model.NewTestLicense()
|
|
license.Features.GuestAccountsPermissions = model.NewBool(false)
|
|
th.App.SetLicense(license)
|
|
|
|
guestRole, err := th.App.Srv.Store.Role().GetByName("system_guest")
|
|
require.Nil(t, err)
|
|
received, resp = th.SystemAdminClient.PatchRole(guestRole.Id, patch)
|
|
CheckNotImplementedStatus(t, resp)
|
|
})
|
|
|
|
t.Run("Check guest permissions editing with E20 license", func(t *testing.T) {
|
|
license := model.NewTestLicense()
|
|
license.Features.GuestAccountsPermissions = model.NewBool(true)
|
|
th.App.SetLicense(license)
|
|
guestRole, err := th.App.Srv.Store.Role().GetByName("system_guest")
|
|
require.Nil(t, err)
|
|
_, resp = th.SystemAdminClient.PatchRole(guestRole.Id, patch)
|
|
CheckNoError(t, resp)
|
|
})
|
|
}
|