github.com/adacta-ru/mattermost-server/v6@v6.0.0/api4/user_viewmembers_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "testing" 8 9 "github.com/adacta-ru/mattermost-server/v6/model" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func TestApiResctrictedViewMembers(t *testing.T) { 14 th := Setup(t) 15 defer th.TearDown() 16 17 // Create first account for system admin 18 _, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user0", Password: "test-password-0", Username: "test-user-0", Roles: model.SYSTEM_USER_ROLE_ID}) 19 require.Nil(t, err) 20 21 user1, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user1", Password: "test-password-1", Username: "test-user-1", Roles: model.SYSTEM_USER_ROLE_ID}) 22 require.Nil(t, err) 23 user2, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user2", Password: "test-password-2", Username: "test-user-2", Roles: model.SYSTEM_USER_ROLE_ID}) 24 require.Nil(t, err) 25 user3, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user3", Password: "test-password-3", Username: "test-user-3", Roles: model.SYSTEM_USER_ROLE_ID}) 26 require.Nil(t, err) 27 user4, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user4", Password: "test-password-4", Username: "test-user-4", Roles: model.SYSTEM_USER_ROLE_ID}) 28 require.Nil(t, err) 29 user5, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user5", Password: "test-password-5", Username: "test-user-5", Roles: model.SYSTEM_USER_ROLE_ID}) 30 require.Nil(t, err) 31 32 team1, err := th.App.CreateTeam(&model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}) 33 require.Nil(t, err) 34 team2, err := th.App.CreateTeam(&model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}) 35 require.Nil(t, err) 36 37 channel1, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false) 38 require.Nil(t, err) 39 channel2, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false) 40 require.Nil(t, err) 41 channel3, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team2.Id, CreatorId: model.NewId()}, false) 42 require.Nil(t, err) 43 44 th.LinkUserToTeam(user1, team1) 45 th.LinkUserToTeam(user2, team1) 46 th.LinkUserToTeam(user3, team2) 47 th.LinkUserToTeam(user4, team1) 48 th.LinkUserToTeam(user4, team2) 49 50 th.AddUserToChannel(user1, channel1) 51 th.AddUserToChannel(user2, channel2) 52 th.AddUserToChannel(user3, channel3) 53 th.AddUserToChannel(user4, channel1) 54 th.AddUserToChannel(user4, channel3) 55 56 th.App.SetStatusOnline(user1.Id, true) 57 th.App.SetStatusOnline(user2.Id, true) 58 th.App.SetStatusOnline(user3.Id, true) 59 th.App.SetStatusOnline(user4.Id, true) 60 th.App.SetStatusOnline(user5.Id, true) 61 62 _, resp := th.Client.Login(user1.Username, "test-password-1") 63 CheckNoError(t, resp) 64 65 t.Run("getUser", func(t *testing.T) { 66 testCases := []struct { 67 Name string 68 RestrictedTo string 69 UserId string 70 ExpectedError string 71 }{ 72 { 73 "Get visible user without restrictions", 74 "", 75 user5.Id, 76 "", 77 }, 78 { 79 "Get not existing user without restrictions", 80 "", 81 model.NewId(), 82 "app.user.missing_account.const", 83 }, 84 { 85 "Get not existing user with restrictions to teams", 86 "teams", 87 model.NewId(), 88 "api.context.permissions.app_error", 89 }, 90 { 91 "Get visible user with restrictions to teams", 92 "teams", 93 user2.Id, 94 "", 95 }, 96 { 97 "Get not visible user with restrictions to teams", 98 "teams", 99 user5.Id, 100 "api.context.permissions.app_error", 101 }, 102 { 103 "Get not existing user with restrictions to channels", 104 "channels", 105 model.NewId(), 106 "api.context.permissions.app_error", 107 }, 108 { 109 "Get visible user with restrictions to channels", 110 "channels", 111 user4.Id, 112 "", 113 }, 114 { 115 "Get not visible user with restrictions to channels", 116 "channels", 117 user3.Id, 118 "api.context.permissions.app_error", 119 }, 120 } 121 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 122 123 for _, tc := range testCases { 124 t.Run(tc.Name, func(t *testing.T) { 125 if tc.RestrictedTo == "channels" { 126 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 127 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 128 } else if tc.RestrictedTo == "teams" { 129 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 130 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 131 } else { 132 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 133 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 134 } 135 136 _, resp := th.Client.GetUser(tc.UserId, "") 137 require.Nil(t, err) 138 if tc.ExpectedError != "" { 139 CheckErrorMessage(t, resp, tc.ExpectedError) 140 } else { 141 CheckNoError(t, resp) 142 } 143 }) 144 } 145 }) 146 147 t.Run("getUserByUsername", func(t *testing.T) { 148 testCases := []struct { 149 Name string 150 RestrictedTo string 151 Username string 152 ExpectedError string 153 }{ 154 { 155 "Get visible user without restrictions", 156 "", 157 user5.Username, 158 "", 159 }, 160 { 161 "Get not existing user without restrictions", 162 "", 163 model.NewId(), 164 "app.user.get_by_username.app_error", 165 }, 166 { 167 "Get not existing user with restrictions to teams", 168 "teams", 169 model.NewId(), 170 "api.context.permissions.app_error", 171 }, 172 { 173 "Get visible user with restrictions to teams", 174 "teams", 175 user2.Username, 176 "", 177 }, 178 { 179 "Get not visible user with restrictions to teams", 180 "teams", 181 user5.Username, 182 "api.context.permissions.app_error", 183 }, 184 { 185 "Get not existing user with restrictions to channels", 186 "channels", 187 model.NewId(), 188 "api.context.permissions.app_error", 189 }, 190 { 191 "Get visible user with restrictions to channels", 192 "channels", 193 user4.Username, 194 "", 195 }, 196 { 197 "Get not visible user with restrictions to channels", 198 "channels", 199 user3.Username, 200 "api.context.permissions.app_error", 201 }, 202 } 203 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 204 205 for _, tc := range testCases { 206 t.Run(tc.Name, func(t *testing.T) { 207 if tc.RestrictedTo == "channels" { 208 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 209 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 210 } else if tc.RestrictedTo == "teams" { 211 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 212 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 213 } else { 214 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 215 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 216 } 217 218 _, resp := th.Client.GetUserByUsername(tc.Username, "") 219 require.Nil(t, err) 220 if tc.ExpectedError != "" { 221 CheckErrorMessage(t, resp, tc.ExpectedError) 222 } else { 223 CheckNoError(t, resp) 224 } 225 }) 226 } 227 }) 228 229 t.Run("getUserByEmail", func(t *testing.T) { 230 testCases := []struct { 231 Name string 232 RestrictedTo string 233 Email string 234 ExpectedError string 235 }{ 236 { 237 "Get visible user without restrictions", 238 "", 239 user5.Email, 240 "", 241 }, 242 { 243 "Get not existing user without restrictions", 244 "", 245 th.GenerateTestEmail(), 246 "app.user.missing_account.const", 247 }, 248 { 249 "Get not existing user with restrictions to teams", 250 "teams", 251 th.GenerateTestEmail(), 252 "api.context.permissions.app_error", 253 }, 254 { 255 "Get visible user with restrictions to teams", 256 "teams", 257 user2.Email, 258 "", 259 }, 260 { 261 "Get not visible user with restrictions to teams", 262 "teams", 263 user5.Email, 264 "api.context.permissions.app_error", 265 }, 266 { 267 "Get not existing user with restrictions to channels", 268 "channels", 269 th.GenerateTestEmail(), 270 "api.context.permissions.app_error", 271 }, 272 { 273 "Get visible user with restrictions to channels", 274 "channels", 275 user4.Email, 276 "", 277 }, 278 { 279 "Get not visible user with restrictions to channels", 280 "channels", 281 user3.Email, 282 "api.context.permissions.app_error", 283 }, 284 } 285 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 286 287 for _, tc := range testCases { 288 t.Run(tc.Name, func(t *testing.T) { 289 if tc.RestrictedTo == "channels" { 290 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 291 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 292 } else if tc.RestrictedTo == "teams" { 293 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 294 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 295 } else { 296 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 297 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 298 } 299 300 _, resp := th.Client.GetUserByEmail(tc.Email, "") 301 require.Nil(t, err) 302 if tc.ExpectedError != "" { 303 CheckErrorMessage(t, resp, tc.ExpectedError) 304 } else { 305 CheckNoError(t, resp) 306 } 307 }) 308 } 309 }) 310 311 t.Run("getDefaultProfileImage", func(t *testing.T) { 312 testCases := []struct { 313 Name string 314 RestrictedTo string 315 UserId string 316 ExpectedError string 317 }{ 318 { 319 "Get visible user without restrictions", 320 "", 321 user5.Id, 322 "", 323 }, 324 { 325 "Get not existing user without restrictions", 326 "", 327 model.NewId(), 328 "app.user.missing_account.const", 329 }, 330 { 331 "Get not existing user with restrictions to teams", 332 "teams", 333 model.NewId(), 334 "api.context.permissions.app_error", 335 }, 336 { 337 "Get visible user with restrictions to teams", 338 "teams", 339 user2.Id, 340 "", 341 }, 342 { 343 "Get not visible user with restrictions to teams", 344 "teams", 345 user5.Id, 346 "api.context.permissions.app_error", 347 }, 348 { 349 "Get not existing user with restrictions to channels", 350 "channels", 351 model.NewId(), 352 "api.context.permissions.app_error", 353 }, 354 { 355 "Get visible user with restrictions to channels", 356 "channels", 357 user4.Id, 358 "", 359 }, 360 { 361 "Get not visible user with restrictions to channels", 362 "channels", 363 user3.Id, 364 "api.context.permissions.app_error", 365 }, 366 } 367 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 368 369 for _, tc := range testCases { 370 t.Run(tc.Name, func(t *testing.T) { 371 if tc.RestrictedTo == "channels" { 372 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 373 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 374 } else if tc.RestrictedTo == "teams" { 375 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 376 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 377 } else { 378 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 379 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 380 } 381 382 _, resp := th.Client.GetDefaultProfileImage(tc.UserId) 383 require.Nil(t, err) 384 if tc.ExpectedError != "" { 385 CheckErrorMessage(t, resp, tc.ExpectedError) 386 } else { 387 CheckNoError(t, resp) 388 } 389 }) 390 } 391 }) 392 393 t.Run("getProfileImage", func(t *testing.T) { 394 testCases := []struct { 395 Name string 396 RestrictedTo string 397 UserId string 398 ExpectedError string 399 }{ 400 { 401 "Get visible user without restrictions", 402 "", 403 user5.Id, 404 "", 405 }, 406 { 407 "Get not existing user without restrictions", 408 "", 409 model.NewId(), 410 "app.user.missing_account.const", 411 }, 412 { 413 "Get not existing user with restrictions to teams", 414 "teams", 415 model.NewId(), 416 "api.context.permissions.app_error", 417 }, 418 { 419 "Get visible user with restrictions to teams", 420 "teams", 421 user2.Id, 422 "", 423 }, 424 { 425 "Get not visible user with restrictions to teams", 426 "teams", 427 user5.Id, 428 "api.context.permissions.app_error", 429 }, 430 { 431 "Get not existing user with restrictions to channels", 432 "channels", 433 model.NewId(), 434 "api.context.permissions.app_error", 435 }, 436 { 437 "Get visible user with restrictions to channels", 438 "channels", 439 user4.Id, 440 "", 441 }, 442 { 443 "Get not visible user with restrictions to channels", 444 "channels", 445 user3.Id, 446 "api.context.permissions.app_error", 447 }, 448 } 449 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 450 451 for _, tc := range testCases { 452 t.Run(tc.Name, func(t *testing.T) { 453 if tc.RestrictedTo == "channels" { 454 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 455 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 456 } else if tc.RestrictedTo == "teams" { 457 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 458 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 459 } else { 460 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 461 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 462 } 463 464 _, resp := th.Client.GetProfileImage(tc.UserId, "") 465 require.Nil(t, err) 466 if tc.ExpectedError != "" { 467 CheckErrorMessage(t, resp, tc.ExpectedError) 468 } else { 469 CheckNoError(t, resp) 470 } 471 }) 472 } 473 }) 474 }