github.com/kongr45gpen/mattermost-server@v5.11.1+incompatible/api4/scheme_test.go (about)

     1  // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"strings"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/assert"
    11  
    12  	"github.com/mattermost/mattermost-server/model"
    13  )
    14  
    15  func TestCreateScheme(t *testing.T) {
    16  	th := Setup().InitBasic()
    17  	defer th.TearDown()
    18  
    19  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
    20  
    21  	th.App.SetPhase2PermissionsMigrationStatus(true)
    22  
    23  	// Basic test of creating a team scheme.
    24  	scheme1 := &model.Scheme{
    25  		DisplayName: model.NewId(),
    26  		Name:        model.NewId(),
    27  		Description: model.NewId(),
    28  		Scope:       model.SCHEME_SCOPE_TEAM,
    29  	}
    30  
    31  	s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
    32  	CheckNoError(t, r1)
    33  
    34  	assert.Equal(t, s1.DisplayName, scheme1.DisplayName)
    35  	assert.Equal(t, s1.Name, scheme1.Name)
    36  	assert.Equal(t, s1.Description, scheme1.Description)
    37  	assert.NotZero(t, s1.CreateAt)
    38  	assert.Equal(t, s1.CreateAt, s1.UpdateAt)
    39  	assert.Zero(t, s1.DeleteAt)
    40  	assert.Equal(t, s1.Scope, scheme1.Scope)
    41  	assert.NotZero(t, len(s1.DefaultTeamAdminRole))
    42  	assert.NotZero(t, len(s1.DefaultTeamUserRole))
    43  	assert.NotZero(t, len(s1.DefaultChannelAdminRole))
    44  	assert.NotZero(t, len(s1.DefaultChannelUserRole))
    45  
    46  	// Check the default roles have been created.
    47  	_, roleRes1 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole)
    48  	CheckNoError(t, roleRes1)
    49  	_, roleRes2 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole)
    50  	CheckNoError(t, roleRes2)
    51  	_, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
    52  	CheckNoError(t, roleRes3)
    53  	_, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
    54  	CheckNoError(t, roleRes4)
    55  
    56  	// Basic Test of a Channel scheme.
    57  	scheme2 := &model.Scheme{
    58  		DisplayName: model.NewId(),
    59  		Name:        model.NewId(),
    60  		Description: model.NewId(),
    61  		Scope:       model.SCHEME_SCOPE_CHANNEL,
    62  	}
    63  
    64  	s2, r2 := th.SystemAdminClient.CreateScheme(scheme2)
    65  	CheckNoError(t, r2)
    66  
    67  	assert.Equal(t, s2.DisplayName, scheme2.DisplayName)
    68  	assert.Equal(t, s2.Name, scheme2.Name)
    69  	assert.Equal(t, s2.Description, scheme2.Description)
    70  	assert.NotZero(t, s2.CreateAt)
    71  	assert.Equal(t, s2.CreateAt, s2.UpdateAt)
    72  	assert.Zero(t, s2.DeleteAt)
    73  	assert.Equal(t, s2.Scope, scheme2.Scope)
    74  	assert.Zero(t, len(s2.DefaultTeamAdminRole))
    75  	assert.Zero(t, len(s2.DefaultTeamUserRole))
    76  	assert.NotZero(t, len(s2.DefaultChannelAdminRole))
    77  	assert.NotZero(t, len(s2.DefaultChannelUserRole))
    78  
    79  	// Check the default roles have been created.
    80  	_, roleRes5 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelAdminRole)
    81  	CheckNoError(t, roleRes5)
    82  	_, roleRes6 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelUserRole)
    83  	CheckNoError(t, roleRes6)
    84  
    85  	// Try and create a scheme with an invalid scope.
    86  	scheme3 := &model.Scheme{
    87  		DisplayName: model.NewId(),
    88  		Name:        model.NewId(),
    89  		Description: model.NewId(),
    90  		Scope:       model.NewId(),
    91  	}
    92  
    93  	_, r3 := th.SystemAdminClient.CreateScheme(scheme3)
    94  	CheckBadRequestStatus(t, r3)
    95  
    96  	// Try and create a scheme with an invalid display name.
    97  	scheme4 := &model.Scheme{
    98  		DisplayName: strings.Repeat(model.NewId(), 100),
    99  		Name:        "Name",
   100  		Description: model.NewId(),
   101  		Scope:       model.NewId(),
   102  	}
   103  	_, r4 := th.SystemAdminClient.CreateScheme(scheme4)
   104  	CheckBadRequestStatus(t, r4)
   105  
   106  	// Try and create a scheme with an invalid name.
   107  	scheme8 := &model.Scheme{
   108  		DisplayName: "DisplayName",
   109  		Name:        strings.Repeat(model.NewId(), 100),
   110  		Description: model.NewId(),
   111  		Scope:       model.NewId(),
   112  	}
   113  	_, r8 := th.SystemAdminClient.CreateScheme(scheme8)
   114  	CheckBadRequestStatus(t, r8)
   115  
   116  	// Try and create a scheme without the appropriate permissions.
   117  	scheme5 := &model.Scheme{
   118  		DisplayName: model.NewId(),
   119  		Name:        model.NewId(),
   120  		Description: model.NewId(),
   121  		Scope:       model.SCHEME_SCOPE_TEAM,
   122  	}
   123  	_, r5 := th.Client.CreateScheme(scheme5)
   124  	CheckForbiddenStatus(t, r5)
   125  
   126  	// Try and create a scheme without a license.
   127  	th.App.SetLicense(nil)
   128  	scheme6 := &model.Scheme{
   129  		DisplayName: model.NewId(),
   130  		Name:        model.NewId(),
   131  		Description: model.NewId(),
   132  		Scope:       model.SCHEME_SCOPE_TEAM,
   133  	}
   134  	_, r6 := th.SystemAdminClient.CreateScheme(scheme6)
   135  	CheckNotImplementedStatus(t, r6)
   136  
   137  	th.App.SetPhase2PermissionsMigrationStatus(false)
   138  
   139  	th.LoginSystemAdmin()
   140  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   141  
   142  	scheme7 := &model.Scheme{
   143  		DisplayName: model.NewId(),
   144  		Name:        model.NewId(),
   145  		Description: model.NewId(),
   146  		Scope:       model.SCHEME_SCOPE_TEAM,
   147  	}
   148  	_, r7 := th.SystemAdminClient.CreateScheme(scheme7)
   149  	CheckNotImplementedStatus(t, r7)
   150  }
   151  
   152  func TestGetScheme(t *testing.T) {
   153  	th := Setup().InitBasic()
   154  	defer th.TearDown()
   155  
   156  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   157  
   158  	// Basic test of creating a team scheme.
   159  	scheme1 := &model.Scheme{
   160  		DisplayName: model.NewId(),
   161  		Name:        model.NewId(),
   162  		Description: model.NewId(),
   163  		Scope:       model.SCHEME_SCOPE_TEAM,
   164  	}
   165  
   166  	th.App.SetPhase2PermissionsMigrationStatus(true)
   167  
   168  	s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   169  	CheckNoError(t, r1)
   170  
   171  	assert.Equal(t, s1.DisplayName, scheme1.DisplayName)
   172  	assert.Equal(t, s1.Name, scheme1.Name)
   173  	assert.Equal(t, s1.Description, scheme1.Description)
   174  	assert.NotZero(t, s1.CreateAt)
   175  	assert.Equal(t, s1.CreateAt, s1.UpdateAt)
   176  	assert.Zero(t, s1.DeleteAt)
   177  	assert.Equal(t, s1.Scope, scheme1.Scope)
   178  	assert.NotZero(t, len(s1.DefaultTeamAdminRole))
   179  	assert.NotZero(t, len(s1.DefaultTeamUserRole))
   180  	assert.NotZero(t, len(s1.DefaultChannelAdminRole))
   181  	assert.NotZero(t, len(s1.DefaultChannelUserRole))
   182  
   183  	s2, r2 := th.SystemAdminClient.GetScheme(s1.Id)
   184  	CheckNoError(t, r2)
   185  
   186  	assert.Equal(t, s1, s2)
   187  
   188  	_, r3 := th.SystemAdminClient.GetScheme(model.NewId())
   189  	CheckNotFoundStatus(t, r3)
   190  
   191  	_, r4 := th.SystemAdminClient.GetScheme("12345")
   192  	CheckBadRequestStatus(t, r4)
   193  
   194  	th.SystemAdminClient.Logout()
   195  	_, r5 := th.SystemAdminClient.GetScheme(s1.Id)
   196  	CheckUnauthorizedStatus(t, r5)
   197  
   198  	th.SystemAdminClient.Login(th.SystemAdminUser.Username, th.SystemAdminUser.Password)
   199  	th.App.SetLicense(nil)
   200  	_, r6 := th.SystemAdminClient.GetScheme(s1.Id)
   201  	CheckNoError(t, r6)
   202  
   203  	_, r7 := th.Client.GetScheme(s1.Id)
   204  	CheckForbiddenStatus(t, r7)
   205  
   206  	th.App.SetPhase2PermissionsMigrationStatus(false)
   207  
   208  	_, r8 := th.SystemAdminClient.GetScheme(s1.Id)
   209  	CheckNotImplementedStatus(t, r8)
   210  }
   211  
   212  func TestGetSchemes(t *testing.T) {
   213  	th := Setup().InitBasic()
   214  	defer th.TearDown()
   215  
   216  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   217  
   218  	scheme1 := &model.Scheme{
   219  		DisplayName: model.NewId(),
   220  		Name:        model.NewId(),
   221  		Description: model.NewId(),
   222  		Scope:       model.SCHEME_SCOPE_TEAM,
   223  	}
   224  
   225  	scheme2 := &model.Scheme{
   226  		DisplayName: model.NewId(),
   227  		Name:        model.NewId(),
   228  		Description: model.NewId(),
   229  		Scope:       model.SCHEME_SCOPE_CHANNEL,
   230  	}
   231  
   232  	th.App.SetPhase2PermissionsMigrationStatus(true)
   233  
   234  	_, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   235  	CheckNoError(t, r1)
   236  	_, r2 := th.SystemAdminClient.CreateScheme(scheme2)
   237  	CheckNoError(t, r2)
   238  
   239  	l3, r3 := th.SystemAdminClient.GetSchemes("", 0, 100)
   240  	CheckNoError(t, r3)
   241  
   242  	assert.NotZero(t, len(l3))
   243  
   244  	l4, r4 := th.SystemAdminClient.GetSchemes("team", 0, 100)
   245  	CheckNoError(t, r4)
   246  
   247  	for _, s := range l4 {
   248  		assert.Equal(t, "team", s.Scope)
   249  	}
   250  
   251  	l5, r5 := th.SystemAdminClient.GetSchemes("channel", 0, 100)
   252  	CheckNoError(t, r5)
   253  
   254  	for _, s := range l5 {
   255  		assert.Equal(t, "channel", s.Scope)
   256  	}
   257  
   258  	_, r6 := th.SystemAdminClient.GetSchemes("asdf", 0, 100)
   259  	CheckBadRequestStatus(t, r6)
   260  
   261  	th.Client.Logout()
   262  	_, r7 := th.Client.GetSchemes("", 0, 100)
   263  	CheckUnauthorizedStatus(t, r7)
   264  
   265  	th.Client.Login(th.BasicUser.Username, th.BasicUser.Password)
   266  	_, r8 := th.Client.GetSchemes("", 0, 100)
   267  	CheckForbiddenStatus(t, r8)
   268  
   269  	th.App.SetPhase2PermissionsMigrationStatus(false)
   270  
   271  	_, r9 := th.SystemAdminClient.GetSchemes("", 0, 100)
   272  	CheckNotImplementedStatus(t, r9)
   273  }
   274  
   275  func TestGetTeamsForScheme(t *testing.T) {
   276  	th := Setup().InitBasic()
   277  	defer th.TearDown()
   278  
   279  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   280  
   281  	th.App.SetPhase2PermissionsMigrationStatus(true)
   282  
   283  	scheme1 := &model.Scheme{
   284  		DisplayName: model.NewId(),
   285  		Name:        model.NewId(),
   286  		Description: model.NewId(),
   287  		Scope:       model.SCHEME_SCOPE_TEAM,
   288  	}
   289  	scheme1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   290  	CheckNoError(t, r1)
   291  
   292  	team1 := &model.Team{
   293  		Name:        GenerateTestUsername(),
   294  		DisplayName: "A Test Team",
   295  		Type:        model.TEAM_OPEN,
   296  	}
   297  
   298  	result1 := <-th.App.Srv.Store.Team().Save(team1)
   299  	assert.Nil(t, result1.Err)
   300  	team1 = result1.Data.(*model.Team)
   301  
   302  	l2, r2 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
   303  	CheckNoError(t, r2)
   304  	assert.Zero(t, len(l2))
   305  
   306  	team1.SchemeId = &scheme1.Id
   307  	result2 := <-th.App.Srv.Store.Team().Update(team1)
   308  	assert.Nil(t, result2.Err)
   309  	team1 = result2.Data.(*model.Team)
   310  
   311  	l3, r3 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
   312  	CheckNoError(t, r3)
   313  	assert.Len(t, l3, 1)
   314  	assert.Equal(t, team1.Id, l3[0].Id)
   315  
   316  	team2 := &model.Team{
   317  		Name:        GenerateTestUsername(),
   318  		DisplayName: "B Test Team",
   319  		Type:        model.TEAM_OPEN,
   320  		SchemeId:    &scheme1.Id,
   321  	}
   322  	result3 := <-th.App.Srv.Store.Team().Save(team2)
   323  	assert.Nil(t, result3.Err)
   324  	team2 = result3.Data.(*model.Team)
   325  
   326  	l4, r4 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
   327  	CheckNoError(t, r4)
   328  	assert.Len(t, l4, 2)
   329  	assert.Equal(t, team1.Id, l4[0].Id)
   330  	assert.Equal(t, team2.Id, l4[1].Id)
   331  
   332  	l5, r5 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 1, 1)
   333  	CheckNoError(t, r5)
   334  	assert.Len(t, l5, 1)
   335  	assert.Equal(t, team2.Id, l5[0].Id)
   336  
   337  	// Check various error cases.
   338  	_, ri1 := th.SystemAdminClient.GetTeamsForScheme(model.NewId(), 0, 100)
   339  	CheckNotFoundStatus(t, ri1)
   340  
   341  	_, ri2 := th.SystemAdminClient.GetTeamsForScheme("", 0, 100)
   342  	CheckBadRequestStatus(t, ri2)
   343  
   344  	th.Client.Logout()
   345  	_, ri3 := th.Client.GetTeamsForScheme(model.NewId(), 0, 100)
   346  	CheckUnauthorizedStatus(t, ri3)
   347  
   348  	th.Client.Login(th.BasicUser.Username, th.BasicUser.Password)
   349  	_, ri4 := th.Client.GetTeamsForScheme(model.NewId(), 0, 100)
   350  	CheckForbiddenStatus(t, ri4)
   351  
   352  	scheme2 := &model.Scheme{
   353  		DisplayName: model.NewId(),
   354  		Name:        model.NewId(),
   355  		Description: model.NewId(),
   356  		Scope:       model.SCHEME_SCOPE_CHANNEL,
   357  	}
   358  	scheme2, rs2 := th.SystemAdminClient.CreateScheme(scheme2)
   359  	CheckNoError(t, rs2)
   360  
   361  	_, ri5 := th.SystemAdminClient.GetTeamsForScheme(scheme2.Id, 0, 100)
   362  	CheckBadRequestStatus(t, ri5)
   363  
   364  	th.App.SetPhase2PermissionsMigrationStatus(false)
   365  
   366  	_, ri6 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100)
   367  	CheckNotImplementedStatus(t, ri6)
   368  }
   369  
   370  func TestGetChannelsForScheme(t *testing.T) {
   371  	th := Setup().InitBasic()
   372  	defer th.TearDown()
   373  
   374  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   375  
   376  	th.App.SetPhase2PermissionsMigrationStatus(true)
   377  
   378  	scheme1 := &model.Scheme{
   379  		DisplayName: model.NewId(),
   380  		Name:        model.NewId(),
   381  		Description: model.NewId(),
   382  		Scope:       model.SCHEME_SCOPE_CHANNEL,
   383  	}
   384  	scheme1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   385  	CheckNoError(t, r1)
   386  
   387  	channel1 := &model.Channel{
   388  		TeamId:      model.NewId(),
   389  		DisplayName: "A Name",
   390  		Name:        model.NewId(),
   391  		Type:        model.CHANNEL_OPEN,
   392  	}
   393  
   394  	result1 := <-th.App.Srv.Store.Channel().Save(channel1, 1000000)
   395  	assert.Nil(t, result1.Err)
   396  	channel1 = result1.Data.(*model.Channel)
   397  
   398  	l2, r2 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
   399  	CheckNoError(t, r2)
   400  	assert.Zero(t, len(l2))
   401  
   402  	channel1.SchemeId = &scheme1.Id
   403  	result2 := <-th.App.Srv.Store.Channel().Update(channel1)
   404  	assert.Nil(t, result2.Err)
   405  	channel1 = result2.Data.(*model.Channel)
   406  
   407  	l3, r3 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
   408  	CheckNoError(t, r3)
   409  	assert.Len(t, l3, 1)
   410  	assert.Equal(t, channel1.Id, l3[0].Id)
   411  
   412  	channel2 := &model.Channel{
   413  		TeamId:      model.NewId(),
   414  		DisplayName: "B Name",
   415  		Name:        model.NewId(),
   416  		Type:        model.CHANNEL_OPEN,
   417  		SchemeId:    &scheme1.Id,
   418  	}
   419  	result3 := <-th.App.Srv.Store.Channel().Save(channel2, 1000000)
   420  	assert.Nil(t, result3.Err)
   421  	channel2 = result3.Data.(*model.Channel)
   422  
   423  	l4, r4 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
   424  	CheckNoError(t, r4)
   425  	assert.Len(t, l4, 2)
   426  	assert.Equal(t, channel1.Id, l4[0].Id)
   427  	assert.Equal(t, channel2.Id, l4[1].Id)
   428  
   429  	l5, r5 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 1, 1)
   430  	CheckNoError(t, r5)
   431  	assert.Len(t, l5, 1)
   432  	assert.Equal(t, channel2.Id, l5[0].Id)
   433  
   434  	// Check various error cases.
   435  	_, ri1 := th.SystemAdminClient.GetChannelsForScheme(model.NewId(), 0, 100)
   436  	CheckNotFoundStatus(t, ri1)
   437  
   438  	_, ri2 := th.SystemAdminClient.GetChannelsForScheme("", 0, 100)
   439  	CheckBadRequestStatus(t, ri2)
   440  
   441  	th.Client.Logout()
   442  	_, ri3 := th.Client.GetChannelsForScheme(model.NewId(), 0, 100)
   443  	CheckUnauthorizedStatus(t, ri3)
   444  
   445  	th.Client.Login(th.BasicUser.Username, th.BasicUser.Password)
   446  	_, ri4 := th.Client.GetChannelsForScheme(model.NewId(), 0, 100)
   447  	CheckForbiddenStatus(t, ri4)
   448  
   449  	scheme2 := &model.Scheme{
   450  		DisplayName: model.NewId(),
   451  		Name:        model.NewId(),
   452  		Description: model.NewId(),
   453  		Scope:       model.SCHEME_SCOPE_TEAM,
   454  	}
   455  	scheme2, rs2 := th.SystemAdminClient.CreateScheme(scheme2)
   456  	CheckNoError(t, rs2)
   457  
   458  	_, ri5 := th.SystemAdminClient.GetChannelsForScheme(scheme2.Id, 0, 100)
   459  	CheckBadRequestStatus(t, ri5)
   460  
   461  	th.App.SetPhase2PermissionsMigrationStatus(false)
   462  
   463  	_, ri6 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100)
   464  	CheckNotImplementedStatus(t, ri6)
   465  }
   466  
   467  func TestPatchScheme(t *testing.T) {
   468  	th := Setup().InitBasic()
   469  	defer th.TearDown()
   470  
   471  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   472  
   473  	th.App.SetPhase2PermissionsMigrationStatus(true)
   474  
   475  	// Basic test of creating a team scheme.
   476  	scheme1 := &model.Scheme{
   477  		DisplayName: model.NewId(),
   478  		Name:        model.NewId(),
   479  		Description: model.NewId(),
   480  		Scope:       model.SCHEME_SCOPE_TEAM,
   481  	}
   482  
   483  	s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   484  	CheckNoError(t, r1)
   485  
   486  	assert.Equal(t, s1.DisplayName, scheme1.DisplayName)
   487  	assert.Equal(t, s1.Name, scheme1.Name)
   488  	assert.Equal(t, s1.Description, scheme1.Description)
   489  	assert.NotZero(t, s1.CreateAt)
   490  	assert.Equal(t, s1.CreateAt, s1.UpdateAt)
   491  	assert.Zero(t, s1.DeleteAt)
   492  	assert.Equal(t, s1.Scope, scheme1.Scope)
   493  	assert.NotZero(t, len(s1.DefaultTeamAdminRole))
   494  	assert.NotZero(t, len(s1.DefaultTeamUserRole))
   495  	assert.NotZero(t, len(s1.DefaultChannelAdminRole))
   496  	assert.NotZero(t, len(s1.DefaultChannelUserRole))
   497  
   498  	s2, r2 := th.SystemAdminClient.GetScheme(s1.Id)
   499  	CheckNoError(t, r2)
   500  
   501  	assert.Equal(t, s1, s2)
   502  
   503  	// Test with a valid patch.
   504  	schemePatch := &model.SchemePatch{
   505  		DisplayName: new(string),
   506  		Name:        new(string),
   507  		Description: new(string),
   508  	}
   509  	*schemePatch.DisplayName = model.NewId()
   510  	*schemePatch.Name = model.NewId()
   511  	*schemePatch.Description = model.NewId()
   512  
   513  	s3, r3 := th.SystemAdminClient.PatchScheme(s2.Id, schemePatch)
   514  	CheckNoError(t, r3)
   515  	assert.Equal(t, s3.Id, s2.Id)
   516  	assert.Equal(t, s3.DisplayName, *schemePatch.DisplayName)
   517  	assert.Equal(t, s3.Name, *schemePatch.Name)
   518  	assert.Equal(t, s3.Description, *schemePatch.Description)
   519  
   520  	s4, r4 := th.SystemAdminClient.GetScheme(s3.Id)
   521  	CheckNoError(t, r4)
   522  	assert.Equal(t, s3, s4)
   523  
   524  	// Test with a partial patch.
   525  	*schemePatch.Name = model.NewId()
   526  	*schemePatch.DisplayName = model.NewId()
   527  	schemePatch.Description = nil
   528  
   529  	s5, r5 := th.SystemAdminClient.PatchScheme(s4.Id, schemePatch)
   530  	CheckNoError(t, r5)
   531  	assert.Equal(t, s5.Id, s4.Id)
   532  	assert.Equal(t, s5.DisplayName, *schemePatch.DisplayName)
   533  	assert.Equal(t, s5.Name, *schemePatch.Name)
   534  	assert.Equal(t, s5.Description, s4.Description)
   535  
   536  	s6, r6 := th.SystemAdminClient.GetScheme(s5.Id)
   537  	CheckNoError(t, r6)
   538  	assert.Equal(t, s5, s6)
   539  
   540  	// Test with invalid patch.
   541  	*schemePatch.Name = strings.Repeat(model.NewId(), 20)
   542  	_, r7 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch)
   543  	CheckBadRequestStatus(t, r7)
   544  
   545  	// Test with unknown ID.
   546  	*schemePatch.Name = model.NewId()
   547  	_, r8 := th.SystemAdminClient.PatchScheme(model.NewId(), schemePatch)
   548  	CheckNotFoundStatus(t, r8)
   549  
   550  	// Test with invalid ID.
   551  	_, r9 := th.SystemAdminClient.PatchScheme("12345", schemePatch)
   552  	CheckBadRequestStatus(t, r9)
   553  
   554  	// Test without required permissions.
   555  	_, r10 := th.Client.PatchScheme(s6.Id, schemePatch)
   556  	CheckForbiddenStatus(t, r10)
   557  
   558  	// Test without license.
   559  	th.App.SetLicense(nil)
   560  	_, r11 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch)
   561  	CheckNotImplementedStatus(t, r11)
   562  
   563  	th.App.SetPhase2PermissionsMigrationStatus(false)
   564  
   565  	th.LoginSystemAdmin()
   566  	th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   567  
   568  	_, r12 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch)
   569  	CheckNotImplementedStatus(t, r12)
   570  }
   571  
   572  func TestDeleteScheme(t *testing.T) {
   573  	th := Setup().InitBasic()
   574  	defer th.TearDown()
   575  
   576  	t.Run("ValidTeamScheme", func(t *testing.T) {
   577  		th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   578  
   579  		th.App.SetPhase2PermissionsMigrationStatus(true)
   580  
   581  		// Create a team scheme.
   582  		scheme1 := &model.Scheme{
   583  			DisplayName: model.NewId(),
   584  			Name:        model.NewId(),
   585  			Description: model.NewId(),
   586  			Scope:       model.SCHEME_SCOPE_TEAM,
   587  		}
   588  
   589  		s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   590  		CheckNoError(t, r1)
   591  
   592  		// Retrieve the roles and check they are not deleted.
   593  		role1, roleRes1 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole)
   594  		CheckNoError(t, roleRes1)
   595  		role2, roleRes2 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole)
   596  		CheckNoError(t, roleRes2)
   597  		role3, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
   598  		CheckNoError(t, roleRes3)
   599  		role4, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
   600  		CheckNoError(t, roleRes4)
   601  
   602  		assert.Zero(t, role1.DeleteAt)
   603  		assert.Zero(t, role2.DeleteAt)
   604  		assert.Zero(t, role3.DeleteAt)
   605  		assert.Zero(t, role4.DeleteAt)
   606  
   607  		// Make sure this scheme is in use by a team.
   608  		res := <-th.App.Srv.Store.Team().Save(&model.Team{
   609  			Name:        model.NewId(),
   610  			DisplayName: model.NewId(),
   611  			Email:       model.NewId() + "@nowhere.com",
   612  			Type:        model.TEAM_OPEN,
   613  			SchemeId:    &s1.Id,
   614  		})
   615  		assert.Nil(t, res.Err)
   616  		team := res.Data.(*model.Team)
   617  
   618  		// Delete the Scheme.
   619  		_, r3 := th.SystemAdminClient.DeleteScheme(s1.Id)
   620  		CheckNoError(t, r3)
   621  
   622  		// Check the roles were deleted.
   623  		role1, roleRes1 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole)
   624  		CheckNoError(t, roleRes1)
   625  		role2, roleRes2 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole)
   626  		CheckNoError(t, roleRes2)
   627  		role3, roleRes3 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
   628  		CheckNoError(t, roleRes3)
   629  		role4, roleRes4 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
   630  		CheckNoError(t, roleRes4)
   631  
   632  		assert.NotZero(t, role1.DeleteAt)
   633  		assert.NotZero(t, role2.DeleteAt)
   634  		assert.NotZero(t, role3.DeleteAt)
   635  		assert.NotZero(t, role4.DeleteAt)
   636  
   637  		// Check the team now uses the default scheme
   638  		c2, resp := th.SystemAdminClient.GetTeam(team.Id, "")
   639  		CheckNoError(t, resp)
   640  		assert.Equal(t, "", *c2.SchemeId)
   641  	})
   642  
   643  	t.Run("ValidChannelScheme", func(t *testing.T) {
   644  		th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   645  
   646  		th.App.SetPhase2PermissionsMigrationStatus(true)
   647  
   648  		// Create a channel scheme.
   649  		scheme1 := &model.Scheme{
   650  			DisplayName: model.NewId(),
   651  			Name:        model.NewId(),
   652  			Description: model.NewId(),
   653  			Scope:       model.SCHEME_SCOPE_CHANNEL,
   654  		}
   655  
   656  		s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   657  		CheckNoError(t, r1)
   658  
   659  		// Retrieve the roles and check they are not deleted.
   660  		role3, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
   661  		CheckNoError(t, roleRes3)
   662  		role4, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
   663  		CheckNoError(t, roleRes4)
   664  
   665  		assert.Zero(t, role3.DeleteAt)
   666  		assert.Zero(t, role4.DeleteAt)
   667  
   668  		// Make sure this scheme is in use by a team.
   669  		res := <-th.App.Srv.Store.Channel().Save(&model.Channel{
   670  			TeamId:      model.NewId(),
   671  			DisplayName: model.NewId(),
   672  			Name:        model.NewId(),
   673  			Type:        model.CHANNEL_OPEN,
   674  			SchemeId:    &s1.Id,
   675  		}, -1)
   676  		assert.Nil(t, res.Err)
   677  		channel := res.Data.(*model.Channel)
   678  
   679  		// Delete the Scheme.
   680  		_, r3 := th.SystemAdminClient.DeleteScheme(s1.Id)
   681  		CheckNoError(t, r3)
   682  
   683  		// Check the roles were deleted.
   684  		role3, roleRes3 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole)
   685  		CheckNoError(t, roleRes3)
   686  		role4, roleRes4 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole)
   687  		CheckNoError(t, roleRes4)
   688  
   689  		assert.NotZero(t, role3.DeleteAt)
   690  		assert.NotZero(t, role4.DeleteAt)
   691  
   692  		// Check the channel now uses the default scheme
   693  		c2, resp := th.SystemAdminClient.GetChannelByName(channel.Name, channel.TeamId, "")
   694  		CheckNoError(t, resp)
   695  		assert.Equal(t, "", *c2.SchemeId)
   696  	})
   697  
   698  	t.Run("FailureCases", func(t *testing.T) {
   699  		th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   700  
   701  		th.App.SetPhase2PermissionsMigrationStatus(true)
   702  
   703  		scheme1 := &model.Scheme{
   704  			DisplayName: model.NewId(),
   705  			Name:        model.NewId(),
   706  			Description: model.NewId(),
   707  			Scope:       model.SCHEME_SCOPE_CHANNEL,
   708  		}
   709  
   710  		s1, r1 := th.SystemAdminClient.CreateScheme(scheme1)
   711  		CheckNoError(t, r1)
   712  
   713  		// Test with unknown ID.
   714  		_, r2 := th.SystemAdminClient.DeleteScheme(model.NewId())
   715  		CheckNotFoundStatus(t, r2)
   716  
   717  		// Test with invalid ID.
   718  		_, r3 := th.SystemAdminClient.DeleteScheme("12345")
   719  		CheckBadRequestStatus(t, r3)
   720  
   721  		// Test without required permissions.
   722  		_, r4 := th.Client.DeleteScheme(s1.Id)
   723  		CheckForbiddenStatus(t, r4)
   724  
   725  		// Test without license.
   726  		th.App.SetLicense(nil)
   727  		_, r5 := th.SystemAdminClient.DeleteScheme(s1.Id)
   728  		CheckNotImplementedStatus(t, r5)
   729  
   730  		th.App.SetPhase2PermissionsMigrationStatus(false)
   731  
   732  		th.App.SetLicense(model.NewTestLicense("custom_permissions_schemes"))
   733  
   734  		_, r6 := th.SystemAdminClient.DeleteScheme(s1.Id)
   735  		CheckNotImplementedStatus(t, r6)
   736  	})
   737  }