github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/scheme_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "context" 8 "strings" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 14 "github.com/masterhung0112/hk_server/v5/model" 15 ) 16 17 func TestCreateScheme(t *testing.T) { 18 th := Setup(t) 19 defer th.TearDown() 20 21 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 22 23 th.App.SetPhase2PermissionsMigrationStatus(true) 24 25 // Basic test of creating a team scheme. 26 scheme1 := &model.Scheme{ 27 DisplayName: model.NewId(), 28 Name: model.NewId(), 29 Description: model.NewId(), 30 Scope: model.SCHEME_SCOPE_TEAM, 31 } 32 33 s1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 34 CheckNoError(t, r1) 35 36 assert.Equal(t, s1.DisplayName, scheme1.DisplayName) 37 assert.Equal(t, s1.Name, scheme1.Name) 38 assert.Equal(t, s1.Description, scheme1.Description) 39 assert.NotZero(t, s1.CreateAt) 40 assert.Equal(t, s1.CreateAt, s1.UpdateAt) 41 assert.Zero(t, s1.DeleteAt) 42 assert.Equal(t, s1.Scope, scheme1.Scope) 43 assert.NotZero(t, len(s1.DefaultTeamAdminRole)) 44 assert.NotZero(t, len(s1.DefaultTeamUserRole)) 45 assert.NotZero(t, len(s1.DefaultTeamGuestRole)) 46 assert.NotZero(t, len(s1.DefaultChannelAdminRole)) 47 assert.NotZero(t, len(s1.DefaultChannelUserRole)) 48 assert.NotZero(t, len(s1.DefaultChannelGuestRole)) 49 50 // Check the default roles have been created. 51 _, roleRes1 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole) 52 CheckNoError(t, roleRes1) 53 _, roleRes2 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole) 54 CheckNoError(t, roleRes2) 55 _, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 56 CheckNoError(t, roleRes3) 57 _, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 58 CheckNoError(t, roleRes4) 59 _, roleRes5 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 60 CheckNoError(t, roleRes5) 61 _, roleRes6 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 62 CheckNoError(t, roleRes6) 63 64 // Basic Test of a Channel scheme. 65 scheme2 := &model.Scheme{ 66 DisplayName: model.NewId(), 67 Name: model.NewId(), 68 Description: model.NewId(), 69 Scope: model.SCHEME_SCOPE_CHANNEL, 70 } 71 72 s2, r2 := th.SystemAdminClient.CreateScheme(scheme2) 73 CheckNoError(t, r2) 74 75 assert.Equal(t, s2.DisplayName, scheme2.DisplayName) 76 assert.Equal(t, s2.Name, scheme2.Name) 77 assert.Equal(t, s2.Description, scheme2.Description) 78 assert.NotZero(t, s2.CreateAt) 79 assert.Equal(t, s2.CreateAt, s2.UpdateAt) 80 assert.Zero(t, s2.DeleteAt) 81 assert.Equal(t, s2.Scope, scheme2.Scope) 82 assert.Zero(t, len(s2.DefaultTeamAdminRole)) 83 assert.Zero(t, len(s2.DefaultTeamUserRole)) 84 assert.Zero(t, len(s2.DefaultTeamGuestRole)) 85 assert.NotZero(t, len(s2.DefaultChannelAdminRole)) 86 assert.NotZero(t, len(s2.DefaultChannelUserRole)) 87 assert.NotZero(t, len(s2.DefaultChannelGuestRole)) 88 89 // Check the default roles have been created. 90 _, roleRes7 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelAdminRole) 91 CheckNoError(t, roleRes7) 92 _, roleRes8 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelUserRole) 93 CheckNoError(t, roleRes8) 94 _, roleRes9 := th.SystemAdminClient.GetRoleByName(s2.DefaultChannelGuestRole) 95 CheckNoError(t, roleRes9) 96 97 // Try and create a scheme with an invalid scope. 98 scheme3 := &model.Scheme{ 99 DisplayName: model.NewId(), 100 Name: model.NewId(), 101 Description: model.NewId(), 102 Scope: model.NewId(), 103 } 104 105 _, r3 := th.SystemAdminClient.CreateScheme(scheme3) 106 CheckBadRequestStatus(t, r3) 107 108 // Try and create a scheme with an invalid display name. 109 scheme4 := &model.Scheme{ 110 DisplayName: strings.Repeat(model.NewId(), 100), 111 Name: "Name", 112 Description: model.NewId(), 113 Scope: model.NewId(), 114 } 115 _, r4 := th.SystemAdminClient.CreateScheme(scheme4) 116 CheckBadRequestStatus(t, r4) 117 118 // Try and create a scheme with an invalid name. 119 scheme8 := &model.Scheme{ 120 DisplayName: "DisplayName", 121 Name: strings.Repeat(model.NewId(), 100), 122 Description: model.NewId(), 123 Scope: model.NewId(), 124 } 125 _, r8 := th.SystemAdminClient.CreateScheme(scheme8) 126 CheckBadRequestStatus(t, r8) 127 128 // Try and create a scheme without the appropriate permissions. 129 scheme5 := &model.Scheme{ 130 DisplayName: model.NewId(), 131 Name: model.NewId(), 132 Description: model.NewId(), 133 Scope: model.SCHEME_SCOPE_TEAM, 134 } 135 _, r5 := th.Client.CreateScheme(scheme5) 136 CheckForbiddenStatus(t, r5) 137 138 // Try and create a scheme without a license. 139 th.App.Srv().SetLicense(nil) 140 scheme6 := &model.Scheme{ 141 DisplayName: model.NewId(), 142 Name: model.NewId(), 143 Description: model.NewId(), 144 Scope: model.SCHEME_SCOPE_TEAM, 145 } 146 _, r6 := th.SystemAdminClient.CreateScheme(scheme6) 147 CheckNotImplementedStatus(t, r6) 148 149 th.App.SetPhase2PermissionsMigrationStatus(false) 150 151 th.LoginSystemAdmin() 152 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 153 154 scheme7 := &model.Scheme{ 155 DisplayName: model.NewId(), 156 Name: model.NewId(), 157 Description: model.NewId(), 158 Scope: model.SCHEME_SCOPE_TEAM, 159 } 160 _, r7 := th.SystemAdminClient.CreateScheme(scheme7) 161 CheckNotImplementedStatus(t, r7) 162 } 163 164 func TestGetScheme(t *testing.T) { 165 th := Setup(t).InitBasic() 166 defer th.TearDown() 167 168 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 169 170 // Basic test of creating a team scheme. 171 scheme1 := &model.Scheme{ 172 DisplayName: model.NewId(), 173 Name: model.NewId(), 174 Description: model.NewId(), 175 Scope: model.SCHEME_SCOPE_TEAM, 176 } 177 178 th.App.SetPhase2PermissionsMigrationStatus(true) 179 180 s1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 181 CheckNoError(t, r1) 182 183 assert.Equal(t, s1.DisplayName, scheme1.DisplayName) 184 assert.Equal(t, s1.Name, scheme1.Name) 185 assert.Equal(t, s1.Description, scheme1.Description) 186 assert.NotZero(t, s1.CreateAt) 187 assert.Equal(t, s1.CreateAt, s1.UpdateAt) 188 assert.Zero(t, s1.DeleteAt) 189 assert.Equal(t, s1.Scope, scheme1.Scope) 190 assert.NotZero(t, len(s1.DefaultTeamAdminRole)) 191 assert.NotZero(t, len(s1.DefaultTeamUserRole)) 192 assert.NotZero(t, len(s1.DefaultTeamGuestRole)) 193 assert.NotZero(t, len(s1.DefaultChannelAdminRole)) 194 assert.NotZero(t, len(s1.DefaultChannelUserRole)) 195 assert.NotZero(t, len(s1.DefaultChannelGuestRole)) 196 197 s2, r2 := th.SystemAdminClient.GetScheme(s1.Id) 198 CheckNoError(t, r2) 199 200 assert.Equal(t, s1, s2) 201 202 _, r3 := th.SystemAdminClient.GetScheme(model.NewId()) 203 CheckNotFoundStatus(t, r3) 204 205 _, r4 := th.SystemAdminClient.GetScheme("12345") 206 CheckBadRequestStatus(t, r4) 207 208 th.SystemAdminClient.Logout() 209 _, r5 := th.SystemAdminClient.GetScheme(s1.Id) 210 CheckUnauthorizedStatus(t, r5) 211 212 th.SystemAdminClient.Login(th.SystemAdminUser.Username, th.SystemAdminUser.Password) 213 th.App.Srv().SetLicense(nil) 214 _, r6 := th.SystemAdminClient.GetScheme(s1.Id) 215 CheckNoError(t, r6) 216 217 _, r7 := th.Client.GetScheme(s1.Id) 218 CheckForbiddenStatus(t, r7) 219 220 th.App.SetPhase2PermissionsMigrationStatus(false) 221 222 _, r8 := th.SystemAdminClient.GetScheme(s1.Id) 223 CheckNotImplementedStatus(t, r8) 224 } 225 226 func TestGetSchemes(t *testing.T) { 227 th := Setup(t).InitBasic() 228 defer th.TearDown() 229 230 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 231 232 scheme1 := &model.Scheme{ 233 DisplayName: model.NewId(), 234 Name: model.NewId(), 235 Description: model.NewId(), 236 Scope: model.SCHEME_SCOPE_TEAM, 237 } 238 239 scheme2 := &model.Scheme{ 240 DisplayName: model.NewId(), 241 Name: model.NewId(), 242 Description: model.NewId(), 243 Scope: model.SCHEME_SCOPE_CHANNEL, 244 } 245 246 th.App.SetPhase2PermissionsMigrationStatus(true) 247 248 _, r1 := th.SystemAdminClient.CreateScheme(scheme1) 249 CheckNoError(t, r1) 250 _, r2 := th.SystemAdminClient.CreateScheme(scheme2) 251 CheckNoError(t, r2) 252 253 l3, r3 := th.SystemAdminClient.GetSchemes("", 0, 100) 254 CheckNoError(t, r3) 255 256 assert.NotZero(t, len(l3)) 257 258 l4, r4 := th.SystemAdminClient.GetSchemes("team", 0, 100) 259 CheckNoError(t, r4) 260 261 for _, s := range l4 { 262 assert.Equal(t, "team", s.Scope) 263 } 264 265 l5, r5 := th.SystemAdminClient.GetSchemes("channel", 0, 100) 266 CheckNoError(t, r5) 267 268 for _, s := range l5 { 269 assert.Equal(t, "channel", s.Scope) 270 } 271 272 _, r6 := th.SystemAdminClient.GetSchemes("asdf", 0, 100) 273 CheckBadRequestStatus(t, r6) 274 275 th.Client.Logout() 276 _, r7 := th.Client.GetSchemes("", 0, 100) 277 CheckUnauthorizedStatus(t, r7) 278 279 th.Client.Login(th.BasicUser.Username, th.BasicUser.Password) 280 _, r8 := th.Client.GetSchemes("", 0, 100) 281 CheckForbiddenStatus(t, r8) 282 283 th.App.SetPhase2PermissionsMigrationStatus(false) 284 285 _, r9 := th.SystemAdminClient.GetSchemes("", 0, 100) 286 CheckNotImplementedStatus(t, r9) 287 } 288 289 func TestGetTeamsForScheme(t *testing.T) { 290 th := Setup(t).InitBasic() 291 defer th.TearDown() 292 293 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 294 295 th.App.SetPhase2PermissionsMigrationStatus(true) 296 297 scheme1 := &model.Scheme{ 298 DisplayName: model.NewId(), 299 Name: model.NewId(), 300 Description: model.NewId(), 301 Scope: model.SCHEME_SCOPE_TEAM, 302 } 303 scheme1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 304 CheckNoError(t, r1) 305 306 team1 := &model.Team{ 307 Name: GenerateTestUsername(), 308 DisplayName: "A Test Team", 309 Type: model.TEAM_OPEN, 310 } 311 312 team1, err := th.App.Srv().Store.Team().Save(team1) 313 require.NoError(t, err) 314 315 l2, r2 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 316 CheckNoError(t, r2) 317 assert.Zero(t, len(l2)) 318 319 team1.SchemeId = &scheme1.Id 320 team1, err = th.App.Srv().Store.Team().Update(team1) 321 assert.NoError(t, err) 322 323 l3, r3 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 324 CheckNoError(t, r3) 325 assert.Len(t, l3, 1) 326 assert.Equal(t, team1.Id, l3[0].Id) 327 328 team2 := &model.Team{ 329 Name: GenerateTestUsername(), 330 DisplayName: "B Test Team", 331 Type: model.TEAM_OPEN, 332 SchemeId: &scheme1.Id, 333 } 334 team2, err = th.App.Srv().Store.Team().Save(team2) 335 require.NoError(t, err) 336 337 l4, r4 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 338 CheckNoError(t, r4) 339 assert.Len(t, l4, 2) 340 assert.Equal(t, team1.Id, l4[0].Id) 341 assert.Equal(t, team2.Id, l4[1].Id) 342 343 l5, r5 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 1, 1) 344 CheckNoError(t, r5) 345 assert.Len(t, l5, 1) 346 assert.Equal(t, team2.Id, l5[0].Id) 347 348 // Check various error cases. 349 _, ri1 := th.SystemAdminClient.GetTeamsForScheme(model.NewId(), 0, 100) 350 CheckNotFoundStatus(t, ri1) 351 352 _, ri2 := th.SystemAdminClient.GetTeamsForScheme("", 0, 100) 353 CheckBadRequestStatus(t, ri2) 354 355 th.Client.Logout() 356 _, ri3 := th.Client.GetTeamsForScheme(model.NewId(), 0, 100) 357 CheckUnauthorizedStatus(t, ri3) 358 359 th.Client.Login(th.BasicUser.Username, th.BasicUser.Password) 360 _, ri4 := th.Client.GetTeamsForScheme(model.NewId(), 0, 100) 361 CheckForbiddenStatus(t, ri4) 362 363 scheme2 := &model.Scheme{ 364 DisplayName: model.NewId(), 365 Name: model.NewId(), 366 Description: model.NewId(), 367 Scope: model.SCHEME_SCOPE_CHANNEL, 368 } 369 scheme2, rs2 := th.SystemAdminClient.CreateScheme(scheme2) 370 CheckNoError(t, rs2) 371 372 _, ri5 := th.SystemAdminClient.GetTeamsForScheme(scheme2.Id, 0, 100) 373 CheckBadRequestStatus(t, ri5) 374 375 th.App.SetPhase2PermissionsMigrationStatus(false) 376 377 _, ri6 := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 378 CheckNotImplementedStatus(t, ri6) 379 } 380 381 func TestGetChannelsForScheme(t *testing.T) { 382 th := Setup(t).InitBasic() 383 defer th.TearDown() 384 385 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 386 387 th.App.SetPhase2PermissionsMigrationStatus(true) 388 389 scheme1 := &model.Scheme{ 390 DisplayName: model.NewId(), 391 Name: model.NewId(), 392 Description: model.NewId(), 393 Scope: model.SCHEME_SCOPE_CHANNEL, 394 } 395 scheme1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 396 CheckNoError(t, r1) 397 398 channel1 := &model.Channel{ 399 TeamId: model.NewId(), 400 DisplayName: "A Name", 401 Name: model.NewId(), 402 Type: model.CHANNEL_OPEN, 403 } 404 405 channel1, errCh := th.App.Srv().Store.Channel().Save(channel1, 1000000) 406 assert.NoError(t, errCh) 407 408 l2, r2 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 409 CheckNoError(t, r2) 410 assert.Zero(t, len(l2)) 411 412 channel1.SchemeId = &scheme1.Id 413 channel1, err := th.App.Srv().Store.Channel().Update(channel1) 414 assert.NoError(t, err) 415 416 l3, r3 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 417 CheckNoError(t, r3) 418 assert.Len(t, l3, 1) 419 assert.Equal(t, channel1.Id, l3[0].Id) 420 421 channel2 := &model.Channel{ 422 TeamId: model.NewId(), 423 DisplayName: "B Name", 424 Name: model.NewId(), 425 Type: model.CHANNEL_OPEN, 426 SchemeId: &scheme1.Id, 427 } 428 channel2, nErr := th.App.Srv().Store.Channel().Save(channel2, 1000000) 429 assert.NoError(t, nErr) 430 431 l4, r4 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 432 CheckNoError(t, r4) 433 assert.Len(t, l4, 2) 434 assert.Equal(t, channel1.Id, l4[0].Id) 435 assert.Equal(t, channel2.Id, l4[1].Id) 436 437 l5, r5 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 1, 1) 438 CheckNoError(t, r5) 439 assert.Len(t, l5, 1) 440 assert.Equal(t, channel2.Id, l5[0].Id) 441 442 // Check various error cases. 443 _, ri1 := th.SystemAdminClient.GetChannelsForScheme(model.NewId(), 0, 100) 444 CheckNotFoundStatus(t, ri1) 445 446 _, ri2 := th.SystemAdminClient.GetChannelsForScheme("", 0, 100) 447 CheckBadRequestStatus(t, ri2) 448 449 th.Client.Logout() 450 _, ri3 := th.Client.GetChannelsForScheme(model.NewId(), 0, 100) 451 CheckUnauthorizedStatus(t, ri3) 452 453 th.Client.Login(th.BasicUser.Username, th.BasicUser.Password) 454 _, ri4 := th.Client.GetChannelsForScheme(model.NewId(), 0, 100) 455 CheckForbiddenStatus(t, ri4) 456 457 scheme2 := &model.Scheme{ 458 DisplayName: model.NewId(), 459 Name: model.NewId(), 460 Description: model.NewId(), 461 Scope: model.SCHEME_SCOPE_TEAM, 462 } 463 scheme2, rs2 := th.SystemAdminClient.CreateScheme(scheme2) 464 CheckNoError(t, rs2) 465 466 _, ri5 := th.SystemAdminClient.GetChannelsForScheme(scheme2.Id, 0, 100) 467 CheckBadRequestStatus(t, ri5) 468 469 th.App.SetPhase2PermissionsMigrationStatus(false) 470 471 _, ri6 := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 472 CheckNotImplementedStatus(t, ri6) 473 } 474 475 func TestPatchScheme(t *testing.T) { 476 th := Setup(t) 477 defer th.TearDown() 478 479 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 480 481 th.App.SetPhase2PermissionsMigrationStatus(true) 482 483 // Basic test of creating a team scheme. 484 scheme1 := &model.Scheme{ 485 DisplayName: model.NewId(), 486 Name: model.NewId(), 487 Description: model.NewId(), 488 Scope: model.SCHEME_SCOPE_TEAM, 489 } 490 491 s1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 492 CheckNoError(t, r1) 493 494 assert.Equal(t, s1.DisplayName, scheme1.DisplayName) 495 assert.Equal(t, s1.Name, scheme1.Name) 496 assert.Equal(t, s1.Description, scheme1.Description) 497 assert.NotZero(t, s1.CreateAt) 498 assert.Equal(t, s1.CreateAt, s1.UpdateAt) 499 assert.Zero(t, s1.DeleteAt) 500 assert.Equal(t, s1.Scope, scheme1.Scope) 501 assert.NotZero(t, len(s1.DefaultTeamAdminRole)) 502 assert.NotZero(t, len(s1.DefaultTeamUserRole)) 503 assert.NotZero(t, len(s1.DefaultTeamGuestRole)) 504 assert.NotZero(t, len(s1.DefaultChannelAdminRole)) 505 assert.NotZero(t, len(s1.DefaultChannelUserRole)) 506 assert.NotZero(t, len(s1.DefaultChannelGuestRole)) 507 508 s2, r2 := th.SystemAdminClient.GetScheme(s1.Id) 509 CheckNoError(t, r2) 510 511 assert.Equal(t, s1, s2) 512 513 // Test with a valid patch. 514 schemePatch := &model.SchemePatch{ 515 DisplayName: new(string), 516 Name: new(string), 517 Description: new(string), 518 } 519 *schemePatch.DisplayName = model.NewId() 520 *schemePatch.Name = model.NewId() 521 *schemePatch.Description = model.NewId() 522 523 s3, r3 := th.SystemAdminClient.PatchScheme(s2.Id, schemePatch) 524 CheckNoError(t, r3) 525 assert.Equal(t, s3.Id, s2.Id) 526 assert.Equal(t, s3.DisplayName, *schemePatch.DisplayName) 527 assert.Equal(t, s3.Name, *schemePatch.Name) 528 assert.Equal(t, s3.Description, *schemePatch.Description) 529 530 s4, r4 := th.SystemAdminClient.GetScheme(s3.Id) 531 CheckNoError(t, r4) 532 assert.Equal(t, s3, s4) 533 534 // Test with a partial patch. 535 *schemePatch.Name = model.NewId() 536 *schemePatch.DisplayName = model.NewId() 537 schemePatch.Description = nil 538 539 s5, r5 := th.SystemAdminClient.PatchScheme(s4.Id, schemePatch) 540 CheckNoError(t, r5) 541 assert.Equal(t, s5.Id, s4.Id) 542 assert.Equal(t, s5.DisplayName, *schemePatch.DisplayName) 543 assert.Equal(t, s5.Name, *schemePatch.Name) 544 assert.Equal(t, s5.Description, s4.Description) 545 546 s6, r6 := th.SystemAdminClient.GetScheme(s5.Id) 547 CheckNoError(t, r6) 548 assert.Equal(t, s5, s6) 549 550 // Test with invalid patch. 551 *schemePatch.Name = strings.Repeat(model.NewId(), 20) 552 _, r7 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch) 553 CheckBadRequestStatus(t, r7) 554 555 // Test with unknown ID. 556 *schemePatch.Name = model.NewId() 557 _, r8 := th.SystemAdminClient.PatchScheme(model.NewId(), schemePatch) 558 CheckNotFoundStatus(t, r8) 559 560 // Test with invalid ID. 561 _, r9 := th.SystemAdminClient.PatchScheme("12345", schemePatch) 562 CheckBadRequestStatus(t, r9) 563 564 // Test without required permissions. 565 _, r10 := th.Client.PatchScheme(s6.Id, schemePatch) 566 CheckForbiddenStatus(t, r10) 567 568 // Test without license. 569 th.App.Srv().SetLicense(nil) 570 _, r11 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch) 571 CheckNotImplementedStatus(t, r11) 572 573 th.App.SetPhase2PermissionsMigrationStatus(false) 574 575 th.LoginSystemAdmin() 576 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 577 578 _, r12 := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch) 579 CheckNotImplementedStatus(t, r12) 580 } 581 582 func TestDeleteScheme(t *testing.T) { 583 th := Setup(t) 584 defer th.TearDown() 585 586 t.Run("ValidTeamScheme", func(t *testing.T) { 587 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 588 589 th.App.SetPhase2PermissionsMigrationStatus(true) 590 591 // Create a team scheme. 592 scheme1 := &model.Scheme{ 593 DisplayName: model.NewId(), 594 Name: model.NewId(), 595 Description: model.NewId(), 596 Scope: model.SCHEME_SCOPE_TEAM, 597 } 598 599 s1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 600 CheckNoError(t, r1) 601 602 // Retrieve the roles and check they are not deleted. 603 role1, roleRes1 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole) 604 CheckNoError(t, roleRes1) 605 role2, roleRes2 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole) 606 CheckNoError(t, roleRes2) 607 role3, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 608 CheckNoError(t, roleRes3) 609 role4, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 610 CheckNoError(t, roleRes4) 611 role5, roleRes5 := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 612 CheckNoError(t, roleRes5) 613 role6, roleRes6 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 614 CheckNoError(t, roleRes6) 615 616 assert.Zero(t, role1.DeleteAt) 617 assert.Zero(t, role2.DeleteAt) 618 assert.Zero(t, role3.DeleteAt) 619 assert.Zero(t, role4.DeleteAt) 620 assert.Zero(t, role5.DeleteAt) 621 assert.Zero(t, role6.DeleteAt) 622 623 // Make sure this scheme is in use by a team. 624 team, err := th.App.Srv().Store.Team().Save(&model.Team{ 625 Name: "zz" + model.NewId(), 626 DisplayName: model.NewId(), 627 Email: model.NewId() + "@nowhere.com", 628 Type: model.TEAM_OPEN, 629 SchemeId: &s1.Id, 630 }) 631 require.NoError(t, err) 632 633 // Delete the Scheme. 634 _, r3 := th.SystemAdminClient.DeleteScheme(s1.Id) 635 CheckNoError(t, r3) 636 637 // Check the roles were deleted. 638 role1, roleRes1 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole) 639 CheckNoError(t, roleRes1) 640 role2, roleRes2 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole) 641 CheckNoError(t, roleRes2) 642 role3, roleRes3 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 643 CheckNoError(t, roleRes3) 644 role4, roleRes4 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 645 CheckNoError(t, roleRes4) 646 role5, roleRes5 = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 647 CheckNoError(t, roleRes5) 648 role6, roleRes6 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 649 CheckNoError(t, roleRes6) 650 651 assert.NotZero(t, role1.DeleteAt) 652 assert.NotZero(t, role2.DeleteAt) 653 assert.NotZero(t, role3.DeleteAt) 654 assert.NotZero(t, role4.DeleteAt) 655 assert.NotZero(t, role5.DeleteAt) 656 assert.NotZero(t, role6.DeleteAt) 657 658 // Check the team now uses the default scheme 659 c2, resp := th.SystemAdminClient.GetTeam(team.Id, "") 660 CheckNoError(t, resp) 661 assert.Equal(t, "", *c2.SchemeId) 662 }) 663 664 t.Run("ValidChannelScheme", func(t *testing.T) { 665 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 666 667 th.App.SetPhase2PermissionsMigrationStatus(true) 668 669 // Create a channel scheme. 670 scheme1 := &model.Scheme{ 671 DisplayName: model.NewId(), 672 Name: model.NewId(), 673 Description: model.NewId(), 674 Scope: model.SCHEME_SCOPE_CHANNEL, 675 } 676 677 s1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 678 CheckNoError(t, r1) 679 680 // Retrieve the roles and check they are not deleted. 681 role3, roleRes3 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 682 CheckNoError(t, roleRes3) 683 role4, roleRes4 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 684 CheckNoError(t, roleRes4) 685 role6, roleRes6 := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 686 CheckNoError(t, roleRes6) 687 688 assert.Zero(t, role3.DeleteAt) 689 assert.Zero(t, role4.DeleteAt) 690 assert.Zero(t, role6.DeleteAt) 691 692 // Make sure this scheme is in use by a team. 693 channel, err := th.App.Srv().Store.Channel().Save(&model.Channel{ 694 TeamId: model.NewId(), 695 DisplayName: model.NewId(), 696 Name: model.NewId(), 697 Type: model.CHANNEL_OPEN, 698 SchemeId: &s1.Id, 699 }, -1) 700 assert.NoError(t, err) 701 702 // Delete the Scheme. 703 _, r3 := th.SystemAdminClient.DeleteScheme(s1.Id) 704 CheckNoError(t, r3) 705 706 // Check the roles were deleted. 707 role3, roleRes3 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 708 CheckNoError(t, roleRes3) 709 role4, roleRes4 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 710 CheckNoError(t, roleRes4) 711 role6, roleRes6 = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 712 CheckNoError(t, roleRes6) 713 714 assert.NotZero(t, role3.DeleteAt) 715 assert.NotZero(t, role4.DeleteAt) 716 assert.NotZero(t, role6.DeleteAt) 717 718 // Check the channel now uses the default scheme 719 c2, resp := th.SystemAdminClient.GetChannelByName(channel.Name, channel.TeamId, "") 720 CheckNoError(t, resp) 721 assert.Equal(t, "", *c2.SchemeId) 722 }) 723 724 t.Run("FailureCases", func(t *testing.T) { 725 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 726 727 th.App.SetPhase2PermissionsMigrationStatus(true) 728 729 scheme1 := &model.Scheme{ 730 DisplayName: model.NewId(), 731 Name: model.NewId(), 732 Description: model.NewId(), 733 Scope: model.SCHEME_SCOPE_CHANNEL, 734 } 735 736 s1, r1 := th.SystemAdminClient.CreateScheme(scheme1) 737 CheckNoError(t, r1) 738 739 // Test with unknown ID. 740 _, r2 := th.SystemAdminClient.DeleteScheme(model.NewId()) 741 CheckNotFoundStatus(t, r2) 742 743 // Test with invalid ID. 744 _, r3 := th.SystemAdminClient.DeleteScheme("12345") 745 CheckBadRequestStatus(t, r3) 746 747 // Test without required permissions. 748 _, r4 := th.Client.DeleteScheme(s1.Id) 749 CheckForbiddenStatus(t, r4) 750 751 // Test without license. 752 th.App.Srv().SetLicense(nil) 753 _, r5 := th.SystemAdminClient.DeleteScheme(s1.Id) 754 CheckNotImplementedStatus(t, r5) 755 756 th.App.SetPhase2PermissionsMigrationStatus(false) 757 758 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 759 760 _, r6 := th.SystemAdminClient.DeleteScheme(s1.Id) 761 CheckNotImplementedStatus(t, r6) 762 }) 763 } 764 765 func TestUpdateTeamSchemeWithTeamMembers(t *testing.T) { 766 th := Setup(t).InitBasic() 767 defer th.TearDown() 768 769 t.Run("Correctly invalidates team member cache", func(t *testing.T) { 770 th.App.SetPhase2PermissionsMigrationStatus(true) 771 772 team := th.CreateTeam() 773 _, _, err := th.App.AddUserToTeam(th.Context, team.Id, th.BasicUser.Id, th.SystemAdminUser.Id) 774 require.Nil(t, err) 775 776 teamScheme := th.SetupTeamScheme() 777 778 teamUserRole, err := th.App.GetRoleByName(context.Background(), teamScheme.DefaultTeamUserRole) 779 require.Nil(t, err) 780 teamUserRole.Permissions = []string{} 781 _, err = th.App.UpdateRole(teamUserRole) 782 require.Nil(t, err) 783 784 th.LoginBasic() 785 786 _, resp := th.Client.CreateChannel(&model.Channel{DisplayName: "Test API Name", Name: GenerateTestChannelName(), Type: model.CHANNEL_OPEN, TeamId: team.Id}) 787 require.Nil(t, resp.Error) 788 789 team.SchemeId = &teamScheme.Id 790 team, err = th.App.UpdateTeamScheme(team) 791 require.Nil(t, err) 792 793 _, resp = th.Client.CreateChannel(&model.Channel{DisplayName: "Test API Name", Name: GenerateTestChannelName(), Type: model.CHANNEL_OPEN, TeamId: team.Id}) 794 require.NotNil(t, resp.Error) 795 }) 796 }