github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/user_viewmembers_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "testing" 8 9 "github.com/stretchr/testify/require" 10 11 "github.com/masterhung0112/hk_server/v5/model" 12 ) 13 14 func TestApiResctrictedViewMembers(t *testing.T) { 15 th := Setup(t) 16 defer th.TearDown() 17 18 // Create first account for system admin 19 _, err := th.App.CreateUser(th.Context, &model.User{Email: th.GenerateTestEmail(), Nickname: "test user0", Password: "test-password-0", Username: "test-user-0", Roles: model.SYSTEM_USER_ROLE_ID}) 20 require.Nil(t, err) 21 22 user1, err := th.App.CreateUser(th.Context, &model.User{Email: th.GenerateTestEmail(), Nickname: "test user1", Password: "test-password-1", Username: "test-user-1", Roles: model.SYSTEM_USER_ROLE_ID}) 23 require.Nil(t, err) 24 user2, err := th.App.CreateUser(th.Context, &model.User{Email: th.GenerateTestEmail(), Nickname: "test user2", Password: "test-password-2", Username: "test-user-2", Roles: model.SYSTEM_USER_ROLE_ID}) 25 require.Nil(t, err) 26 user3, err := th.App.CreateUser(th.Context, &model.User{Email: th.GenerateTestEmail(), Nickname: "test user3", Password: "test-password-3", Username: "test-user-3", Roles: model.SYSTEM_USER_ROLE_ID}) 27 require.Nil(t, err) 28 user4, err := th.App.CreateUser(th.Context, &model.User{Email: th.GenerateTestEmail(), Nickname: "test user4", Password: "test-password-4", Username: "test-user-4", Roles: model.SYSTEM_USER_ROLE_ID}) 29 require.Nil(t, err) 30 user5, err := th.App.CreateUser(th.Context, &model.User{Email: th.GenerateTestEmail(), Nickname: "test user5", Password: "test-password-5", Username: "test-user-5", Roles: model.SYSTEM_USER_ROLE_ID}) 31 require.Nil(t, err) 32 33 team1, err := th.App.CreateTeam(th.Context, &model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}) 34 require.Nil(t, err) 35 team2, err := th.App.CreateTeam(th.Context, &model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}) 36 require.Nil(t, err) 37 38 channel1, err := th.App.CreateChannel(th.Context, &model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false) 39 require.Nil(t, err) 40 channel2, err := th.App.CreateChannel(th.Context, &model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false) 41 require.Nil(t, err) 42 channel3, err := th.App.CreateChannel(th.Context, &model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team2.Id, CreatorId: model.NewId()}, false) 43 require.Nil(t, err) 44 45 th.LinkUserToTeam(user1, team1) 46 th.LinkUserToTeam(user2, team1) 47 th.LinkUserToTeam(user3, team2) 48 th.LinkUserToTeam(user4, team1) 49 th.LinkUserToTeam(user4, team2) 50 51 th.AddUserToChannel(user1, channel1) 52 th.AddUserToChannel(user2, channel2) 53 th.AddUserToChannel(user3, channel3) 54 th.AddUserToChannel(user4, channel1) 55 th.AddUserToChannel(user4, channel3) 56 57 th.App.SetStatusOnline(user1.Id, true) 58 th.App.SetStatusOnline(user2.Id, true) 59 th.App.SetStatusOnline(user3.Id, true) 60 th.App.SetStatusOnline(user4.Id, true) 61 th.App.SetStatusOnline(user5.Id, true) 62 63 _, resp := th.Client.Login(user1.Username, "test-password-1") 64 CheckNoError(t, resp) 65 66 t.Run("getUser", func(t *testing.T) { 67 testCases := []struct { 68 Name string 69 RestrictedTo string 70 UserId string 71 ExpectedError string 72 }{ 73 { 74 "Get visible user without restrictions", 75 "", 76 user5.Id, 77 "", 78 }, 79 { 80 "Get not existing user without restrictions", 81 "", 82 model.NewId(), 83 "app.user.missing_account.const", 84 }, 85 { 86 "Get not existing user with restrictions to teams", 87 "teams", 88 model.NewId(), 89 "api.context.permissions.app_error", 90 }, 91 { 92 "Get visible user with restrictions to teams", 93 "teams", 94 user2.Id, 95 "", 96 }, 97 { 98 "Get not visible user with restrictions to teams", 99 "teams", 100 user5.Id, 101 "api.context.permissions.app_error", 102 }, 103 { 104 "Get not existing user with restrictions to channels", 105 "channels", 106 model.NewId(), 107 "api.context.permissions.app_error", 108 }, 109 { 110 "Get visible user with restrictions to channels", 111 "channels", 112 user4.Id, 113 "", 114 }, 115 { 116 "Get not visible user with restrictions to channels", 117 "channels", 118 user3.Id, 119 "api.context.permissions.app_error", 120 }, 121 } 122 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 123 124 for _, tc := range testCases { 125 t.Run(tc.Name, func(t *testing.T) { 126 if tc.RestrictedTo == "channels" { 127 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 128 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 129 } else if tc.RestrictedTo == "teams" { 130 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 131 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 132 } else { 133 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 134 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 135 } 136 137 _, resp := th.Client.GetUser(tc.UserId, "") 138 require.Nil(t, err) 139 if tc.ExpectedError != "" { 140 CheckErrorMessage(t, resp, tc.ExpectedError) 141 } else { 142 CheckNoError(t, resp) 143 } 144 }) 145 } 146 }) 147 148 t.Run("getUserByUsername", func(t *testing.T) { 149 testCases := []struct { 150 Name string 151 RestrictedTo string 152 Username string 153 ExpectedError string 154 }{ 155 { 156 "Get visible user without restrictions", 157 "", 158 user5.Username, 159 "", 160 }, 161 { 162 "Get not existing user without restrictions", 163 "", 164 model.NewId(), 165 "app.user.get_by_username.app_error", 166 }, 167 { 168 "Get not existing user with restrictions to teams", 169 "teams", 170 model.NewId(), 171 "api.context.permissions.app_error", 172 }, 173 { 174 "Get visible user with restrictions to teams", 175 "teams", 176 user2.Username, 177 "", 178 }, 179 { 180 "Get not visible user with restrictions to teams", 181 "teams", 182 user5.Username, 183 "api.context.permissions.app_error", 184 }, 185 { 186 "Get not existing user with restrictions to channels", 187 "channels", 188 model.NewId(), 189 "api.context.permissions.app_error", 190 }, 191 { 192 "Get visible user with restrictions to channels", 193 "channels", 194 user4.Username, 195 "", 196 }, 197 { 198 "Get not visible user with restrictions to channels", 199 "channels", 200 user3.Username, 201 "api.context.permissions.app_error", 202 }, 203 } 204 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 205 206 for _, tc := range testCases { 207 t.Run(tc.Name, func(t *testing.T) { 208 if tc.RestrictedTo == "channels" { 209 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 210 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 211 } else if tc.RestrictedTo == "teams" { 212 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 213 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 214 } else { 215 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 216 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 217 } 218 219 _, resp := th.Client.GetUserByUsername(tc.Username, "") 220 require.Nil(t, err) 221 if tc.ExpectedError != "" { 222 CheckErrorMessage(t, resp, tc.ExpectedError) 223 } else { 224 CheckNoError(t, resp) 225 } 226 }) 227 } 228 }) 229 230 t.Run("getUserByEmail", func(t *testing.T) { 231 testCases := []struct { 232 Name string 233 RestrictedTo string 234 Email string 235 ExpectedError string 236 }{ 237 { 238 "Get visible user without restrictions", 239 "", 240 user5.Email, 241 "", 242 }, 243 { 244 "Get not existing user without restrictions", 245 "", 246 th.GenerateTestEmail(), 247 "app.user.missing_account.const", 248 }, 249 { 250 "Get not existing user with restrictions to teams", 251 "teams", 252 th.GenerateTestEmail(), 253 "api.context.permissions.app_error", 254 }, 255 { 256 "Get visible user with restrictions to teams", 257 "teams", 258 user2.Email, 259 "", 260 }, 261 { 262 "Get not visible user with restrictions to teams", 263 "teams", 264 user5.Email, 265 "api.context.permissions.app_error", 266 }, 267 { 268 "Get not existing user with restrictions to channels", 269 "channels", 270 th.GenerateTestEmail(), 271 "api.context.permissions.app_error", 272 }, 273 { 274 "Get visible user with restrictions to channels", 275 "channels", 276 user4.Email, 277 "", 278 }, 279 { 280 "Get not visible user with restrictions to channels", 281 "channels", 282 user3.Email, 283 "api.context.permissions.app_error", 284 }, 285 } 286 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 287 288 for _, tc := range testCases { 289 t.Run(tc.Name, func(t *testing.T) { 290 if tc.RestrictedTo == "channels" { 291 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 292 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 293 } else if tc.RestrictedTo == "teams" { 294 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 295 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 296 } else { 297 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 298 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 299 } 300 301 _, resp := th.Client.GetUserByEmail(tc.Email, "") 302 require.Nil(t, err) 303 if tc.ExpectedError != "" { 304 CheckErrorMessage(t, resp, tc.ExpectedError) 305 } else { 306 CheckNoError(t, resp) 307 } 308 }) 309 } 310 }) 311 312 t.Run("getDefaultProfileImage", func(t *testing.T) { 313 testCases := []struct { 314 Name string 315 RestrictedTo string 316 UserId string 317 ExpectedError string 318 }{ 319 { 320 "Get visible user without restrictions", 321 "", 322 user5.Id, 323 "", 324 }, 325 { 326 "Get not existing user without restrictions", 327 "", 328 model.NewId(), 329 "app.user.missing_account.const", 330 }, 331 { 332 "Get not existing user with restrictions to teams", 333 "teams", 334 model.NewId(), 335 "api.context.permissions.app_error", 336 }, 337 { 338 "Get visible user with restrictions to teams", 339 "teams", 340 user2.Id, 341 "", 342 }, 343 { 344 "Get not visible user with restrictions to teams", 345 "teams", 346 user5.Id, 347 "api.context.permissions.app_error", 348 }, 349 { 350 "Get not existing user with restrictions to channels", 351 "channels", 352 model.NewId(), 353 "api.context.permissions.app_error", 354 }, 355 { 356 "Get visible user with restrictions to channels", 357 "channels", 358 user4.Id, 359 "", 360 }, 361 { 362 "Get not visible user with restrictions to channels", 363 "channels", 364 user3.Id, 365 "api.context.permissions.app_error", 366 }, 367 } 368 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 369 370 for _, tc := range testCases { 371 t.Run(tc.Name, func(t *testing.T) { 372 if tc.RestrictedTo == "channels" { 373 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 374 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 375 } else if tc.RestrictedTo == "teams" { 376 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 377 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 378 } else { 379 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 380 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 381 } 382 383 _, resp := th.Client.GetDefaultProfileImage(tc.UserId) 384 require.Nil(t, err) 385 if tc.ExpectedError != "" { 386 CheckErrorMessage(t, resp, tc.ExpectedError) 387 } else { 388 CheckNoError(t, resp) 389 } 390 }) 391 } 392 }) 393 394 t.Run("getProfileImage", func(t *testing.T) { 395 testCases := []struct { 396 Name string 397 RestrictedTo string 398 UserId string 399 ExpectedError string 400 }{ 401 { 402 "Get visible user without restrictions", 403 "", 404 user5.Id, 405 "", 406 }, 407 { 408 "Get not existing user without restrictions", 409 "", 410 model.NewId(), 411 "app.user.missing_account.const", 412 }, 413 { 414 "Get not existing user with restrictions to teams", 415 "teams", 416 model.NewId(), 417 "api.context.permissions.app_error", 418 }, 419 { 420 "Get visible user with restrictions to teams", 421 "teams", 422 user2.Id, 423 "", 424 }, 425 { 426 "Get not visible user with restrictions to teams", 427 "teams", 428 user5.Id, 429 "api.context.permissions.app_error", 430 }, 431 { 432 "Get not existing user with restrictions to channels", 433 "channels", 434 model.NewId(), 435 "api.context.permissions.app_error", 436 }, 437 { 438 "Get visible user with restrictions to channels", 439 "channels", 440 user4.Id, 441 "", 442 }, 443 { 444 "Get not visible user with restrictions to channels", 445 "channels", 446 user3.Id, 447 "api.context.permissions.app_error", 448 }, 449 } 450 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 451 452 for _, tc := range testCases { 453 t.Run(tc.Name, func(t *testing.T) { 454 if tc.RestrictedTo == "channels" { 455 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 456 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 457 } else if tc.RestrictedTo == "teams" { 458 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 459 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 460 } else { 461 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 462 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 463 } 464 465 _, resp := th.Client.GetProfileImage(tc.UserId, "") 466 require.Nil(t, err) 467 if tc.ExpectedError != "" { 468 CheckErrorMessage(t, resp, tc.ExpectedError) 469 } else { 470 CheckNoError(t, resp) 471 } 472 }) 473 } 474 }) 475 }