github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/bot_test.go (about) 1 // Copyright (c) 2017-present Xenia, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "io/ioutil" 8 "strings" 9 "testing" 10 11 "github.com/xzl8028/xenia-server/model" 12 "github.com/stretchr/testify/require" 13 ) 14 15 func TestCreateBot(t *testing.T) { 16 t.Run("create bot without permissions", func(t *testing.T) { 17 th := Setup().InitBasic() 18 defer th.TearDown() 19 20 th.App.UpdateConfig(func(cfg *model.Config) { 21 *cfg.ServiceSettings.EnableBotAccountCreation = true 22 }) 23 24 _, resp := th.Client.CreateBot(&model.Bot{ 25 Username: GenerateTestUsername(), 26 DisplayName: "a bot", 27 Description: "bot", 28 }) 29 30 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 31 }) 32 33 t.Run("create bot without config permissions", func(t *testing.T) { 34 th := Setup().InitBasic() 35 defer th.TearDown() 36 37 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 38 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 39 th.App.Config().ServiceSettings.EnableBotAccountCreation = model.NewBool(false) 40 41 _, resp := th.Client.CreateBot(&model.Bot{ 42 Username: GenerateTestUsername(), 43 DisplayName: "a bot", 44 Description: "bot", 45 }) 46 47 CheckErrorMessage(t, resp, "api.bot.create_disabled") 48 }) 49 50 t.Run("create bot with permissions", func(t *testing.T) { 51 th := Setup().InitBasic() 52 defer th.TearDown() 53 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 54 55 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 56 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 57 th.App.UpdateConfig(func(cfg *model.Config) { 58 *cfg.ServiceSettings.EnableBotAccountCreation = true 59 }) 60 61 bot := &model.Bot{ 62 Username: GenerateTestUsername(), 63 DisplayName: "a bot", 64 Description: "bot", 65 } 66 67 createdBot, resp := th.Client.CreateBot(bot) 68 CheckCreatedStatus(t, resp) 69 defer th.App.PermanentDeleteBot(createdBot.UserId) 70 require.Equal(t, bot.Username, createdBot.Username) 71 require.Equal(t, bot.DisplayName, createdBot.DisplayName) 72 require.Equal(t, bot.Description, createdBot.Description) 73 require.Equal(t, th.BasicUser.Id, createdBot.OwnerId) 74 }) 75 76 t.Run("create invalid bot", func(t *testing.T) { 77 th := Setup().InitBasic() 78 defer th.TearDown() 79 80 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 81 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 82 th.App.UpdateConfig(func(cfg *model.Config) { 83 *cfg.ServiceSettings.EnableBotAccountCreation = true 84 }) 85 86 _, resp := th.Client.CreateBot(&model.Bot{ 87 Username: "username", 88 DisplayName: "a bot", 89 Description: strings.Repeat("x", 1025), 90 }) 91 92 CheckErrorMessage(t, resp, "model.bot.is_valid.description.app_error") 93 }) 94 95 t.Run("bot attempt to create bot fails", func(t *testing.T) { 96 th := Setup().InitBasic() 97 defer th.TearDown() 98 99 th.App.UpdateConfig(func(cfg *model.Config) { 100 *cfg.ServiceSettings.EnableBotAccountCreation = true 101 }) 102 103 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 104 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 105 th.AddPermissionToRole(model.PERMISSION_EDIT_OTHER_USERS.Id, model.TEAM_USER_ROLE_ID) 106 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 107 108 bot, resp := th.Client.CreateBot(&model.Bot{ 109 Username: GenerateTestUsername(), 110 DisplayName: "a bot", 111 Description: "bot", 112 }) 113 CheckCreatedStatus(t, resp) 114 defer th.App.PermanentDeleteBot(bot.UserId) 115 th.App.UpdateUserRoles(bot.UserId, model.TEAM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 116 117 rtoken, resp := th.Client.CreateUserAccessToken(bot.UserId, "test token") 118 CheckNoError(t, resp) 119 th.Client.AuthToken = rtoken.Token 120 121 _, resp = th.Client.CreateBot(&model.Bot{ 122 Username: GenerateTestUsername(), 123 OwnerId: bot.UserId, 124 DisplayName: "a bot2", 125 Description: "bot2", 126 }) 127 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 128 }) 129 130 } 131 132 func TestPatchBot(t *testing.T) { 133 t.Run("patch non-existent bot", func(t *testing.T) { 134 th := Setup().InitBasic() 135 defer th.TearDown() 136 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 137 138 _, resp := th.SystemAdminClient.PatchBot(model.NewId(), &model.BotPatch{}) 139 CheckNotFoundStatus(t, resp) 140 }) 141 142 t.Run("patch someone else's bot without permission", func(t *testing.T) { 143 th := Setup().InitBasic() 144 defer th.TearDown() 145 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 146 147 th.App.UpdateConfig(func(cfg *model.Config) { 148 *cfg.ServiceSettings.EnableBotAccountCreation = true 149 }) 150 151 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 152 Username: GenerateTestUsername(), 153 DisplayName: "a bot", 154 Description: "bot", 155 }) 156 CheckCreatedStatus(t, resp) 157 defer th.App.PermanentDeleteBot(createdBot.UserId) 158 159 _, resp = th.Client.PatchBot(createdBot.UserId, &model.BotPatch{}) 160 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 161 }) 162 163 t.Run("patch someone else's bot without permission, but with read others permission", func(t *testing.T) { 164 th := Setup().InitBasic() 165 defer th.TearDown() 166 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 167 168 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 169 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 170 th.App.UpdateConfig(func(cfg *model.Config) { 171 *cfg.ServiceSettings.EnableBotAccountCreation = true 172 }) 173 174 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 175 Username: GenerateTestUsername(), 176 DisplayName: "a bot", 177 Description: "bot", 178 }) 179 CheckCreatedStatus(t, resp) 180 defer th.App.PermanentDeleteBot(createdBot.UserId) 181 182 _, resp = th.Client.PatchBot(createdBot.UserId, &model.BotPatch{}) 183 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 184 }) 185 186 t.Run("patch someone else's bot with permission", func(t *testing.T) { 187 th := Setup().InitBasic() 188 defer th.TearDown() 189 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 190 191 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 192 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 193 th.App.UpdateConfig(func(cfg *model.Config) { 194 *cfg.ServiceSettings.EnableBotAccountCreation = true 195 }) 196 197 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 198 Username: GenerateTestUsername(), 199 DisplayName: "a bot", 200 Description: "bot", 201 }) 202 CheckCreatedStatus(t, resp) 203 defer th.App.PermanentDeleteBot(createdBot.UserId) 204 205 botPatch := &model.BotPatch{ 206 Username: sToP(GenerateTestUsername()), 207 DisplayName: sToP("an updated bot"), 208 Description: sToP("updated bot"), 209 } 210 211 patchedBot, resp := th.Client.PatchBot(createdBot.UserId, botPatch) 212 CheckOKStatus(t, resp) 213 require.Equal(t, *botPatch.Username, patchedBot.Username) 214 require.Equal(t, *botPatch.DisplayName, patchedBot.DisplayName) 215 require.Equal(t, *botPatch.Description, patchedBot.Description) 216 require.Equal(t, th.SystemAdminUser.Id, patchedBot.OwnerId) 217 }) 218 219 t.Run("patch my bot without permission", func(t *testing.T) { 220 th := Setup().InitBasic() 221 defer th.TearDown() 222 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 223 224 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 225 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 226 th.App.UpdateConfig(func(cfg *model.Config) { 227 *cfg.ServiceSettings.EnableBotAccountCreation = true 228 }) 229 230 createdBot, resp := th.Client.CreateBot(&model.Bot{ 231 Username: GenerateTestUsername(), 232 DisplayName: "a bot", 233 Description: "bot", 234 }) 235 CheckCreatedStatus(t, resp) 236 defer th.App.PermanentDeleteBot(createdBot.UserId) 237 238 botPatch := &model.BotPatch{ 239 Username: sToP(GenerateTestUsername()), 240 DisplayName: sToP("an updated bot"), 241 Description: sToP("updated bot"), 242 } 243 244 _, resp = th.Client.PatchBot(createdBot.UserId, botPatch) 245 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 246 }) 247 248 t.Run("patch my bot without permission, but with read permission", func(t *testing.T) { 249 th := Setup().InitBasic() 250 defer th.TearDown() 251 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 252 253 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 254 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 255 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 256 th.App.UpdateConfig(func(cfg *model.Config) { 257 *cfg.ServiceSettings.EnableBotAccountCreation = true 258 }) 259 260 createdBot, resp := th.Client.CreateBot(&model.Bot{ 261 Username: GenerateTestUsername(), 262 DisplayName: "a bot", 263 Description: "bot", 264 }) 265 CheckCreatedStatus(t, resp) 266 defer th.App.PermanentDeleteBot(createdBot.UserId) 267 268 botPatch := &model.BotPatch{ 269 Username: sToP(GenerateTestUsername()), 270 DisplayName: sToP("an updated bot"), 271 Description: sToP("updated bot"), 272 } 273 274 _, resp = th.Client.PatchBot(createdBot.UserId, botPatch) 275 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 276 }) 277 278 t.Run("patch my bot with permission", func(t *testing.T) { 279 th := Setup().InitBasic() 280 defer th.TearDown() 281 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 282 283 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 284 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 285 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 286 th.App.UpdateConfig(func(cfg *model.Config) { 287 *cfg.ServiceSettings.EnableBotAccountCreation = true 288 }) 289 290 createdBot, resp := th.Client.CreateBot(&model.Bot{ 291 Username: GenerateTestUsername(), 292 DisplayName: "a bot", 293 Description: "bot", 294 }) 295 CheckCreatedStatus(t, resp) 296 defer th.App.PermanentDeleteBot(createdBot.UserId) 297 298 botPatch := &model.BotPatch{ 299 Username: sToP(GenerateTestUsername()), 300 DisplayName: sToP("an updated bot"), 301 Description: sToP("updated bot"), 302 } 303 304 patchedBot, resp := th.Client.PatchBot(createdBot.UserId, botPatch) 305 CheckOKStatus(t, resp) 306 require.Equal(t, *botPatch.Username, patchedBot.Username) 307 require.Equal(t, *botPatch.DisplayName, patchedBot.DisplayName) 308 require.Equal(t, *botPatch.Description, patchedBot.Description) 309 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 310 }) 311 312 t.Run("partial patch my bot with permission", func(t *testing.T) { 313 th := Setup().InitBasic() 314 defer th.TearDown() 315 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 316 317 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 318 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 319 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 320 th.App.UpdateConfig(func(cfg *model.Config) { 321 *cfg.ServiceSettings.EnableBotAccountCreation = true 322 }) 323 324 bot := &model.Bot{ 325 Username: GenerateTestUsername(), 326 DisplayName: "a bot", 327 Description: "bot", 328 } 329 330 createdBot, resp := th.Client.CreateBot(bot) 331 CheckCreatedStatus(t, resp) 332 defer th.App.PermanentDeleteBot(createdBot.UserId) 333 334 botPatch := &model.BotPatch{ 335 Username: sToP(GenerateTestUsername()), 336 } 337 338 patchedBot, resp := th.Client.PatchBot(createdBot.UserId, botPatch) 339 CheckOKStatus(t, resp) 340 require.Equal(t, *botPatch.Username, patchedBot.Username) 341 require.Equal(t, bot.DisplayName, patchedBot.DisplayName) 342 require.Equal(t, bot.Description, patchedBot.Description) 343 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 344 }) 345 346 t.Run("update bot, internally managed fields ignored", func(t *testing.T) { 347 th := Setup().InitBasic() 348 defer th.TearDown() 349 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 350 351 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 352 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 353 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 354 th.App.UpdateConfig(func(cfg *model.Config) { 355 *cfg.ServiceSettings.EnableBotAccountCreation = true 356 }) 357 358 createdBot, resp := th.Client.CreateBot(&model.Bot{ 359 Username: GenerateTestUsername(), 360 DisplayName: "a bot", 361 Description: "bot", 362 }) 363 CheckCreatedStatus(t, resp) 364 defer th.App.PermanentDeleteBot(createdBot.UserId) 365 366 r, err := th.Client.DoApiPut(th.Client.GetBotRoute(createdBot.UserId), `{"creator_id":"`+th.BasicUser2.Id+`"}`) 367 require.Nil(t, err) 368 defer func() { 369 _, _ = ioutil.ReadAll(r.Body) 370 _ = r.Body.Close() 371 }() 372 patchedBot := model.BotFromJson(r.Body) 373 resp = model.BuildResponse(r) 374 CheckOKStatus(t, resp) 375 376 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 377 }) 378 } 379 380 func TestGetBot(t *testing.T) { 381 th := Setup().InitBasic() 382 defer th.TearDown() 383 384 th.App.UpdateConfig(func(cfg *model.Config) { 385 *cfg.ServiceSettings.EnableBotAccountCreation = true 386 }) 387 388 bot1, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 389 Username: GenerateTestUsername(), 390 DisplayName: "a bot", 391 Description: "the first bot", 392 }) 393 CheckCreatedStatus(t, resp) 394 defer th.App.PermanentDeleteBot(bot1.UserId) 395 396 bot2, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 397 Username: GenerateTestUsername(), 398 DisplayName: "another bot", 399 Description: "the second bot", 400 }) 401 CheckCreatedStatus(t, resp) 402 defer th.App.PermanentDeleteBot(bot2.UserId) 403 404 deletedBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 405 Username: GenerateTestUsername(), 406 Description: "a deleted bot", 407 }) 408 CheckCreatedStatus(t, resp) 409 defer th.App.PermanentDeleteBot(deletedBot.UserId) 410 deletedBot, resp = th.SystemAdminClient.DisableBot(deletedBot.UserId) 411 CheckOKStatus(t, resp) 412 413 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 414 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 415 th.App.UpdateConfig(func(cfg *model.Config) { 416 *cfg.ServiceSettings.EnableBotAccountCreation = true 417 }) 418 419 myBot, resp := th.Client.CreateBot(&model.Bot{ 420 Username: GenerateTestUsername(), 421 DisplayName: "my bot", 422 Description: "a bot created by non-admin", 423 }) 424 CheckCreatedStatus(t, resp) 425 defer th.App.PermanentDeleteBot(myBot.UserId) 426 th.RemovePermissionFromRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 427 428 t.Run("get unknown bot", func(t *testing.T) { 429 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 430 431 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 432 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 433 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 434 435 _, resp := th.Client.GetBot(model.NewId(), "") 436 CheckNotFoundStatus(t, resp) 437 }) 438 439 t.Run("get bot1", func(t *testing.T) { 440 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 441 442 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 443 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 444 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 445 446 bot, resp := th.Client.GetBot(bot1.UserId, "") 447 CheckOKStatus(t, resp) 448 require.Equal(t, bot1, bot) 449 450 bot, resp = th.Client.GetBot(bot1.UserId, bot.Etag()) 451 CheckEtag(t, bot, resp) 452 }) 453 454 t.Run("get bot2", func(t *testing.T) { 455 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 456 457 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 458 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 459 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 460 461 bot, resp := th.Client.GetBot(bot2.UserId, "") 462 CheckOKStatus(t, resp) 463 require.Equal(t, bot2, bot) 464 465 bot, resp = th.Client.GetBot(bot2.UserId, bot.Etag()) 466 CheckEtag(t, bot, resp) 467 }) 468 469 t.Run("get bot1 without READ_OTHERS_BOTS permission", func(t *testing.T) { 470 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 471 472 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 473 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 474 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 475 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 476 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 477 478 _, resp := th.Client.GetBot(bot1.UserId, "") 479 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 480 }) 481 482 t.Run("get myBot without READ_BOTS OR READ_OTHERS_BOTS permissions", func(t *testing.T) { 483 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 484 485 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 486 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 487 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 488 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 489 490 _, resp := th.Client.GetBot(myBot.UserId, "") 491 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 492 }) 493 494 t.Run("get deleted bot", func(t *testing.T) { 495 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 496 497 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 498 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 499 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 500 501 _, resp := th.Client.GetBot(deletedBot.UserId, "") 502 CheckNotFoundStatus(t, resp) 503 }) 504 505 t.Run("get deleted bot, include deleted", func(t *testing.T) { 506 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 507 508 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 509 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 510 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 511 512 bot, resp := th.Client.GetBotIncludeDeleted(deletedBot.UserId, "") 513 CheckOKStatus(t, resp) 514 require.NotEqual(t, 0, bot.DeleteAt) 515 deletedBot.UpdateAt = bot.UpdateAt 516 deletedBot.DeleteAt = bot.DeleteAt 517 require.Equal(t, deletedBot, bot) 518 519 bot, resp = th.Client.GetBotIncludeDeleted(deletedBot.UserId, bot.Etag()) 520 CheckEtag(t, bot, resp) 521 }) 522 } 523 524 func TestGetBots(t *testing.T) { 525 th := Setup().InitBasic() 526 defer th.TearDown() 527 528 th.App.UpdateConfig(func(cfg *model.Config) { 529 *cfg.ServiceSettings.EnableBotAccountCreation = true 530 }) 531 532 bot1, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 533 Username: GenerateTestUsername(), 534 DisplayName: "a bot", 535 Description: "the first bot", 536 }) 537 CheckCreatedStatus(t, resp) 538 defer th.App.PermanentDeleteBot(bot1.UserId) 539 540 deletedBot1, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 541 Username: GenerateTestUsername(), 542 Description: "a deleted bot", 543 }) 544 CheckCreatedStatus(t, resp) 545 defer th.App.PermanentDeleteBot(deletedBot1.UserId) 546 deletedBot1, resp = th.SystemAdminClient.DisableBot(deletedBot1.UserId) 547 CheckOKStatus(t, resp) 548 549 bot2, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 550 Username: GenerateTestUsername(), 551 DisplayName: "another bot", 552 Description: "the second bot", 553 }) 554 CheckCreatedStatus(t, resp) 555 defer th.App.PermanentDeleteBot(bot2.UserId) 556 557 bot3, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 558 Username: GenerateTestUsername(), 559 DisplayName: "another bot", 560 Description: "the third bot", 561 }) 562 CheckCreatedStatus(t, resp) 563 defer th.App.PermanentDeleteBot(bot3.UserId) 564 565 deletedBot2, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 566 Username: GenerateTestUsername(), 567 Description: "a deleted bot", 568 }) 569 CheckCreatedStatus(t, resp) 570 defer th.App.PermanentDeleteBot(deletedBot2.UserId) 571 deletedBot2, resp = th.SystemAdminClient.DisableBot(deletedBot2.UserId) 572 CheckOKStatus(t, resp) 573 574 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 575 th.App.UpdateUserRoles(th.BasicUser2.Id, model.TEAM_USER_ROLE_ID, false) 576 th.LoginBasic2() 577 orphanedBot, resp := th.Client.CreateBot(&model.Bot{ 578 Username: GenerateTestUsername(), 579 Description: "an oprphaned bot", 580 }) 581 CheckCreatedStatus(t, resp) 582 th.LoginBasic() 583 defer th.App.PermanentDeleteBot(orphanedBot.UserId) 584 // Automatic deactivation disabled 585 th.App.UpdateConfig(func(cfg *model.Config) { 586 *cfg.ServiceSettings.DisableBotsWhenOwnerIsDeactivated = false 587 }) 588 _, resp = th.SystemAdminClient.DeleteUser(th.BasicUser2.Id) 589 CheckOKStatus(t, resp) 590 591 t.Run("get bots, page=0, perPage=10", func(t *testing.T) { 592 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 593 594 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 595 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 596 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 597 598 bots, resp := th.Client.GetBots(0, 10, "") 599 CheckOKStatus(t, resp) 600 require.Equal(t, []*model.Bot{bot1, bot2, bot3, orphanedBot}, bots) 601 602 botList := model.BotList(bots) 603 bots, resp = th.Client.GetBots(0, 10, botList.Etag()) 604 CheckEtag(t, bots, resp) 605 }) 606 607 t.Run("get bots, page=0, perPage=1", func(t *testing.T) { 608 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 609 610 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 611 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 612 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 613 614 bots, resp := th.Client.GetBots(0, 1, "") 615 CheckOKStatus(t, resp) 616 require.Equal(t, []*model.Bot{bot1}, bots) 617 618 botList := model.BotList(bots) 619 bots, resp = th.Client.GetBots(0, 1, botList.Etag()) 620 CheckEtag(t, bots, resp) 621 }) 622 623 t.Run("get bots, page=1, perPage=2", func(t *testing.T) { 624 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 625 626 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 627 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 628 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 629 630 bots, resp := th.Client.GetBots(1, 2, "") 631 CheckOKStatus(t, resp) 632 require.Equal(t, []*model.Bot{bot3, orphanedBot}, bots) 633 634 botList := model.BotList(bots) 635 bots, resp = th.Client.GetBots(1, 2, botList.Etag()) 636 CheckEtag(t, bots, resp) 637 }) 638 639 t.Run("get bots, page=2, perPage=2", func(t *testing.T) { 640 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 641 642 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 643 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 644 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 645 646 bots, resp := th.Client.GetBots(2, 2, "") 647 CheckOKStatus(t, resp) 648 require.Equal(t, []*model.Bot{}, bots) 649 650 botList := model.BotList(bots) 651 bots, resp = th.Client.GetBots(2, 2, botList.Etag()) 652 CheckEtag(t, bots, resp) 653 }) 654 655 t.Run("get bots, page=0, perPage=10, include deleted", func(t *testing.T) { 656 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 657 658 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 659 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 660 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 661 662 bots, resp := th.Client.GetBotsIncludeDeleted(0, 10, "") 663 CheckOKStatus(t, resp) 664 require.Equal(t, []*model.Bot{bot1, deletedBot1, bot2, bot3, deletedBot2, orphanedBot}, bots) 665 666 botList := model.BotList(bots) 667 bots, resp = th.Client.GetBotsIncludeDeleted(0, 10, botList.Etag()) 668 CheckEtag(t, bots, resp) 669 }) 670 671 t.Run("get bots, page=0, perPage=1, include deleted", func(t *testing.T) { 672 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 673 674 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 675 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 676 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 677 678 bots, resp := th.Client.GetBotsIncludeDeleted(0, 1, "") 679 CheckOKStatus(t, resp) 680 require.Equal(t, []*model.Bot{bot1}, bots) 681 682 botList := model.BotList(bots) 683 bots, resp = th.Client.GetBotsIncludeDeleted(0, 1, botList.Etag()) 684 CheckEtag(t, bots, resp) 685 }) 686 687 t.Run("get bots, page=1, perPage=2, include deleted", func(t *testing.T) { 688 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 689 690 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 691 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 692 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 693 694 bots, resp := th.Client.GetBotsIncludeDeleted(1, 2, "") 695 CheckOKStatus(t, resp) 696 require.Equal(t, []*model.Bot{bot2, bot3}, bots) 697 698 botList := model.BotList(bots) 699 bots, resp = th.Client.GetBotsIncludeDeleted(1, 2, botList.Etag()) 700 CheckEtag(t, bots, resp) 701 }) 702 703 t.Run("get bots, page=2, perPage=2, include deleted", func(t *testing.T) { 704 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 705 706 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 707 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 708 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 709 710 bots, resp := th.Client.GetBotsIncludeDeleted(2, 2, "") 711 CheckOKStatus(t, resp) 712 require.Equal(t, []*model.Bot{deletedBot2, orphanedBot}, bots) 713 714 botList := model.BotList(bots) 715 bots, resp = th.Client.GetBotsIncludeDeleted(2, 2, botList.Etag()) 716 CheckEtag(t, bots, resp) 717 }) 718 719 t.Run("get bots, page=0, perPage=10, only orphaned", func(t *testing.T) { 720 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 721 722 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 723 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 724 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 725 726 bots, resp := th.Client.GetBotsOrphaned(0, 10, "") 727 CheckOKStatus(t, resp) 728 require.Equal(t, []*model.Bot{orphanedBot}, bots) 729 730 botList := model.BotList(bots) 731 bots, resp = th.Client.GetBotsOrphaned(0, 10, botList.Etag()) 732 CheckEtag(t, bots, resp) 733 }) 734 735 t.Run("get bots without permission", func(t *testing.T) { 736 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 737 738 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 739 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 740 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 741 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 742 743 _, resp := th.Client.GetBots(0, 10, "") 744 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 745 }) 746 } 747 748 func TestDisableBot(t *testing.T) { 749 t.Run("disable non-existent bot", func(t *testing.T) { 750 th := Setup().InitBasic() 751 defer th.TearDown() 752 753 _, resp := th.Client.DisableBot(model.NewId()) 754 CheckNotFoundStatus(t, resp) 755 }) 756 757 t.Run("disable bot without permission", func(t *testing.T) { 758 th := Setup().InitBasic() 759 defer th.TearDown() 760 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 761 762 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 763 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 764 th.App.UpdateConfig(func(cfg *model.Config) { 765 *cfg.ServiceSettings.EnableBotAccountCreation = true 766 }) 767 768 bot := &model.Bot{ 769 Username: GenerateTestUsername(), 770 Description: "bot", 771 } 772 773 createdBot, resp := th.Client.CreateBot(bot) 774 CheckCreatedStatus(t, resp) 775 defer th.App.PermanentDeleteBot(createdBot.UserId) 776 777 _, resp = th.Client.DisableBot(createdBot.UserId) 778 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 779 }) 780 781 t.Run("disable bot without permission, but with read permission", func(t *testing.T) { 782 th := Setup().InitBasic() 783 defer th.TearDown() 784 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 785 786 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 787 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 788 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 789 th.App.UpdateConfig(func(cfg *model.Config) { 790 *cfg.ServiceSettings.EnableBotAccountCreation = true 791 }) 792 793 bot := &model.Bot{ 794 Username: GenerateTestUsername(), 795 Description: "bot", 796 } 797 798 createdBot, resp := th.Client.CreateBot(bot) 799 CheckCreatedStatus(t, resp) 800 defer th.App.PermanentDeleteBot(createdBot.UserId) 801 802 _, resp = th.Client.DisableBot(createdBot.UserId) 803 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 804 }) 805 806 t.Run("disable bot with permission", func(t *testing.T) { 807 th := Setup().InitBasic() 808 defer th.TearDown() 809 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 810 811 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 812 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 813 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 814 th.App.UpdateConfig(func(cfg *model.Config) { 815 *cfg.ServiceSettings.EnableBotAccountCreation = true 816 }) 817 818 bot, resp := th.Client.CreateBot(&model.Bot{ 819 Username: GenerateTestUsername(), 820 Description: "bot", 821 }) 822 CheckCreatedStatus(t, resp) 823 defer th.App.PermanentDeleteBot(bot.UserId) 824 825 enabledBot1, resp := th.Client.DisableBot(bot.UserId) 826 CheckOKStatus(t, resp) 827 bot.UpdateAt = enabledBot1.UpdateAt 828 bot.DeleteAt = enabledBot1.DeleteAt 829 require.Equal(t, bot, enabledBot1) 830 831 // Check bot disabled 832 disab, resp := th.SystemAdminClient.GetBotIncludeDeleted(bot.UserId, "") 833 CheckOKStatus(t, resp) 834 require.NotZero(t, disab.DeleteAt) 835 836 // Disabling should be idempotent. 837 enabledBot2, resp := th.Client.DisableBot(bot.UserId) 838 CheckOKStatus(t, resp) 839 require.Equal(t, bot, enabledBot2) 840 }) 841 } 842 func TestEnableBot(t *testing.T) { 843 t.Run("enable non-existent bot", func(t *testing.T) { 844 th := Setup().InitBasic() 845 defer th.TearDown() 846 847 _, resp := th.Client.EnableBot(model.NewId()) 848 CheckNotFoundStatus(t, resp) 849 }) 850 851 t.Run("enable bot without permission", func(t *testing.T) { 852 th := Setup().InitBasic() 853 defer th.TearDown() 854 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 855 856 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 857 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 858 th.App.UpdateConfig(func(cfg *model.Config) { 859 *cfg.ServiceSettings.EnableBotAccountCreation = true 860 }) 861 862 bot := &model.Bot{ 863 Username: GenerateTestUsername(), 864 Description: "bot", 865 } 866 867 createdBot, resp := th.Client.CreateBot(bot) 868 CheckCreatedStatus(t, resp) 869 defer th.App.PermanentDeleteBot(createdBot.UserId) 870 871 _, resp = th.SystemAdminClient.DisableBot(createdBot.UserId) 872 CheckOKStatus(t, resp) 873 874 _, resp = th.Client.EnableBot(createdBot.UserId) 875 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 876 }) 877 878 t.Run("enable bot without permission, but with read permission", func(t *testing.T) { 879 th := Setup().InitBasic() 880 defer th.TearDown() 881 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 882 883 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 884 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 885 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 886 th.App.UpdateConfig(func(cfg *model.Config) { 887 *cfg.ServiceSettings.EnableBotAccountCreation = true 888 }) 889 890 bot := &model.Bot{ 891 Username: GenerateTestUsername(), 892 Description: "bot", 893 } 894 895 createdBot, resp := th.Client.CreateBot(bot) 896 CheckCreatedStatus(t, resp) 897 defer th.App.PermanentDeleteBot(createdBot.UserId) 898 899 _, resp = th.SystemAdminClient.DisableBot(createdBot.UserId) 900 CheckOKStatus(t, resp) 901 902 _, resp = th.Client.EnableBot(createdBot.UserId) 903 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 904 }) 905 906 t.Run("enable bot with permission", func(t *testing.T) { 907 th := Setup().InitBasic() 908 defer th.TearDown() 909 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 910 911 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 912 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 913 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 914 th.App.UpdateConfig(func(cfg *model.Config) { 915 *cfg.ServiceSettings.EnableBotAccountCreation = true 916 }) 917 918 bot, resp := th.Client.CreateBot(&model.Bot{ 919 Username: GenerateTestUsername(), 920 Description: "bot", 921 }) 922 CheckCreatedStatus(t, resp) 923 defer th.App.PermanentDeleteBot(bot.UserId) 924 925 _, resp = th.SystemAdminClient.DisableBot(bot.UserId) 926 CheckOKStatus(t, resp) 927 928 enabledBot1, resp := th.Client.EnableBot(bot.UserId) 929 CheckOKStatus(t, resp) 930 bot.UpdateAt = enabledBot1.UpdateAt 931 bot.DeleteAt = enabledBot1.DeleteAt 932 require.Equal(t, bot, enabledBot1) 933 934 // Check bot enabled 935 enab, resp := th.SystemAdminClient.GetBotIncludeDeleted(bot.UserId, "") 936 CheckOKStatus(t, resp) 937 require.Zero(t, enab.DeleteAt) 938 939 // Disabling should be idempotent. 940 enabledBot2, resp := th.Client.EnableBot(bot.UserId) 941 CheckOKStatus(t, resp) 942 require.Equal(t, bot, enabledBot2) 943 }) 944 } 945 946 func TestAssignBot(t *testing.T) { 947 th := Setup().InitBasic() 948 defer th.TearDown() 949 950 t.Run("claim non-existent bot", func(t *testing.T) { 951 _, resp := th.SystemAdminClient.AssignBot(model.NewId(), model.NewId()) 952 CheckNotFoundStatus(t, resp) 953 }) 954 955 t.Run("system admin assign bot", func(t *testing.T) { 956 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 957 958 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 959 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 960 th.App.UpdateConfig(func(cfg *model.Config) { 961 *cfg.ServiceSettings.EnableBotAccountCreation = true 962 }) 963 964 bot := &model.Bot{ 965 Username: GenerateTestUsername(), 966 Description: "bot", 967 } 968 bot, resp := th.Client.CreateBot(bot) 969 CheckCreatedStatus(t, resp) 970 defer th.App.PermanentDeleteBot(bot.UserId) 971 972 before, resp := th.Client.GetBot(bot.UserId, "") 973 CheckOKStatus(t, resp) 974 require.Equal(t, th.BasicUser.Id, before.OwnerId) 975 976 _, resp = th.SystemAdminClient.AssignBot(bot.UserId, th.SystemAdminUser.Id) 977 CheckOKStatus(t, resp) 978 979 // Original owner doesn't have read others bots permission, therefore can't see bot anymore 980 _, resp = th.Client.GetBot(bot.UserId, "") 981 CheckNotFoundStatus(t, resp) 982 983 // System admin can see creator ID has changed 984 after, resp := th.SystemAdminClient.GetBot(bot.UserId, "") 985 CheckOKStatus(t, resp) 986 require.Equal(t, th.SystemAdminUser.Id, after.OwnerId) 987 988 // Assign back to user without permissions to manage 989 _, resp = th.SystemAdminClient.AssignBot(bot.UserId, th.BasicUser.Id) 990 CheckOKStatus(t, resp) 991 992 after, resp = th.SystemAdminClient.GetBot(bot.UserId, "") 993 CheckOKStatus(t, resp) 994 require.Equal(t, th.BasicUser.Id, after.OwnerId) 995 }) 996 997 t.Run("random user assign bot", func(t *testing.T) { 998 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 999 1000 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1001 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1002 th.App.UpdateConfig(func(cfg *model.Config) { 1003 *cfg.ServiceSettings.EnableBotAccountCreation = true 1004 }) 1005 1006 bot := &model.Bot{ 1007 Username: GenerateTestUsername(), 1008 Description: "bot", 1009 } 1010 createdBot, resp := th.Client.CreateBot(bot) 1011 CheckCreatedStatus(t, resp) 1012 defer th.App.PermanentDeleteBot(createdBot.UserId) 1013 1014 th.LoginBasic2() 1015 1016 // Without permission to read others bots it doesn't exist 1017 _, resp = th.Client.AssignBot(createdBot.UserId, th.BasicUser2.Id) 1018 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 1019 1020 // With permissions to read we don't have permissions to modify 1021 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1022 _, resp = th.Client.AssignBot(createdBot.UserId, th.BasicUser2.Id) 1023 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 1024 1025 th.LoginBasic() 1026 }) 1027 1028 t.Run("delegated user assign bot", func(t *testing.T) { 1029 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1030 1031 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1032 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1033 th.App.UpdateConfig(func(cfg *model.Config) { 1034 *cfg.ServiceSettings.EnableBotAccountCreation = true 1035 }) 1036 1037 bot := &model.Bot{ 1038 Username: GenerateTestUsername(), 1039 Description: "bot", 1040 } 1041 bot, resp := th.Client.CreateBot(bot) 1042 CheckCreatedStatus(t, resp) 1043 defer th.App.PermanentDeleteBot(bot.UserId) 1044 1045 // Simulate custom role by just changing the system user role 1046 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1047 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1048 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1049 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1050 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1051 th.LoginBasic2() 1052 1053 _, resp = th.Client.AssignBot(bot.UserId, th.BasicUser2.Id) 1054 CheckOKStatus(t, resp) 1055 1056 after, resp := th.SystemAdminClient.GetBot(bot.UserId, "") 1057 CheckOKStatus(t, resp) 1058 require.Equal(t, th.BasicUser2.Id, after.OwnerId) 1059 }) 1060 1061 t.Run("bot assigned to bot fails", func(t *testing.T) { 1062 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1063 1064 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1065 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1066 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1067 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1068 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1069 1070 bot := &model.Bot{ 1071 Username: GenerateTestUsername(), 1072 Description: "bot", 1073 } 1074 bot, resp := th.Client.CreateBot(bot) 1075 CheckCreatedStatus(t, resp) 1076 defer th.App.PermanentDeleteBot(bot.UserId) 1077 1078 bot2, resp := th.Client.CreateBot(&model.Bot{ 1079 Username: GenerateTestUsername(), 1080 DisplayName: "a bot", 1081 Description: "bot", 1082 }) 1083 1084 CheckCreatedStatus(t, resp) 1085 defer th.App.PermanentDeleteBot(bot2.UserId) 1086 1087 _, resp = th.Client.AssignBot(bot.UserId, bot2.UserId) 1088 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 1089 1090 }) 1091 } 1092 1093 func sToP(s string) *string { 1094 return &s 1095 }