github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/team_test.go (about) 1 // Copyright (c) 2017-present Xenia, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/binary" 8 "fmt" 9 "net/http" 10 "strconv" 11 "strings" 12 "testing" 13 14 "encoding/base64" 15 16 "github.com/xzl8028/xenia-server/app" 17 "github.com/xzl8028/xenia-server/model" 18 "github.com/xzl8028/xenia-server/services/mailservice" 19 "github.com/xzl8028/xenia-server/utils" 20 "github.com/xzl8028/xenia-server/utils/testutils" 21 "github.com/stretchr/testify/assert" 22 "github.com/stretchr/testify/require" 23 ) 24 25 func TestCreateTeam(t *testing.T) { 26 th := Setup().InitBasic() 27 defer th.TearDown() 28 Client := th.Client 29 30 team := &model.Team{Name: GenerateTestUsername(), DisplayName: "Some Team", Type: model.TEAM_OPEN} 31 rteam, resp := Client.CreateTeam(team) 32 CheckNoError(t, resp) 33 CheckCreatedStatus(t, resp) 34 35 if rteam.Name != team.Name { 36 t.Fatal("names did not match") 37 } 38 39 if rteam.DisplayName != team.DisplayName { 40 t.Fatal("display names did not match") 41 } 42 43 if rteam.Type != team.Type { 44 t.Fatal("types did not match") 45 } 46 47 _, resp = Client.CreateTeam(rteam) 48 CheckBadRequestStatus(t, resp) 49 50 rteam.Id = "" 51 _, resp = Client.CreateTeam(rteam) 52 CheckErrorMessage(t, resp, "store.sql_team.save.domain_exists.app_error") 53 CheckBadRequestStatus(t, resp) 54 55 rteam.Name = "" 56 _, resp = Client.CreateTeam(rteam) 57 CheckErrorMessage(t, resp, "model.team.is_valid.characters.app_error") 58 CheckBadRequestStatus(t, resp) 59 60 if r, err := Client.DoApiPost("/teams", "garbage"); err == nil { 61 t.Fatal("should have errored") 62 } else { 63 if r.StatusCode != http.StatusBadRequest { 64 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 65 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 66 t.Fatal("wrong status code") 67 } 68 } 69 70 Client.Logout() 71 72 _, resp = Client.CreateTeam(rteam) 73 CheckUnauthorizedStatus(t, resp) 74 75 th.LoginBasic() 76 77 // Test GroupConstrained flag 78 groupConstrainedTeam := &model.Team{Name: GenerateTestUsername(), DisplayName: "Some Team", Type: model.TEAM_OPEN, GroupConstrained: model.NewBool(true)} 79 rteam, resp = Client.CreateTeam(groupConstrainedTeam) 80 CheckNoError(t, resp) 81 CheckCreatedStatus(t, resp) 82 83 if *rteam.GroupConstrained != *groupConstrainedTeam.GroupConstrained { 84 t.Fatal("GroupConstrained flags do not match") 85 } 86 87 // Check the appropriate permissions are enforced. 88 defaultRolePermissions := th.SaveDefaultRolePermissions() 89 defer func() { 90 th.RestoreDefaultRolePermissions(defaultRolePermissions) 91 }() 92 93 th.RemovePermissionFromRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_USER_ROLE_ID) 94 th.AddPermissionToRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_ADMIN_ROLE_ID) 95 96 _, resp = Client.CreateTeam(team) 97 CheckForbiddenStatus(t, resp) 98 } 99 100 func TestCreateTeamSanitization(t *testing.T) { 101 th := Setup().InitBasic() 102 defer th.TearDown() 103 104 // Non-admin users can create a team, but they become a team admin by doing so 105 106 t.Run("team admin", func(t *testing.T) { 107 team := &model.Team{ 108 DisplayName: t.Name() + "_1", 109 Name: GenerateTestTeamName(), 110 Email: th.GenerateTestEmail(), 111 Type: model.TEAM_OPEN, 112 AllowedDomains: "simulator.amazonses.com,dockerhost", 113 } 114 115 rteam, resp := th.Client.CreateTeam(team) 116 CheckNoError(t, resp) 117 if rteam.Email == "" { 118 t.Fatal("should not have sanitized email") 119 } 120 }) 121 122 t.Run("system admin", func(t *testing.T) { 123 team := &model.Team{ 124 DisplayName: t.Name() + "_2", 125 Name: GenerateTestTeamName(), 126 Email: th.GenerateTestEmail(), 127 Type: model.TEAM_OPEN, 128 AllowedDomains: "simulator.amazonses.com,dockerhost", 129 } 130 131 rteam, resp := th.SystemAdminClient.CreateTeam(team) 132 CheckNoError(t, resp) 133 if rteam.Email == "" { 134 t.Fatal("should not have sanitized email") 135 } 136 }) 137 } 138 139 func TestGetTeam(t *testing.T) { 140 th := Setup().InitBasic() 141 defer th.TearDown() 142 Client := th.Client 143 team := th.BasicTeam 144 145 rteam, resp := Client.GetTeam(team.Id, "") 146 CheckNoError(t, resp) 147 148 if rteam.Id != team.Id { 149 t.Fatal("wrong team") 150 } 151 152 _, resp = Client.GetTeam("junk", "") 153 CheckBadRequestStatus(t, resp) 154 155 _, resp = Client.GetTeam("", "") 156 CheckNotFoundStatus(t, resp) 157 158 _, resp = Client.GetTeam(model.NewId(), "") 159 CheckNotFoundStatus(t, resp) 160 161 th.LoginTeamAdmin() 162 163 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 164 rteam2, _ := Client.CreateTeam(team2) 165 166 team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true} 167 rteam3, _ := Client.CreateTeam(team3) 168 169 th.LoginBasic() 170 // AllowInviteOpen is false and team is open, and user is not on team 171 _, resp = Client.GetTeam(rteam2.Id, "") 172 CheckForbiddenStatus(t, resp) 173 174 // AllowInviteOpen is true and team is invite, and user is not on team 175 _, resp = Client.GetTeam(rteam3.Id, "") 176 CheckForbiddenStatus(t, resp) 177 178 Client.Logout() 179 _, resp = Client.GetTeam(team.Id, "") 180 CheckUnauthorizedStatus(t, resp) 181 182 _, resp = th.SystemAdminClient.GetTeam(rteam2.Id, "") 183 CheckNoError(t, resp) 184 } 185 186 func TestGetTeamSanitization(t *testing.T) { 187 th := Setup().InitBasic() 188 defer th.TearDown() 189 190 team, resp := th.Client.CreateTeam(&model.Team{ 191 DisplayName: t.Name() + "_1", 192 Name: GenerateTestTeamName(), 193 Email: th.GenerateTestEmail(), 194 Type: model.TEAM_OPEN, 195 AllowedDomains: "simulator.amazonses.com,dockerhost", 196 }) 197 CheckNoError(t, resp) 198 199 t.Run("team user", func(t *testing.T) { 200 th.LinkUserToTeam(th.BasicUser2, team) 201 202 client := th.CreateClient() 203 th.LoginBasic2WithClient(client) 204 205 rteam, resp := client.GetTeam(team.Id, "") 206 CheckNoError(t, resp) 207 if rteam.Email != "" { 208 t.Fatal("should've sanitized email") 209 } 210 }) 211 212 t.Run("team admin", func(t *testing.T) { 213 rteam, resp := th.Client.GetTeam(team.Id, "") 214 CheckNoError(t, resp) 215 if rteam.Email == "" { 216 t.Fatal("should not have sanitized email") 217 } 218 }) 219 220 t.Run("system admin", func(t *testing.T) { 221 rteam, resp := th.SystemAdminClient.GetTeam(team.Id, "") 222 CheckNoError(t, resp) 223 if rteam.Email == "" { 224 t.Fatal("should not have sanitized email") 225 } 226 }) 227 } 228 229 func TestGetTeamUnread(t *testing.T) { 230 th := Setup().InitBasic() 231 defer th.TearDown() 232 Client := th.Client 233 234 teamUnread, resp := Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 235 CheckNoError(t, resp) 236 if teamUnread.TeamId != th.BasicTeam.Id { 237 t.Fatal("wrong team id returned for regular user call") 238 } 239 240 _, resp = Client.GetTeamUnread("junk", th.BasicUser.Id) 241 CheckBadRequestStatus(t, resp) 242 243 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, "junk") 244 CheckBadRequestStatus(t, resp) 245 246 _, resp = Client.GetTeamUnread(model.NewId(), th.BasicUser.Id) 247 CheckForbiddenStatus(t, resp) 248 249 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, model.NewId()) 250 CheckForbiddenStatus(t, resp) 251 252 Client.Logout() 253 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 254 CheckUnauthorizedStatus(t, resp) 255 256 teamUnread, resp = th.SystemAdminClient.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 257 CheckNoError(t, resp) 258 if teamUnread.TeamId != th.BasicTeam.Id { 259 t.Fatal("wrong team id returned") 260 } 261 } 262 263 func TestUpdateTeam(t *testing.T) { 264 th := Setup().InitBasic() 265 defer th.TearDown() 266 Client := th.Client 267 268 team := &model.Team{DisplayName: "Name", Description: "Some description", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 269 team, _ = Client.CreateTeam(team) 270 271 team.Description = "updated description" 272 uteam, resp := Client.UpdateTeam(team) 273 CheckNoError(t, resp) 274 275 if uteam.Description != "updated description" { 276 t.Fatal("Update failed") 277 } 278 279 team.DisplayName = "Updated Name" 280 uteam, resp = Client.UpdateTeam(team) 281 CheckNoError(t, resp) 282 283 if uteam.DisplayName != "Updated Name" { 284 t.Fatal("Update failed") 285 } 286 287 // Test GroupConstrained flag 288 team.GroupConstrained = model.NewBool(true) 289 rteam, resp := Client.UpdateTeam(team) 290 CheckNoError(t, resp) 291 CheckOKStatus(t, resp) 292 293 if *rteam.GroupConstrained != *team.GroupConstrained { 294 t.Fatal("GroupConstrained flags do not match") 295 } 296 team.GroupConstrained = nil 297 298 team.AllowOpenInvite = true 299 uteam, resp = Client.UpdateTeam(team) 300 CheckNoError(t, resp) 301 302 if !uteam.AllowOpenInvite { 303 t.Fatal("Update failed") 304 } 305 306 team.InviteId = "inviteid1" 307 uteam, resp = Client.UpdateTeam(team) 308 CheckNoError(t, resp) 309 310 if uteam.InviteId == "inviteid1" { 311 t.Fatal("InviteID should not be updated") 312 } 313 314 team.AllowedDomains = "domain" 315 uteam, resp = Client.UpdateTeam(team) 316 CheckNoError(t, resp) 317 318 if uteam.AllowedDomains != "domain" { 319 t.Fatal("Update failed") 320 } 321 322 team.Name = "Updated name" 323 uteam, resp = Client.UpdateTeam(team) 324 CheckNoError(t, resp) 325 326 if uteam.Name == "Updated name" { 327 t.Fatal("Should not update name") 328 } 329 330 team.Email = "test@domain.com" 331 uteam, resp = Client.UpdateTeam(team) 332 CheckNoError(t, resp) 333 334 if uteam.Email == "test@domain.com" { 335 t.Fatal("Should not update email") 336 } 337 338 team.Type = model.TEAM_INVITE 339 uteam, resp = Client.UpdateTeam(team) 340 CheckNoError(t, resp) 341 342 if uteam.Type == model.TEAM_INVITE { 343 t.Fatal("Should not update type") 344 } 345 346 originalTeamId := team.Id 347 team.Id = model.NewId() 348 349 r, _ := Client.DoApiPut(Client.GetTeamRoute(originalTeamId), team.ToJson()) 350 assert.Equal(t, http.StatusBadRequest, r.StatusCode) 351 352 if uteam.Id != originalTeamId { 353 t.Fatal("wrong team id") 354 } 355 356 team.Id = "fake" 357 _, resp = Client.UpdateTeam(team) 358 CheckBadRequestStatus(t, resp) 359 360 Client.Logout() 361 _, resp = Client.UpdateTeam(team) 362 CheckUnauthorizedStatus(t, resp) 363 364 team.Id = originalTeamId 365 _, resp = th.SystemAdminClient.UpdateTeam(team) 366 CheckNoError(t, resp) 367 } 368 369 func TestUpdateTeamSanitization(t *testing.T) { 370 th := Setup().InitBasic() 371 defer th.TearDown() 372 373 team, resp := th.Client.CreateTeam(&model.Team{ 374 DisplayName: t.Name() + "_1", 375 Name: GenerateTestTeamName(), 376 Email: th.GenerateTestEmail(), 377 Type: model.TEAM_OPEN, 378 AllowedDomains: "simulator.amazonses.com,dockerhost", 379 }) 380 CheckNoError(t, resp) 381 382 // Non-admin users cannot update the team 383 384 t.Run("team admin", func(t *testing.T) { 385 rteam, resp := th.Client.UpdateTeam(team) 386 CheckNoError(t, resp) 387 if rteam.Email == "" { 388 t.Fatal("should not have sanitized email for admin") 389 } 390 }) 391 392 t.Run("system admin", func(t *testing.T) { 393 rteam, resp := th.SystemAdminClient.UpdateTeam(team) 394 CheckNoError(t, resp) 395 if rteam.Email == "" { 396 t.Fatal("should not have sanitized email for admin") 397 } 398 }) 399 } 400 401 func TestPatchTeam(t *testing.T) { 402 th := Setup().InitBasic() 403 defer th.TearDown() 404 Client := th.Client 405 406 team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 407 team, _ = Client.CreateTeam(team) 408 409 patch := &model.TeamPatch{} 410 411 patch.DisplayName = model.NewString("Other name") 412 patch.Description = model.NewString("Other description") 413 patch.CompanyName = model.NewString("Other company name") 414 patch.AllowOpenInvite = model.NewBool(true) 415 416 rteam, resp := Client.PatchTeam(team.Id, patch) 417 CheckNoError(t, resp) 418 419 if rteam.DisplayName != "Other name" { 420 t.Fatal("DisplayName did not update properly") 421 } 422 if rteam.Description != "Other description" { 423 t.Fatal("Description did not update properly") 424 } 425 if rteam.CompanyName != "Other company name" { 426 t.Fatal("CompanyName did not update properly") 427 } 428 if rteam.InviteId == "inviteid1" { 429 t.Fatal("InviteId should not update") 430 } 431 if !rteam.AllowOpenInvite { 432 t.Fatal("AllowOpenInvite did not update properly") 433 } 434 435 // Test GroupConstrained flag 436 patch.GroupConstrained = model.NewBool(true) 437 rteam, resp = Client.PatchTeam(team.Id, patch) 438 CheckNoError(t, resp) 439 CheckOKStatus(t, resp) 440 441 if *rteam.GroupConstrained != *patch.GroupConstrained { 442 t.Fatal("GroupConstrained flags do not match") 443 } 444 patch.GroupConstrained = nil 445 446 _, resp = Client.PatchTeam("junk", patch) 447 CheckBadRequestStatus(t, resp) 448 449 _, resp = Client.PatchTeam(GenerateTestId(), patch) 450 CheckForbiddenStatus(t, resp) 451 452 if r, err := Client.DoApiPut("/teams/"+team.Id+"/patch", "garbage"); err == nil { 453 t.Fatal("should have errored") 454 } else { 455 if r.StatusCode != http.StatusBadRequest { 456 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 457 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 458 t.Fatal("wrong status code") 459 } 460 } 461 462 Client.Logout() 463 _, resp = Client.PatchTeam(team.Id, patch) 464 CheckUnauthorizedStatus(t, resp) 465 466 th.LoginBasic2() 467 _, resp = Client.PatchTeam(team.Id, patch) 468 CheckForbiddenStatus(t, resp) 469 470 _, resp = th.SystemAdminClient.PatchTeam(team.Id, patch) 471 CheckNoError(t, resp) 472 } 473 474 func TestPatchTeamSanitization(t *testing.T) { 475 th := Setup().InitBasic() 476 defer th.TearDown() 477 478 team, resp := th.Client.CreateTeam(&model.Team{ 479 DisplayName: t.Name() + "_1", 480 Name: GenerateTestTeamName(), 481 Email: th.GenerateTestEmail(), 482 Type: model.TEAM_OPEN, 483 AllowedDomains: "simulator.amazonses.com,dockerhost", 484 }) 485 CheckNoError(t, resp) 486 487 // Non-admin users cannot update the team 488 489 t.Run("team admin", func(t *testing.T) { 490 rteam, resp := th.Client.PatchTeam(team.Id, &model.TeamPatch{}) 491 CheckNoError(t, resp) 492 if rteam.Email == "" { 493 t.Fatal("should not have sanitized email for admin") 494 } 495 }) 496 497 t.Run("system admin", func(t *testing.T) { 498 rteam, resp := th.SystemAdminClient.PatchTeam(team.Id, &model.TeamPatch{}) 499 CheckNoError(t, resp) 500 if rteam.Email == "" { 501 t.Fatal("should not have sanitized email for admin") 502 } 503 }) 504 } 505 506 func TestRegenerateTeamInviteId(t *testing.T) { 507 th := Setup().InitBasic() 508 defer th.TearDown() 509 Client := th.Client 510 511 team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 512 team, _ = Client.CreateTeam(team) 513 514 assert.NotEqual(t, team.InviteId, "") 515 assert.NotEqual(t, team.InviteId, "inviteid0") 516 517 rteam, resp := Client.RegenerateTeamInviteId(team.Id) 518 CheckNoError(t, resp) 519 520 assert.NotEqual(t, team.InviteId, rteam.InviteId) 521 assert.NotEqual(t, team.InviteId, "") 522 } 523 524 func TestSoftDeleteTeam(t *testing.T) { 525 th := Setup().InitBasic() 526 defer th.TearDown() 527 Client := th.Client 528 529 team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN} 530 team, _ = Client.CreateTeam(team) 531 532 ok, resp := Client.SoftDeleteTeam(team.Id) 533 CheckNoError(t, resp) 534 535 if !ok { 536 t.Fatal("should have returned true") 537 } 538 539 rteam, err := th.App.GetTeam(team.Id) 540 if err != nil { 541 t.Fatal("should have returned archived team") 542 } 543 if rteam.DeleteAt == 0 { 544 t.Fatal("should have not set to zero") 545 } 546 547 ok, resp = Client.SoftDeleteTeam("junk") 548 CheckBadRequestStatus(t, resp) 549 550 if ok { 551 t.Fatal("should have returned false") 552 } 553 554 otherTeam := th.BasicTeam 555 _, resp = Client.SoftDeleteTeam(otherTeam.Id) 556 CheckForbiddenStatus(t, resp) 557 558 Client.Logout() 559 _, resp = Client.SoftDeleteTeam(otherTeam.Id) 560 CheckUnauthorizedStatus(t, resp) 561 562 _, resp = th.SystemAdminClient.SoftDeleteTeam(otherTeam.Id) 563 CheckNoError(t, resp) 564 } 565 566 func TestPermanentDeleteTeam(t *testing.T) { 567 th := Setup().InitBasic() 568 defer th.TearDown() 569 Client := th.Client 570 571 team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN} 572 team, _ = Client.CreateTeam(team) 573 574 enableAPITeamDeletion := *th.App.Config().ServiceSettings.EnableAPITeamDeletion 575 defer func() { 576 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableAPITeamDeletion = &enableAPITeamDeletion }) 577 }() 578 579 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = false }) 580 581 // Does not error when deletion is disabled, just soft deletes 582 ok, resp := Client.PermanentDeleteTeam(team.Id) 583 CheckNoError(t, resp) 584 assert.True(t, ok) 585 586 rteam, err := th.App.GetTeam(team.Id) 587 assert.Nil(t, err) 588 assert.True(t, rteam.DeleteAt > 0) 589 590 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = true }) 591 592 ok, resp = Client.PermanentDeleteTeam(team.Id) 593 CheckNoError(t, resp) 594 assert.True(t, ok) 595 596 _, err = th.App.GetTeam(team.Id) 597 assert.NotNil(t, err) 598 599 ok, resp = Client.PermanentDeleteTeam("junk") 600 CheckBadRequestStatus(t, resp) 601 602 if ok { 603 t.Fatal("should have returned false") 604 } 605 } 606 607 func TestGetAllTeams(t *testing.T) { 608 th := Setup().InitBasic() 609 defer th.TearDown() 610 Client := th.Client 611 612 team1 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true} 613 team1, resp := Client.CreateTeam(team1) 614 CheckNoError(t, resp) 615 616 team2 := &model.Team{DisplayName: "Name2", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true} 617 team2, resp = Client.CreateTeam(team2) 618 CheckNoError(t, resp) 619 620 team3 := &model.Team{DisplayName: "Name3", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 621 team3, resp = Client.CreateTeam(team3) 622 CheckNoError(t, resp) 623 624 testCases := []struct { 625 Name string 626 Page int 627 PerPage int 628 Permissions []string 629 ExpectedTeams []string 630 WithCount bool 631 ExpectedCount int64 632 }{ 633 { 634 Name: "Get 1 team per page", 635 Page: 0, 636 PerPage: 1, 637 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 638 ExpectedTeams: []string{team1.Id}, 639 }, 640 { 641 Name: "Get second page with 1 team per page", 642 Page: 1, 643 PerPage: 1, 644 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 645 ExpectedTeams: []string{team2.Id}, 646 }, 647 { 648 Name: "Get no items per page", 649 Page: 1, 650 PerPage: 0, 651 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 652 ExpectedTeams: []string{}, 653 }, 654 { 655 Name: "Get all open teams", 656 Page: 0, 657 PerPage: 10, 658 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 659 ExpectedTeams: []string{team1.Id, team2.Id}, 660 }, 661 { 662 Name: "Get all private teams", 663 Page: 0, 664 PerPage: 10, 665 Permissions: []string{model.PERMISSION_LIST_PRIVATE_TEAMS.Id}, 666 ExpectedTeams: []string{th.BasicTeam.Id, team3.Id}, 667 }, 668 { 669 Name: "Get all teams", 670 Page: 0, 671 PerPage: 10, 672 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.PERMISSION_LIST_PRIVATE_TEAMS.Id}, 673 ExpectedTeams: []string{th.BasicTeam.Id, team1.Id, team2.Id, team3.Id}, 674 }, 675 { 676 Name: "Get no teams because permissions", 677 Page: 0, 678 PerPage: 10, 679 Permissions: []string{}, 680 ExpectedTeams: []string{}, 681 }, 682 { 683 Name: "Get all teams with count", 684 Page: 0, 685 PerPage: 10, 686 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.PERMISSION_LIST_PRIVATE_TEAMS.Id}, 687 ExpectedTeams: []string{th.BasicTeam.Id, team1.Id, team2.Id, team3.Id}, 688 WithCount: true, 689 ExpectedCount: 4, 690 }, 691 } 692 693 for _, tc := range testCases { 694 t.Run(tc.Name, func(t *testing.T) { 695 defaultRolePermissions := th.SaveDefaultRolePermissions() 696 defer func() { 697 th.RestoreDefaultRolePermissions(defaultRolePermissions) 698 }() 699 th.RemovePermissionFromRole(model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 700 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 701 th.RemovePermissionFromRole(model.PERMISSION_LIST_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 702 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 703 for _, permission := range tc.Permissions { 704 th.AddPermissionToRole(permission, model.SYSTEM_USER_ROLE_ID) 705 } 706 707 var teams []*model.Team 708 var count int64 709 if tc.WithCount { 710 teams, count, resp = Client.GetAllTeamsWithTotalCount("", tc.Page, tc.PerPage) 711 } else { 712 teams, resp = Client.GetAllTeams("", tc.Page, tc.PerPage) 713 } 714 CheckNoError(t, resp) 715 require.Equal(t, len(tc.ExpectedTeams), len(teams)) 716 for idx, team := range teams { 717 assert.Equal(t, tc.ExpectedTeams[idx], team.Id) 718 } 719 require.Equal(t, tc.ExpectedCount, count) 720 }) 721 } 722 723 t.Run("Unauthorized", func(t *testing.T) { 724 Client.Logout() 725 _, resp = Client.GetAllTeams("", 1, 10) 726 CheckUnauthorizedStatus(t, resp) 727 }) 728 } 729 730 func TestGetAllTeamsSanitization(t *testing.T) { 731 th := Setup().InitBasic() 732 defer th.TearDown() 733 734 team, resp := th.Client.CreateTeam(&model.Team{ 735 DisplayName: t.Name() + "_1", 736 Name: GenerateTestTeamName(), 737 Email: th.GenerateTestEmail(), 738 Type: model.TEAM_OPEN, 739 AllowedDomains: "simulator.amazonses.com,dockerhost", 740 AllowOpenInvite: true, 741 }) 742 CheckNoError(t, resp) 743 team2, resp := th.SystemAdminClient.CreateTeam(&model.Team{ 744 DisplayName: t.Name() + "_2", 745 Name: GenerateTestTeamName(), 746 Email: th.GenerateTestEmail(), 747 Type: model.TEAM_OPEN, 748 AllowedDomains: "simulator.amazonses.com,dockerhost", 749 AllowOpenInvite: true, 750 }) 751 CheckNoError(t, resp) 752 753 // This may not work if the server has over 1000 open teams on it 754 755 t.Run("team admin/non-admin", func(t *testing.T) { 756 teamFound := false 757 team2Found := false 758 759 rteams, resp := th.Client.GetAllTeams("", 0, 1000) 760 CheckNoError(t, resp) 761 for _, rteam := range rteams { 762 if rteam.Id == team.Id { 763 teamFound = true 764 if rteam.Email == "" { 765 t.Fatal("should not have sanitized email for team admin") 766 } 767 } else if rteam.Id == team2.Id { 768 team2Found = true 769 if rteam.Email != "" { 770 t.Fatal("should've sanitized email for non-admin") 771 } 772 } 773 } 774 775 if !teamFound || !team2Found { 776 t.Fatal("wasn't returned the expected teams so the test wasn't run correctly") 777 } 778 }) 779 780 t.Run("system admin", func(t *testing.T) { 781 rteams, resp := th.SystemAdminClient.GetAllTeams("", 0, 1000) 782 CheckNoError(t, resp) 783 for _, rteam := range rteams { 784 if rteam.Id != team.Id && rteam.Id != team2.Id { 785 continue 786 } 787 788 if rteam.Email == "" { 789 t.Fatal("should not have sanitized email") 790 } 791 } 792 }) 793 } 794 795 func TestGetTeamByName(t *testing.T) { 796 th := Setup().InitBasic() 797 defer th.TearDown() 798 Client := th.Client 799 team := th.BasicTeam 800 801 rteam, resp := Client.GetTeamByName(team.Name, "") 802 CheckNoError(t, resp) 803 804 if rteam.Name != team.Name { 805 t.Fatal("wrong team") 806 } 807 808 _, resp = Client.GetTeamByName("junk", "") 809 CheckNotFoundStatus(t, resp) 810 811 _, resp = Client.GetTeamByName("", "") 812 CheckNotFoundStatus(t, resp) 813 814 _, resp = th.SystemAdminClient.GetTeamByName(strings.ToUpper(team.Name), "") 815 CheckNoError(t, resp) 816 817 Client.Logout() 818 _, resp = Client.GetTeamByName(team.Name, "") 819 CheckUnauthorizedStatus(t, resp) 820 821 _, resp = th.SystemAdminClient.GetTeamByName(team.Name, "") 822 CheckNoError(t, resp) 823 824 th.LoginTeamAdmin() 825 826 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 827 rteam2, _ := Client.CreateTeam(team2) 828 829 team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true} 830 rteam3, _ := Client.CreateTeam(team3) 831 832 th.LoginBasic() 833 // AllowInviteOpen is false and team is open, and user is not on team 834 _, resp = Client.GetTeamByName(rteam2.Name, "") 835 CheckForbiddenStatus(t, resp) 836 837 // AllowInviteOpen is true and team is invite only, and user is not on team 838 _, resp = Client.GetTeamByName(rteam3.Name, "") 839 CheckForbiddenStatus(t, resp) 840 } 841 842 func TestGetTeamByNameSanitization(t *testing.T) { 843 th := Setup().InitBasic() 844 defer th.TearDown() 845 846 team, resp := th.Client.CreateTeam(&model.Team{ 847 DisplayName: t.Name() + "_1", 848 Name: GenerateTestTeamName(), 849 Email: th.GenerateTestEmail(), 850 Type: model.TEAM_OPEN, 851 AllowedDomains: "simulator.amazonses.com,dockerhost", 852 }) 853 CheckNoError(t, resp) 854 855 t.Run("team user", func(t *testing.T) { 856 th.LinkUserToTeam(th.BasicUser2, team) 857 858 client := th.CreateClient() 859 th.LoginBasic2WithClient(client) 860 861 rteam, resp := client.GetTeamByName(team.Name, "") 862 CheckNoError(t, resp) 863 if rteam.Email != "" { 864 t.Fatal("should've sanitized email") 865 } 866 }) 867 868 t.Run("team admin/non-admin", func(t *testing.T) { 869 rteam, resp := th.Client.GetTeamByName(team.Name, "") 870 CheckNoError(t, resp) 871 if rteam.Email == "" { 872 t.Fatal("should not have sanitized email") 873 } 874 }) 875 876 t.Run("system admin", func(t *testing.T) { 877 rteam, resp := th.SystemAdminClient.GetTeamByName(team.Name, "") 878 CheckNoError(t, resp) 879 if rteam.Email == "" { 880 t.Fatal("should not have sanitized email") 881 } 882 }) 883 } 884 885 func TestSearchAllTeams(t *testing.T) { 886 th := Setup().InitBasic() 887 defer th.TearDown() 888 Client := th.Client 889 oTeam := th.BasicTeam 890 oTeam.AllowOpenInvite = true 891 892 if updatedTeam, err := th.App.UpdateTeam(oTeam); err != nil { 893 t.Fatal(err) 894 } else { 895 oTeam.UpdateAt = updatedTeam.UpdateAt 896 } 897 898 pTeam := &model.Team{DisplayName: "PName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE} 899 Client.CreateTeam(pTeam) 900 901 rteams, resp := Client.SearchTeams(&model.TeamSearch{Term: oTeam.Name}) 902 CheckNoError(t, resp) 903 904 if len(rteams) != 1 { 905 t.Fatal("should have returned 1 team") 906 } 907 908 if oTeam.Id != rteams[0].Id { 909 t.Fatal("invalid team") 910 } 911 912 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: oTeam.DisplayName}) 913 CheckNoError(t, resp) 914 915 if len(rteams) != 1 { 916 t.Fatal("should have returned 1 team") 917 } 918 919 if rteams[0].Id != oTeam.Id { 920 t.Fatal("invalid team") 921 } 922 923 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name}) 924 CheckNoError(t, resp) 925 926 if len(rteams) != 0 { 927 t.Fatal("should have not returned team") 928 } 929 930 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 931 CheckNoError(t, resp) 932 933 if len(rteams) != 0 { 934 t.Fatal("should have not returned team") 935 } 936 937 rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: oTeam.Name}) 938 CheckNoError(t, resp) 939 940 if len(rteams) != 1 { 941 t.Fatal("should have returned 1 team") 942 } 943 944 rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 945 CheckNoError(t, resp) 946 947 if len(rteams) != 1 { 948 t.Fatal("should have returned 1 team") 949 } 950 951 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: "junk"}) 952 CheckNoError(t, resp) 953 954 if len(rteams) != 0 { 955 t.Fatal("should have not returned team") 956 } 957 958 Client.Logout() 959 960 _, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name}) 961 CheckUnauthorizedStatus(t, resp) 962 963 _, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 964 CheckUnauthorizedStatus(t, resp) 965 } 966 967 func TestSearchAllTeamsSanitization(t *testing.T) { 968 th := Setup().InitBasic() 969 defer th.TearDown() 970 971 team, resp := th.Client.CreateTeam(&model.Team{ 972 DisplayName: t.Name() + "_1", 973 Name: GenerateTestTeamName(), 974 Email: th.GenerateTestEmail(), 975 Type: model.TEAM_OPEN, 976 AllowedDomains: "simulator.amazonses.com,dockerhost", 977 }) 978 CheckNoError(t, resp) 979 team2, resp := th.Client.CreateTeam(&model.Team{ 980 DisplayName: t.Name() + "_2", 981 Name: GenerateTestTeamName(), 982 Email: th.GenerateTestEmail(), 983 Type: model.TEAM_OPEN, 984 AllowedDomains: "simulator.amazonses.com,dockerhost", 985 }) 986 CheckNoError(t, resp) 987 988 t.Run("non-team user", func(t *testing.T) { 989 client := th.CreateClient() 990 th.LoginBasic2WithClient(client) 991 992 rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 993 CheckNoError(t, resp) 994 for _, rteam := range rteams { 995 if rteam.Email != "" { 996 t.Fatal("should've sanitized email") 997 } else if rteam.AllowedDomains != "" { 998 t.Fatal("should've sanitized allowed domains") 999 } 1000 } 1001 }) 1002 1003 t.Run("team user", func(t *testing.T) { 1004 th.LinkUserToTeam(th.BasicUser2, team) 1005 1006 client := th.CreateClient() 1007 th.LoginBasic2WithClient(client) 1008 1009 rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 1010 CheckNoError(t, resp) 1011 for _, rteam := range rteams { 1012 if rteam.Email != "" { 1013 t.Fatal("should've sanitized email") 1014 } else if rteam.AllowedDomains != "" { 1015 t.Fatal("should've sanitized allowed domains") 1016 } 1017 } 1018 }) 1019 1020 t.Run("team admin", func(t *testing.T) { 1021 rteams, resp := th.Client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 1022 CheckNoError(t, resp) 1023 for _, rteam := range rteams { 1024 if rteam.Id == team.Id || rteam.Id == team2.Id || rteam.Id == th.BasicTeam.Id { 1025 if rteam.Email == "" { 1026 t.Fatal("should not have sanitized email") 1027 } 1028 } 1029 } 1030 }) 1031 1032 t.Run("system admin", func(t *testing.T) { 1033 rteams, resp := th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: t.Name()}) 1034 CheckNoError(t, resp) 1035 for _, rteam := range rteams { 1036 if rteam.Email == "" { 1037 t.Fatal("should not have sanitized email") 1038 } 1039 } 1040 }) 1041 } 1042 1043 func TestGetTeamsForUser(t *testing.T) { 1044 th := Setup().InitBasic() 1045 defer th.TearDown() 1046 Client := th.Client 1047 1048 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE} 1049 rteam2, _ := Client.CreateTeam(team2) 1050 1051 teams, resp := Client.GetTeamsForUser(th.BasicUser.Id, "") 1052 CheckNoError(t, resp) 1053 1054 if len(teams) != 2 { 1055 t.Fatal("wrong number of teams") 1056 } 1057 1058 found1 := false 1059 found2 := false 1060 for _, t := range teams { 1061 if t.Id == th.BasicTeam.Id { 1062 found1 = true 1063 } else if t.Id == rteam2.Id { 1064 found2 = true 1065 } 1066 } 1067 1068 if !found1 || !found2 { 1069 t.Fatal("missing team") 1070 } 1071 1072 _, resp = Client.GetTeamsForUser("junk", "") 1073 CheckBadRequestStatus(t, resp) 1074 1075 _, resp = Client.GetTeamsForUser(model.NewId(), "") 1076 CheckForbiddenStatus(t, resp) 1077 1078 _, resp = Client.GetTeamsForUser(th.BasicUser2.Id, "") 1079 CheckForbiddenStatus(t, resp) 1080 1081 _, resp = th.SystemAdminClient.GetTeamsForUser(th.BasicUser2.Id, "") 1082 CheckNoError(t, resp) 1083 } 1084 1085 func TestGetTeamsForUserSanitization(t *testing.T) { 1086 th := Setup().InitBasic() 1087 defer th.TearDown() 1088 1089 team, resp := th.Client.CreateTeam(&model.Team{ 1090 DisplayName: t.Name() + "_1", 1091 Name: GenerateTestTeamName(), 1092 Email: th.GenerateTestEmail(), 1093 Type: model.TEAM_OPEN, 1094 AllowedDomains: "simulator.amazonses.com,dockerhost", 1095 }) 1096 CheckNoError(t, resp) 1097 team2, resp := th.Client.CreateTeam(&model.Team{ 1098 DisplayName: t.Name() + "_2", 1099 Name: GenerateTestTeamName(), 1100 Email: th.GenerateTestEmail(), 1101 Type: model.TEAM_OPEN, 1102 AllowedDomains: "simulator.amazonses.com,dockerhost", 1103 }) 1104 CheckNoError(t, resp) 1105 1106 t.Run("team user", func(t *testing.T) { 1107 th.LinkUserToTeam(th.BasicUser2, team) 1108 th.LinkUserToTeam(th.BasicUser2, team2) 1109 1110 client := th.CreateClient() 1111 th.LoginBasic2WithClient(client) 1112 1113 rteams, resp := client.GetTeamsForUser(th.BasicUser2.Id, "") 1114 CheckNoError(t, resp) 1115 for _, rteam := range rteams { 1116 if rteam.Id != team.Id && rteam.Id != team2.Id { 1117 continue 1118 } 1119 1120 if rteam.Email != "" { 1121 t.Fatal("should've sanitized email") 1122 } 1123 } 1124 }) 1125 1126 t.Run("team admin", func(t *testing.T) { 1127 rteams, resp := th.Client.GetTeamsForUser(th.BasicUser.Id, "") 1128 CheckNoError(t, resp) 1129 for _, rteam := range rteams { 1130 if rteam.Id != team.Id && rteam.Id != team2.Id { 1131 continue 1132 } 1133 1134 if rteam.Email == "" { 1135 t.Fatal("should not have sanitized email") 1136 } 1137 } 1138 }) 1139 1140 t.Run("system admin", func(t *testing.T) { 1141 rteams, resp := th.SystemAdminClient.GetTeamsForUser(th.BasicUser.Id, "") 1142 CheckNoError(t, resp) 1143 for _, rteam := range rteams { 1144 if rteam.Id != team.Id && rteam.Id != team2.Id { 1145 continue 1146 } 1147 1148 if rteam.Email == "" { 1149 t.Fatal("should not have sanitized email") 1150 } 1151 } 1152 }) 1153 } 1154 1155 func TestGetTeamMember(t *testing.T) { 1156 th := Setup().InitBasic() 1157 defer th.TearDown() 1158 Client := th.Client 1159 team := th.BasicTeam 1160 user := th.BasicUser 1161 1162 rmember, resp := Client.GetTeamMember(team.Id, user.Id, "") 1163 CheckNoError(t, resp) 1164 1165 if rmember.TeamId != team.Id { 1166 t.Fatal("wrong team id") 1167 } 1168 1169 if rmember.UserId != user.Id { 1170 t.Fatal("wrong team id") 1171 } 1172 1173 _, resp = Client.GetTeamMember("junk", user.Id, "") 1174 CheckBadRequestStatus(t, resp) 1175 1176 _, resp = Client.GetTeamMember(team.Id, "junk", "") 1177 CheckBadRequestStatus(t, resp) 1178 1179 _, resp = Client.GetTeamMember("junk", "junk", "") 1180 CheckBadRequestStatus(t, resp) 1181 1182 _, resp = Client.GetTeamMember(team.Id, model.NewId(), "") 1183 CheckNotFoundStatus(t, resp) 1184 1185 _, resp = Client.GetTeamMember(model.NewId(), user.Id, "") 1186 CheckForbiddenStatus(t, resp) 1187 1188 _, resp = th.SystemAdminClient.GetTeamMember(team.Id, user.Id, "") 1189 CheckNoError(t, resp) 1190 } 1191 1192 func TestGetTeamMembers(t *testing.T) { 1193 th := Setup().InitBasic() 1194 defer th.TearDown() 1195 Client := th.Client 1196 team := th.BasicTeam 1197 userNotMember := th.CreateUser() 1198 1199 rmembers, resp := Client.GetTeamMembers(team.Id, 0, 100, "") 1200 CheckNoError(t, resp) 1201 1202 t.Logf("rmembers count %v\n", len(rmembers)) 1203 1204 if len(rmembers) == 0 { 1205 t.Fatal("should have results") 1206 } 1207 1208 for _, rmember := range rmembers { 1209 if rmember.TeamId != team.Id || rmember.UserId == userNotMember.Id { 1210 t.Fatal("user should be a member of team") 1211 } 1212 } 1213 1214 rmembers, resp = Client.GetTeamMembers(team.Id, 0, 1, "") 1215 CheckNoError(t, resp) 1216 if len(rmembers) != 1 { 1217 t.Fatal("should be 1 per page") 1218 } 1219 1220 rmembers, resp = Client.GetTeamMembers(team.Id, 1, 1, "") 1221 CheckNoError(t, resp) 1222 if len(rmembers) != 1 { 1223 t.Fatal("should be 1 per page") 1224 } 1225 1226 rmembers, resp = Client.GetTeamMembers(team.Id, 10000, 100, "") 1227 CheckNoError(t, resp) 1228 if len(rmembers) != 0 { 1229 t.Fatal("should be no member") 1230 } 1231 1232 rmembers, resp = Client.GetTeamMembers(team.Id, 0, 2, "") 1233 CheckNoError(t, resp) 1234 rmembers2, resp := Client.GetTeamMembers(team.Id, 1, 2, "") 1235 CheckNoError(t, resp) 1236 1237 for _, tm1 := range rmembers { 1238 for _, tm2 := range rmembers2 { 1239 assert.NotEqual(t, tm1.UserId+tm1.TeamId, tm2.UserId+tm2.TeamId, "different pages should not have the same members") 1240 } 1241 } 1242 1243 _, resp = Client.GetTeamMembers("junk", 0, 100, "") 1244 CheckBadRequestStatus(t, resp) 1245 1246 _, resp = Client.GetTeamMembers(model.NewId(), 0, 100, "") 1247 CheckForbiddenStatus(t, resp) 1248 1249 Client.Logout() 1250 _, resp = Client.GetTeamMembers(team.Id, 0, 1, "") 1251 CheckUnauthorizedStatus(t, resp) 1252 1253 _, resp = th.SystemAdminClient.GetTeamMembers(team.Id, 0, 100, "") 1254 CheckNoError(t, resp) 1255 } 1256 1257 func TestGetTeamMembersForUser(t *testing.T) { 1258 th := Setup().InitBasic() 1259 defer th.TearDown() 1260 Client := th.Client 1261 1262 members, resp := Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1263 CheckNoError(t, resp) 1264 1265 found := false 1266 for _, m := range members { 1267 if m.TeamId == th.BasicTeam.Id { 1268 found = true 1269 } 1270 } 1271 1272 if !found { 1273 t.Fatal("missing team member") 1274 } 1275 1276 _, resp = Client.GetTeamMembersForUser("junk", "") 1277 CheckBadRequestStatus(t, resp) 1278 1279 _, resp = Client.GetTeamMembersForUser(model.NewId(), "") 1280 CheckForbiddenStatus(t, resp) 1281 1282 Client.Logout() 1283 _, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1284 CheckUnauthorizedStatus(t, resp) 1285 1286 user := th.CreateUser() 1287 Client.Login(user.Email, user.Password) 1288 _, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1289 CheckForbiddenStatus(t, resp) 1290 1291 _, resp = th.SystemAdminClient.GetTeamMembersForUser(th.BasicUser.Id, "") 1292 CheckNoError(t, resp) 1293 } 1294 1295 func TestGetTeamMembersByIds(t *testing.T) { 1296 th := Setup().InitBasic() 1297 defer th.TearDown() 1298 Client := th.Client 1299 1300 tm, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id}) 1301 CheckNoError(t, resp) 1302 1303 if tm[0].UserId != th.BasicUser.Id { 1304 t.Fatal("returned wrong user") 1305 } 1306 1307 _, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{}) 1308 CheckBadRequestStatus(t, resp) 1309 1310 tm1, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk"}) 1311 CheckNoError(t, resp) 1312 if len(tm1) > 0 { 1313 t.Fatal("no users should be returned") 1314 } 1315 1316 tm1, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk", th.BasicUser.Id}) 1317 CheckNoError(t, resp) 1318 if len(tm1) != 1 { 1319 t.Fatal("1 user should be returned") 1320 } 1321 1322 _, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id}) 1323 CheckBadRequestStatus(t, resp) 1324 1325 _, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id}) 1326 CheckForbiddenStatus(t, resp) 1327 1328 Client.Logout() 1329 _, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id}) 1330 CheckUnauthorizedStatus(t, resp) 1331 } 1332 1333 func TestAddTeamMember(t *testing.T) { 1334 th := Setup().InitBasic() 1335 defer th.TearDown() 1336 Client := th.Client 1337 team := th.BasicTeam 1338 otherUser := th.CreateUser() 1339 1340 if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil { 1341 t.Fatalf(err.Error()) 1342 } 1343 1344 // Regular user can't add a member to a team they don't belong to. 1345 th.LoginBasic2() 1346 _, resp := Client.AddTeamMember(team.Id, otherUser.Id) 1347 CheckForbiddenStatus(t, resp) 1348 if resp.Error == nil { 1349 t.Fatalf("Error is nil") 1350 } 1351 Client.Logout() 1352 1353 // Regular user can add a member to a team they belong to. 1354 th.LoginBasic() 1355 tm, resp := Client.AddTeamMember(team.Id, otherUser.Id) 1356 CheckNoError(t, resp) 1357 CheckCreatedStatus(t, resp) 1358 1359 // Check all the returned data. 1360 if tm == nil { 1361 t.Fatal("should have returned team member") 1362 } 1363 1364 if tm.UserId != otherUser.Id { 1365 t.Fatal("user ids should have matched") 1366 } 1367 1368 if tm.TeamId != team.Id { 1369 t.Fatal("team ids should have matched") 1370 } 1371 1372 // Check with various invalid requests. 1373 tm, resp = Client.AddTeamMember(team.Id, "junk") 1374 CheckBadRequestStatus(t, resp) 1375 1376 if tm != nil { 1377 t.Fatal("should have not returned team member") 1378 } 1379 1380 _, resp = Client.AddTeamMember("junk", otherUser.Id) 1381 CheckBadRequestStatus(t, resp) 1382 1383 _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id) 1384 CheckForbiddenStatus(t, resp) 1385 1386 _, resp = Client.AddTeamMember(team.Id, GenerateTestId()) 1387 CheckNotFoundStatus(t, resp) 1388 1389 Client.Logout() 1390 1391 // Check the appropriate permissions are enforced. 1392 defaultRolePermissions := th.SaveDefaultRolePermissions() 1393 defer func() { 1394 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1395 }() 1396 1397 // Set the config so that only team admins can add a user to a team. 1398 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1399 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1400 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1401 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1402 1403 th.LoginBasic() 1404 1405 // Check that a regular user can't add someone to the team. 1406 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1407 CheckForbiddenStatus(t, resp) 1408 1409 // Update user to team admin 1410 th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) 1411 th.App.InvalidateAllCaches() 1412 th.LoginBasic() 1413 1414 // Should work as a team admin. 1415 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1416 CheckNoError(t, resp) 1417 1418 // Change permission level to team user 1419 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1420 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1421 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1422 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1423 1424 th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) 1425 th.App.InvalidateAllCaches() 1426 th.LoginBasic() 1427 1428 // Should work as a regular user. 1429 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1430 CheckNoError(t, resp) 1431 1432 // by token 1433 Client.Login(otherUser.Email, otherUser.Password) 1434 1435 token := model.NewToken( 1436 app.TOKEN_TYPE_TEAM_INVITATION, 1437 model.MapToJson(map[string]string{"teamId": team.Id}), 1438 ) 1439 require.Nil(t, th.App.Srv.Store.Token().Save(token)) 1440 1441 tm, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1442 CheckNoError(t, resp) 1443 1444 if tm == nil { 1445 t.Fatal("should have returned team member") 1446 } 1447 1448 if tm.UserId != otherUser.Id { 1449 t.Fatal("user ids should have matched") 1450 } 1451 1452 if tm.TeamId != team.Id { 1453 t.Fatal("team ids should have matched") 1454 } 1455 1456 _, err := th.App.Srv.Store.Token().GetByToken(token.Token) 1457 require.NotNil(t, err, "The token must be deleted after be used") 1458 1459 tm, resp = Client.AddTeamMemberFromInvite("junk", "") 1460 CheckBadRequestStatus(t, resp) 1461 1462 if tm != nil { 1463 t.Fatal("should have not returned team member") 1464 } 1465 1466 // expired token of more than 50 hours 1467 token = model.NewToken(app.TOKEN_TYPE_TEAM_INVITATION, "") 1468 token.CreateAt = model.GetMillis() - 1000*60*60*50 1469 require.Nil(t, th.App.Srv.Store.Token().Save(token)) 1470 1471 _, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1472 CheckBadRequestStatus(t, resp) 1473 th.App.DeleteToken(token) 1474 1475 // invalid team id 1476 testId := GenerateTestId() 1477 token = model.NewToken( 1478 app.TOKEN_TYPE_TEAM_INVITATION, 1479 model.MapToJson(map[string]string{"teamId": testId}), 1480 ) 1481 require.Nil(t, th.App.Srv.Store.Token().Save(token)) 1482 1483 _, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1484 CheckNotFoundStatus(t, resp) 1485 th.App.DeleteToken(token) 1486 1487 // by invite_id 1488 Client.Login(otherUser.Email, otherUser.Password) 1489 1490 tm, resp = Client.AddTeamMemberFromInvite("", team.InviteId) 1491 CheckNoError(t, resp) 1492 1493 if tm == nil { 1494 t.Fatal("should have returned team member") 1495 } 1496 1497 if tm.UserId != otherUser.Id { 1498 t.Fatal("user ids should have matched") 1499 } 1500 1501 if tm.TeamId != team.Id { 1502 t.Fatal("team ids should have matched") 1503 } 1504 1505 tm, resp = Client.AddTeamMemberFromInvite("", "junk") 1506 CheckNotFoundStatus(t, resp) 1507 1508 if tm != nil { 1509 t.Fatal("should have not returned team member") 1510 } 1511 1512 // Set a team to group-constrained 1513 team.GroupConstrained = model.NewBool(true) 1514 _, err = th.App.UpdateTeam(team) 1515 require.Nil(t, err) 1516 1517 // Attempt to use a token on a group-constrained team 1518 token = model.NewToken( 1519 app.TOKEN_TYPE_TEAM_INVITATION, 1520 model.MapToJson(map[string]string{"teamId": team.Id}), 1521 ) 1522 require.Nil(t, th.App.Srv.Store.Token().Save(token)) 1523 tm, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1524 require.Equal(t, "app.team.invite_token.group_constrained.error", resp.Error.Id) 1525 1526 // Attempt to use an invite id 1527 tm, resp = Client.AddTeamMemberFromInvite("", team.InviteId) 1528 require.Equal(t, "app.team.invite_id.group_constrained.error", resp.Error.Id) 1529 1530 // User is not in associated groups so shouldn't be allowed 1531 _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id) 1532 CheckErrorMessage(t, resp, "api.team.add_members.user_denied") 1533 1534 // Associate group to team 1535 _, err = th.App.CreateGroupSyncable(&model.GroupSyncable{ 1536 GroupId: th.Group.Id, 1537 SyncableId: team.Id, 1538 Type: model.GroupSyncableTypeTeam, 1539 }) 1540 require.Nil(t, err) 1541 1542 // Add user to group 1543 _, err = th.App.UpsertGroupMember(th.Group.Id, otherUser.Id) 1544 require.Nil(t, err) 1545 1546 _, resp = th.SystemAdminClient.AddTeamMember(team.Id, otherUser.Id) 1547 CheckNoError(t, resp) 1548 } 1549 1550 func TestAddTeamMemberMyself(t *testing.T) { 1551 th := Setup().InitBasic() 1552 defer th.TearDown() 1553 Client := th.Client 1554 1555 // Check the appropriate permissions are enforced. 1556 defaultRolePermissions := th.SaveDefaultRolePermissions() 1557 defer func() { 1558 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1559 }() 1560 1561 th.LoginBasic() 1562 1563 testCases := []struct { 1564 Name string 1565 Public bool 1566 PublicPermission bool 1567 PrivatePermission bool 1568 ExpectedSuccess bool 1569 }{ 1570 { 1571 Name: "Try to join an open team without the permissions", 1572 Public: true, 1573 PublicPermission: false, 1574 PrivatePermission: false, 1575 ExpectedSuccess: false, 1576 }, 1577 { 1578 Name: "Try to join a private team without the permissions", 1579 Public: false, 1580 PublicPermission: false, 1581 PrivatePermission: false, 1582 ExpectedSuccess: false, 1583 }, 1584 { 1585 Name: "Try to join an open team without public permission but with private permissions", 1586 Public: true, 1587 PublicPermission: false, 1588 PrivatePermission: true, 1589 ExpectedSuccess: false, 1590 }, 1591 { 1592 Name: "Try to join a private team without private permission but with public permission", 1593 Public: false, 1594 PublicPermission: true, 1595 PrivatePermission: false, 1596 ExpectedSuccess: false, 1597 }, 1598 { 1599 Name: "Join an open team with the permissions", 1600 Public: true, 1601 PublicPermission: true, 1602 PrivatePermission: false, 1603 ExpectedSuccess: true, 1604 }, 1605 { 1606 Name: "Join a private team with the permissions", 1607 Public: false, 1608 PublicPermission: false, 1609 PrivatePermission: true, 1610 ExpectedSuccess: true, 1611 }, 1612 } 1613 1614 for _, tc := range testCases { 1615 t.Run(tc.Name, func(t *testing.T) { 1616 team := th.CreateTeam() 1617 team.AllowOpenInvite = tc.Public 1618 th.App.UpdateTeam(team) 1619 if tc.PublicPermission { 1620 th.AddPermissionToRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1621 } else { 1622 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1623 } 1624 if tc.PrivatePermission { 1625 th.AddPermissionToRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1626 } else { 1627 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1628 } 1629 _, resp := Client.AddTeamMember(team.Id, th.BasicUser.Id) 1630 if tc.ExpectedSuccess { 1631 CheckNoError(t, resp) 1632 } else { 1633 CheckForbiddenStatus(t, resp) 1634 } 1635 }) 1636 } 1637 1638 } 1639 1640 func TestAddTeamMembers(t *testing.T) { 1641 th := Setup().InitBasic() 1642 defer th.TearDown() 1643 Client := th.Client 1644 team := th.BasicTeam 1645 otherUser := th.CreateUser() 1646 userList := []string{ 1647 otherUser.Id, 1648 } 1649 1650 if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil { 1651 t.Fatalf(err.Error()) 1652 } 1653 1654 // Regular user can't add a member to a team they don't belong to. 1655 th.LoginBasic2() 1656 _, resp := Client.AddTeamMembers(team.Id, userList) 1657 CheckForbiddenStatus(t, resp) 1658 Client.Logout() 1659 1660 // Regular user can add a member to a team they belong to. 1661 th.LoginBasic() 1662 tm, resp := Client.AddTeamMembers(team.Id, userList) 1663 CheckNoError(t, resp) 1664 CheckCreatedStatus(t, resp) 1665 1666 // Check all the returned data. 1667 if tm[0] == nil { 1668 t.Fatal("should have returned team member") 1669 } 1670 1671 if tm[0].UserId != otherUser.Id { 1672 t.Fatal("user ids should have matched") 1673 } 1674 1675 if tm[0].TeamId != team.Id { 1676 t.Fatal("team ids should have matched") 1677 } 1678 1679 // Check with various invalid requests. 1680 _, resp = Client.AddTeamMembers("junk", userList) 1681 CheckBadRequestStatus(t, resp) 1682 1683 _, resp = Client.AddTeamMembers(GenerateTestId(), userList) 1684 CheckNotFoundStatus(t, resp) 1685 1686 testUserList := append(userList, GenerateTestId()) 1687 _, resp = Client.AddTeamMembers(team.Id, testUserList) 1688 CheckNotFoundStatus(t, resp) 1689 1690 // Test with many users. 1691 for i := 0; i < 25; i++ { 1692 testUserList = append(testUserList, GenerateTestId()) 1693 } 1694 _, resp = Client.AddTeamMembers(team.Id, testUserList) 1695 CheckBadRequestStatus(t, resp) 1696 1697 Client.Logout() 1698 1699 // Check the appropriate permissions are enforced. 1700 defaultRolePermissions := th.SaveDefaultRolePermissions() 1701 defer func() { 1702 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1703 }() 1704 1705 // Set the config so that only team admins can add a user to a team. 1706 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1707 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1708 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1709 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1710 1711 th.LoginBasic() 1712 1713 // Check that a regular user can't add someone to the team. 1714 _, resp = Client.AddTeamMembers(team.Id, userList) 1715 CheckForbiddenStatus(t, resp) 1716 1717 // Update user to team admin 1718 th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) 1719 th.App.InvalidateAllCaches() 1720 th.LoginBasic() 1721 1722 // Should work as a team admin. 1723 _, resp = Client.AddTeamMembers(team.Id, userList) 1724 CheckNoError(t, resp) 1725 1726 // Change permission level to team user 1727 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1728 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1729 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1730 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1731 1732 th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) 1733 th.App.InvalidateAllCaches() 1734 th.LoginBasic() 1735 1736 // Should work as a regular user. 1737 _, resp = Client.AddTeamMembers(team.Id, userList) 1738 CheckNoError(t, resp) 1739 1740 // Set a team to group-constrained 1741 team.GroupConstrained = model.NewBool(true) 1742 _, err := th.App.UpdateTeam(team) 1743 require.Nil(t, err) 1744 1745 // User is not in associated groups so shouldn't be allowed 1746 _, resp = Client.AddTeamMembers(team.Id, userList) 1747 CheckErrorMessage(t, resp, "api.team.add_members.user_denied") 1748 1749 // Associate group to team 1750 _, err = th.App.CreateGroupSyncable(&model.GroupSyncable{ 1751 GroupId: th.Group.Id, 1752 SyncableId: team.Id, 1753 Type: model.GroupSyncableTypeTeam, 1754 }) 1755 require.Nil(t, err) 1756 1757 // Add user to group 1758 _, err = th.App.UpsertGroupMember(th.Group.Id, userList[0]) 1759 require.Nil(t, err) 1760 1761 _, resp = Client.AddTeamMembers(team.Id, userList) 1762 CheckNoError(t, resp) 1763 } 1764 1765 func TestRemoveTeamMember(t *testing.T) { 1766 th := Setup().InitBasic() 1767 defer th.TearDown() 1768 Client := th.Client 1769 1770 pass, resp := Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1771 CheckNoError(t, resp) 1772 1773 if !pass { 1774 t.Fatal("should have passed") 1775 } 1776 1777 _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1778 CheckNoError(t, resp) 1779 1780 _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, "junk") 1781 CheckBadRequestStatus(t, resp) 1782 1783 _, resp = Client.RemoveTeamMember("junk", th.BasicUser2.Id) 1784 CheckBadRequestStatus(t, resp) 1785 1786 _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser2.Id) 1787 CheckForbiddenStatus(t, resp) 1788 1789 _, resp = Client.RemoveTeamMember(model.NewId(), th.BasicUser.Id) 1790 CheckNotFoundStatus(t, resp) 1791 1792 _, resp = th.SystemAdminClient.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1793 CheckNoError(t, resp) 1794 1795 _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.SystemAdminUser.Id) 1796 CheckNoError(t, resp) 1797 1798 // If the team is group-constrained the user cannot be removed 1799 th.BasicTeam.GroupConstrained = model.NewBool(true) 1800 _, err := th.App.UpdateTeam(th.BasicTeam) 1801 require.Nil(t, err) 1802 _, resp = th.SystemAdminClient.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1803 require.Equal(t, "api.team.remove_member.group_constrained.app_error", resp.Error.Id) 1804 1805 // Can remove self even if team is group-constrained 1806 _, resp = th.SystemAdminClient.RemoveTeamMember(th.BasicTeam.Id, th.SystemAdminUser.Id) 1807 CheckNoError(t, resp) 1808 } 1809 1810 func TestGetTeamStats(t *testing.T) { 1811 th := Setup().InitBasic() 1812 defer th.TearDown() 1813 Client := th.Client 1814 team := th.BasicTeam 1815 1816 rstats, resp := Client.GetTeamStats(team.Id, "") 1817 CheckNoError(t, resp) 1818 1819 if rstats.TeamId != team.Id { 1820 t.Fatal("wrong team id") 1821 } 1822 1823 if rstats.TotalMemberCount != 3 { 1824 t.Fatal("wrong count") 1825 } 1826 1827 if rstats.ActiveMemberCount != 3 { 1828 t.Fatal("wrong count") 1829 } 1830 1831 _, resp = Client.GetTeamStats("junk", "") 1832 CheckBadRequestStatus(t, resp) 1833 1834 _, resp = Client.GetTeamStats(model.NewId(), "") 1835 CheckForbiddenStatus(t, resp) 1836 1837 _, resp = th.SystemAdminClient.GetTeamStats(team.Id, "") 1838 CheckNoError(t, resp) 1839 1840 // deactivate BasicUser2 1841 th.UpdateActiveUser(th.BasicUser2, false) 1842 1843 rstats, resp = th.SystemAdminClient.GetTeamStats(team.Id, "") 1844 CheckNoError(t, resp) 1845 1846 if rstats.TotalMemberCount != 3 { 1847 t.Fatal("wrong count") 1848 } 1849 1850 if rstats.ActiveMemberCount != 2 { 1851 t.Fatal("wrong count") 1852 } 1853 1854 // login with different user and test if forbidden 1855 user := th.CreateUser() 1856 Client.Login(user.Email, user.Password) 1857 _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") 1858 CheckForbiddenStatus(t, resp) 1859 1860 Client.Logout() 1861 _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") 1862 CheckUnauthorizedStatus(t, resp) 1863 } 1864 1865 func TestUpdateTeamMemberRoles(t *testing.T) { 1866 th := Setup().InitBasic() 1867 defer th.TearDown() 1868 Client := th.Client 1869 SystemAdminClient := th.SystemAdminClient 1870 1871 const TEAM_MEMBER = "team_user" 1872 const TEAM_ADMIN = "team_user team_admin" 1873 1874 // user 1 tries to promote user 2 1875 ok, resp := Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1876 CheckForbiddenStatus(t, resp) 1877 if ok { 1878 t.Fatal("should have returned false") 1879 } 1880 1881 // user 1 tries to promote himself 1882 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) 1883 CheckForbiddenStatus(t, resp) 1884 1885 // user 1 tries to demote someone 1886 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1887 CheckForbiddenStatus(t, resp) 1888 1889 // system admin promotes user 1 1890 ok, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) 1891 CheckNoError(t, resp) 1892 if !ok { 1893 t.Fatal("should have returned true") 1894 } 1895 1896 // user 1 (team admin) promotes user 2 1897 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1898 CheckNoError(t, resp) 1899 1900 // user 1 (team admin) demotes user 2 (team admin) 1901 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) 1902 CheckNoError(t, resp) 1903 1904 // user 1 (team admin) tries to demote system admin (not member of a team) 1905 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1906 CheckNotFoundStatus(t, resp) 1907 1908 // user 1 (team admin) demotes system admin (member of a team) 1909 th.LinkUserToTeam(th.SystemAdminUser, th.BasicTeam) 1910 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1911 CheckNoError(t, resp) 1912 // Note from API v3 1913 // Note to anyone who thinks this (above) test is wrong: 1914 // This operation will not affect the system admin's permissions because they have global access to all teams. 1915 // Their team level permissions are irrelevant. A team admin should be able to manage team level permissions. 1916 1917 // System admins should be able to manipulate permission no matter what their team level permissions are. 1918 // system admin promotes user 2 1919 _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1920 CheckNoError(t, resp) 1921 1922 // system admin demotes user 2 (team admin) 1923 _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) 1924 CheckNoError(t, resp) 1925 1926 // user 1 (team admin) tries to promote himself to a random team 1927 _, resp = Client.UpdateTeamMemberRoles(model.NewId(), th.BasicUser.Id, TEAM_ADMIN) 1928 CheckForbiddenStatus(t, resp) 1929 1930 // user 1 (team admin) tries to promote a random user 1931 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, model.NewId(), TEAM_ADMIN) 1932 CheckNotFoundStatus(t, resp) 1933 1934 // user 1 (team admin) tries to promote invalid team permission 1935 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, "junk") 1936 CheckBadRequestStatus(t, resp) 1937 1938 // user 1 (team admin) demotes himself 1939 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_MEMBER) 1940 CheckNoError(t, resp) 1941 } 1942 1943 func TestUpdateTeamMemberSchemeRoles(t *testing.T) { 1944 th := Setup().InitBasic() 1945 defer th.TearDown() 1946 SystemAdminClient := th.SystemAdminClient 1947 th.LoginBasic() 1948 1949 s1 := &model.SchemeRoles{ 1950 SchemeAdmin: false, 1951 SchemeUser: false, 1952 SchemeGuest: false, 1953 } 1954 _, r1 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s1) 1955 CheckNoError(t, r1) 1956 1957 tm1, rtm1 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1958 CheckNoError(t, rtm1) 1959 assert.Equal(t, false, tm1.SchemeGuest) 1960 assert.Equal(t, false, tm1.SchemeUser) 1961 assert.Equal(t, false, tm1.SchemeAdmin) 1962 1963 s2 := &model.SchemeRoles{ 1964 SchemeAdmin: false, 1965 SchemeUser: true, 1966 SchemeGuest: false, 1967 } 1968 _, r2 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s2) 1969 CheckNoError(t, r2) 1970 1971 tm2, rtm2 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1972 CheckNoError(t, rtm2) 1973 assert.Equal(t, false, tm2.SchemeGuest) 1974 assert.Equal(t, true, tm2.SchemeUser) 1975 assert.Equal(t, false, tm2.SchemeAdmin) 1976 1977 s3 := &model.SchemeRoles{ 1978 SchemeAdmin: true, 1979 SchemeUser: false, 1980 SchemeGuest: false, 1981 } 1982 _, r3 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s3) 1983 CheckNoError(t, r3) 1984 1985 tm3, rtm3 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1986 CheckNoError(t, rtm3) 1987 assert.Equal(t, false, tm3.SchemeGuest) 1988 assert.Equal(t, false, tm3.SchemeUser) 1989 assert.Equal(t, true, tm3.SchemeAdmin) 1990 1991 s4 := &model.SchemeRoles{ 1992 SchemeAdmin: true, 1993 SchemeUser: true, 1994 SchemeGuest: false, 1995 } 1996 _, r4 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4) 1997 CheckNoError(t, r4) 1998 1999 tm4, rtm4 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 2000 CheckNoError(t, rtm4) 2001 assert.Equal(t, false, tm4.SchemeGuest) 2002 assert.Equal(t, true, tm4.SchemeUser) 2003 assert.Equal(t, true, tm4.SchemeAdmin) 2004 2005 s5 := &model.SchemeRoles{ 2006 SchemeAdmin: false, 2007 SchemeUser: false, 2008 SchemeGuest: true, 2009 } 2010 _, r5 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s5) 2011 CheckNoError(t, r5) 2012 2013 tm5, rtm5 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 2014 CheckNoError(t, rtm5) 2015 assert.Equal(t, true, tm5.SchemeGuest) 2016 assert.Equal(t, false, tm5.SchemeUser) 2017 assert.Equal(t, false, tm5.SchemeAdmin) 2018 2019 s6 := &model.SchemeRoles{ 2020 SchemeAdmin: false, 2021 SchemeUser: true, 2022 SchemeGuest: true, 2023 } 2024 _, resp := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s6) 2025 CheckBadRequestStatus(t, resp) 2026 2027 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(model.NewId(), th.BasicUser.Id, s4) 2028 CheckNotFoundStatus(t, resp) 2029 2030 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, model.NewId(), s4) 2031 CheckNotFoundStatus(t, resp) 2032 2033 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles("ASDF", th.BasicUser.Id, s4) 2034 CheckBadRequestStatus(t, resp) 2035 2036 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, "ASDF", s4) 2037 CheckBadRequestStatus(t, resp) 2038 2039 th.LoginBasic2() 2040 _, resp = th.Client.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4) 2041 CheckForbiddenStatus(t, resp) 2042 2043 SystemAdminClient.Logout() 2044 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, s4) 2045 CheckUnauthorizedStatus(t, resp) 2046 } 2047 2048 func TestGetMyTeamsUnread(t *testing.T) { 2049 th := Setup().InitBasic() 2050 defer th.TearDown() 2051 Client := th.Client 2052 2053 user := th.BasicUser 2054 Client.Login(user.Email, user.Password) 2055 2056 teams, resp := Client.GetTeamsUnreadForUser(user.Id, "") 2057 CheckNoError(t, resp) 2058 if len(teams) == 0 { 2059 t.Fatal("should have results") 2060 } 2061 2062 teams, resp = Client.GetTeamsUnreadForUser(user.Id, th.BasicTeam.Id) 2063 CheckNoError(t, resp) 2064 if len(teams) != 0 { 2065 t.Fatal("should not have results") 2066 } 2067 2068 _, resp = Client.GetTeamsUnreadForUser("fail", "") 2069 CheckBadRequestStatus(t, resp) 2070 2071 _, resp = Client.GetTeamsUnreadForUser(model.NewId(), "") 2072 CheckForbiddenStatus(t, resp) 2073 2074 Client.Logout() 2075 _, resp = Client.GetTeamsUnreadForUser(user.Id, "") 2076 CheckUnauthorizedStatus(t, resp) 2077 } 2078 2079 func TestTeamExists(t *testing.T) { 2080 th := Setup().InitBasic() 2081 defer th.TearDown() 2082 Client := th.Client 2083 team := th.BasicTeam 2084 2085 th.LoginBasic() 2086 2087 exists, resp := Client.TeamExists(team.Name, "") 2088 CheckNoError(t, resp) 2089 if !exists { 2090 t.Fatal("team should exist") 2091 } 2092 2093 exists, resp = Client.TeamExists("testingteam", "") 2094 CheckNoError(t, resp) 2095 if exists { 2096 t.Fatal("team should not exist") 2097 } 2098 2099 Client.Logout() 2100 _, resp = Client.TeamExists(team.Name, "") 2101 CheckUnauthorizedStatus(t, resp) 2102 } 2103 2104 func TestImportTeam(t *testing.T) { 2105 th := Setup().InitBasic() 2106 defer th.TearDown() 2107 2108 t.Run("ImportTeam", func(t *testing.T) { 2109 var data []byte 2110 var err error 2111 data, err = testutils.ReadTestFile("Fake_Team_Import.zip") 2112 if err != nil && len(data) == 0 { 2113 t.Fatal("Error while reading the test file.") 2114 } 2115 2116 // Import the channels/users/posts 2117 fileResp, resp := th.SystemAdminClient.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 2118 CheckNoError(t, resp) 2119 2120 fileData, err := base64.StdEncoding.DecodeString(fileResp["results"]) 2121 if err != nil { 2122 t.Fatal("failed to decode base64 results data") 2123 } 2124 2125 fileReturned := fmt.Sprintf("%s", fileData) 2126 if !strings.Contains(fileReturned, "darth.vader@stardeath.com") { 2127 t.Log(fileReturned) 2128 t.Fatal("failed to report the user was imported") 2129 } 2130 2131 // Checking the imported users 2132 importedUser, resp := th.SystemAdminClient.GetUserByUsername("bot_test", "") 2133 CheckNoError(t, resp) 2134 if importedUser.Username != "bot_test" { 2135 t.Fatal("username should match with the imported user") 2136 } 2137 2138 importedUser, resp = th.SystemAdminClient.GetUserByUsername("lordvader", "") 2139 CheckNoError(t, resp) 2140 if importedUser.Username != "lordvader" { 2141 t.Fatal("username should match with the imported user") 2142 } 2143 2144 // Checking the imported Channels 2145 importedChannel, resp := th.SystemAdminClient.GetChannelByName("testchannel", th.BasicTeam.Id, "") 2146 CheckNoError(t, resp) 2147 if importedChannel.Name != "testchannel" { 2148 t.Fatal("names did not match expected: testchannel") 2149 } 2150 2151 importedChannel, resp = th.SystemAdminClient.GetChannelByName("general", th.BasicTeam.Id, "") 2152 CheckNoError(t, resp) 2153 if importedChannel.Name != "general" { 2154 t.Fatal("names did not match expected: general") 2155 } 2156 2157 posts, resp := th.SystemAdminClient.GetPostsForChannel(importedChannel.Id, 0, 60, "") 2158 CheckNoError(t, resp) 2159 if posts.Posts[posts.Order[3]].Message != "This is a test post to test the import process" { 2160 t.Fatal("missing posts in the import process") 2161 } 2162 }) 2163 2164 t.Run("MissingFile", func(t *testing.T) { 2165 _, resp := th.SystemAdminClient.ImportTeam(nil, 4343, "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 2166 CheckBadRequestStatus(t, resp) 2167 }) 2168 2169 t.Run("WrongPermission", func(t *testing.T) { 2170 var data []byte 2171 var err error 2172 data, err = testutils.ReadTestFile("Fake_Team_Import.zip") 2173 if err != nil && len(data) == 0 { 2174 t.Fatal("Error while reading the test file.") 2175 } 2176 2177 // Import the channels/users/posts 2178 _, resp := th.Client.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 2179 CheckForbiddenStatus(t, resp) 2180 }) 2181 } 2182 2183 func TestInviteUsersToTeam(t *testing.T) { 2184 th := Setup().InitBasic() 2185 defer th.TearDown() 2186 2187 user1 := th.GenerateTestEmail() 2188 user2 := th.GenerateTestEmail() 2189 2190 emailList := []string{user1, user2} 2191 2192 //Delete all the messages before check the sample email 2193 mailservice.DeleteMailBox(user1) 2194 mailservice.DeleteMailBox(user2) 2195 2196 enableEmailInvitations := *th.App.Config().ServiceSettings.EnableEmailInvitations 2197 restrictCreationToDomains := th.App.Config().TeamSettings.RestrictCreationToDomains 2198 defer func() { 2199 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableEmailInvitations = &enableEmailInvitations }) 2200 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.RestrictCreationToDomains = restrictCreationToDomains }) 2201 }() 2202 2203 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = false }) 2204 _, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList) 2205 if resp.Error == nil { 2206 t.Fatal("Should be disabled") 2207 } 2208 2209 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = true }) 2210 okMsg, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList) 2211 CheckNoError(t, resp) 2212 if !okMsg { 2213 t.Fatal("should return true") 2214 } 2215 2216 nameFormat := *th.App.Config().TeamSettings.TeammateNameDisplay 2217 expectedSubject := utils.T("api.templates.invite_subject", 2218 map[string]interface{}{"SenderName": th.SystemAdminUser.GetDisplayName(nameFormat), 2219 "TeamDisplayName": th.BasicTeam.DisplayName, 2220 "SiteName": th.App.ClientConfig()["SiteName"]}) 2221 2222 //Check if the email was send to the rigth email address 2223 for _, email := range emailList { 2224 var resultsMailbox mailservice.JSONMessageHeaderInbucket 2225 err := mailservice.RetryInbucket(5, func() error { 2226 var err error 2227 resultsMailbox, err = mailservice.GetMailBox(email) 2228 return err 2229 }) 2230 if err != nil { 2231 t.Log(err) 2232 t.Log("No email was received, maybe due load on the server. Disabling this verification") 2233 } 2234 if err == nil && len(resultsMailbox) > 0 { 2235 if !strings.ContainsAny(resultsMailbox[len(resultsMailbox)-1].To[0], email) { 2236 t.Fatal("Wrong To recipient") 2237 } else { 2238 if resultsEmail, err := mailservice.GetMessageFromMailbox(email, resultsMailbox[len(resultsMailbox)-1].ID); err == nil { 2239 if resultsEmail.Subject != expectedSubject { 2240 t.Log(resultsEmail.Subject) 2241 t.Log(expectedSubject) 2242 t.Fatal("Wrong Subject") 2243 } 2244 } 2245 } 2246 } 2247 } 2248 2249 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictCreationToDomains = "@global.com,@common.com" }) 2250 2251 t.Run("restricted domains", func(t *testing.T) { 2252 err := th.App.InviteNewUsersToTeam(emailList, th.BasicTeam.Id, th.BasicUser.Id) 2253 2254 if err == nil { 2255 t.Fatal("Adding users with non-restricted domains was allowed") 2256 } 2257 if err.Where != "InviteNewUsersToTeam" || err.Id != "api.team.invite_members.invalid_email.app_error" { 2258 t.Log(err) 2259 t.Fatal("Got wrong error message!") 2260 } 2261 }) 2262 2263 t.Run("override restricted domains", func(t *testing.T) { 2264 th.BasicTeam.AllowedDomains = "invalid.com,common.com" 2265 if _, err := th.App.UpdateTeam(th.BasicTeam); err == nil { 2266 t.Fatal("Should not update the team") 2267 } 2268 2269 th.BasicTeam.AllowedDomains = "common.com" 2270 if _, err := th.App.UpdateTeam(th.BasicTeam); err != nil { 2271 t.Log(err) 2272 t.Fatal("Should update the team") 2273 } 2274 2275 if err := th.App.InviteNewUsersToTeam([]string{"test@global.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil || err.Where != "InviteNewUsersToTeam" { 2276 t.Log(err) 2277 t.Fatal("Per team restriction should take precedence over the global restriction") 2278 } 2279 2280 if err := th.App.InviteNewUsersToTeam([]string{"test@common.com"}, th.BasicTeam.Id, th.BasicUser.Id); err != nil { 2281 t.Log(err) 2282 t.Fatal("Failed to invite user which was common between team and global domain restriction") 2283 } 2284 2285 if err := th.App.InviteNewUsersToTeam([]string{"test@invalid.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil { 2286 t.Log(err) 2287 t.Fatal("Should not invite user") 2288 } 2289 2290 }) 2291 } 2292 2293 func TestGetTeamInviteInfo(t *testing.T) { 2294 th := Setup().InitBasic() 2295 defer th.TearDown() 2296 Client := th.Client 2297 team := th.BasicTeam 2298 2299 team, resp := Client.GetTeamInviteInfo(team.InviteId) 2300 CheckNoError(t, resp) 2301 2302 if team.DisplayName == "" { 2303 t.Fatal("should not be empty") 2304 } 2305 2306 if team.Email != "" { 2307 t.Fatal("should be empty") 2308 } 2309 2310 team.InviteId = "12345678901234567890123456789012" 2311 team, resp = th.SystemAdminClient.UpdateTeam(team) 2312 CheckNoError(t, resp) 2313 2314 _, resp = Client.GetTeamInviteInfo(team.InviteId) 2315 CheckNoError(t, resp) 2316 2317 _, resp = Client.GetTeamInviteInfo("junk") 2318 CheckNotFoundStatus(t, resp) 2319 } 2320 2321 func TestSetTeamIcon(t *testing.T) { 2322 th := Setup().InitBasic() 2323 defer th.TearDown() 2324 Client := th.Client 2325 team := th.BasicTeam 2326 2327 data, err := testutils.ReadTestFile("test.png") 2328 if err != nil { 2329 t.Fatal(err) 2330 } 2331 2332 th.LoginTeamAdmin() 2333 2334 ok, resp := Client.SetTeamIcon(team.Id, data) 2335 if !ok { 2336 t.Fatal(resp.Error) 2337 } 2338 CheckNoError(t, resp) 2339 2340 ok, resp = Client.SetTeamIcon(model.NewId(), data) 2341 if ok { 2342 t.Fatal("Should return false, set team icon not allowed") 2343 } 2344 CheckForbiddenStatus(t, resp) 2345 2346 th.LoginBasic() 2347 2348 _, resp = Client.SetTeamIcon(team.Id, data) 2349 if resp.StatusCode == http.StatusForbidden { 2350 CheckForbiddenStatus(t, resp) 2351 } else if resp.StatusCode == http.StatusUnauthorized { 2352 CheckUnauthorizedStatus(t, resp) 2353 } else { 2354 t.Fatal("Should have failed either forbidden or unauthorized") 2355 } 2356 2357 Client.Logout() 2358 2359 _, resp = Client.SetTeamIcon(team.Id, data) 2360 if resp.StatusCode == http.StatusForbidden { 2361 CheckForbiddenStatus(t, resp) 2362 } else if resp.StatusCode == http.StatusUnauthorized { 2363 CheckUnauthorizedStatus(t, resp) 2364 } else { 2365 t.Fatal("Should have failed either forbidden or unauthorized") 2366 } 2367 2368 teamBefore, err := th.App.GetTeam(team.Id) 2369 require.Nil(t, err) 2370 2371 _, resp = th.SystemAdminClient.SetTeamIcon(team.Id, data) 2372 CheckNoError(t, resp) 2373 2374 teamAfter, err := th.App.GetTeam(team.Id) 2375 require.Nil(t, err) 2376 assert.True(t, teamBefore.LastTeamIconUpdate < teamAfter.LastTeamIconUpdate, "LastTeamIconUpdate should have been updated for team") 2377 2378 info := &model.FileInfo{Path: "teams/" + team.Id + "/teamIcon.png"} 2379 if err := th.cleanupTestFile(info); err != nil { 2380 t.Fatal(err) 2381 } 2382 } 2383 2384 func TestGetTeamIcon(t *testing.T) { 2385 th := Setup().InitBasic() 2386 defer th.TearDown() 2387 Client := th.Client 2388 team := th.BasicTeam 2389 2390 // should always fail because no initial image and no auto creation 2391 _, resp := Client.GetTeamIcon(team.Id, "") 2392 CheckNotFoundStatus(t, resp) 2393 2394 Client.Logout() 2395 2396 _, resp = Client.GetTeamIcon(team.Id, "") 2397 CheckUnauthorizedStatus(t, resp) 2398 } 2399 2400 func TestRemoveTeamIcon(t *testing.T) { 2401 th := Setup().InitBasic() 2402 defer th.TearDown() 2403 Client := th.Client 2404 team := th.BasicTeam 2405 2406 th.LoginTeamAdmin() 2407 data, _ := testutils.ReadTestFile("test.png") 2408 Client.SetTeamIcon(team.Id, data) 2409 2410 _, resp := Client.RemoveTeamIcon(team.Id) 2411 CheckNoError(t, resp) 2412 teamAfter, _ := th.App.GetTeam(team.Id) 2413 if teamAfter.LastTeamIconUpdate != 0 { 2414 t.Fatal("should update LastTeamIconUpdate to 0") 2415 } 2416 2417 Client.SetTeamIcon(team.Id, data) 2418 2419 _, resp = th.SystemAdminClient.RemoveTeamIcon(team.Id) 2420 CheckNoError(t, resp) 2421 teamAfter, _ = th.App.GetTeam(team.Id) 2422 if teamAfter.LastTeamIconUpdate != 0 { 2423 t.Fatal("should update LastTeamIconUpdate to 0") 2424 } 2425 2426 Client.SetTeamIcon(team.Id, data) 2427 Client.Logout() 2428 2429 _, resp = Client.RemoveTeamIcon(team.Id) 2430 CheckUnauthorizedStatus(t, resp) 2431 2432 th.LoginBasic() 2433 _, resp = Client.RemoveTeamIcon(team.Id) 2434 CheckForbiddenStatus(t, resp) 2435 } 2436 2437 func TestUpdateTeamScheme(t *testing.T) { 2438 th := Setup().InitBasic() 2439 defer th.TearDown() 2440 2441 th.App.SetLicense(model.NewTestLicense("")) 2442 2443 th.App.SetPhase2PermissionsMigrationStatus(true) 2444 2445 team := &model.Team{ 2446 DisplayName: "Name", 2447 Description: "Some description", 2448 CompanyName: "Some company name", 2449 AllowOpenInvite: false, 2450 InviteId: "inviteid0", 2451 Name: "z-z-" + model.NewId() + "a", 2452 Email: "success+" + model.NewId() + "@simulator.amazonses.com", 2453 Type: model.TEAM_OPEN, 2454 } 2455 team, _ = th.SystemAdminClient.CreateTeam(team) 2456 2457 teamScheme := &model.Scheme{ 2458 DisplayName: "DisplayName", 2459 Name: model.NewId(), 2460 Description: "Some description", 2461 Scope: model.SCHEME_SCOPE_TEAM, 2462 } 2463 teamScheme, _ = th.SystemAdminClient.CreateScheme(teamScheme) 2464 channelScheme := &model.Scheme{ 2465 DisplayName: "DisplayName", 2466 Name: model.NewId(), 2467 Description: "Some description", 2468 Scope: model.SCHEME_SCOPE_CHANNEL, 2469 } 2470 channelScheme, _ = th.SystemAdminClient.CreateScheme(channelScheme) 2471 2472 // Test the setup/base case. 2473 _, resp := th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2474 CheckNoError(t, resp) 2475 2476 // Test the return to default scheme 2477 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "") 2478 CheckNoError(t, resp) 2479 2480 // Test various invalid team and scheme id combinations. 2481 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "x") 2482 CheckBadRequestStatus(t, resp) 2483 _, resp = th.SystemAdminClient.UpdateTeamScheme("x", teamScheme.Id) 2484 CheckBadRequestStatus(t, resp) 2485 _, resp = th.SystemAdminClient.UpdateTeamScheme("x", "x") 2486 CheckBadRequestStatus(t, resp) 2487 2488 // Test that permissions are required. 2489 _, resp = th.Client.UpdateTeamScheme(team.Id, teamScheme.Id) 2490 CheckForbiddenStatus(t, resp) 2491 2492 // Test that a license is required. 2493 th.App.SetLicense(nil) 2494 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2495 CheckNotImplementedStatus(t, resp) 2496 th.App.SetLicense(model.NewTestLicense("")) 2497 2498 // Test an invalid scheme scope. 2499 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, channelScheme.Id) 2500 CheckBadRequestStatus(t, resp) 2501 2502 // Test that an unauthenticated user gets rejected. 2503 th.SystemAdminClient.Logout() 2504 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2505 CheckUnauthorizedStatus(t, resp) 2506 } 2507 2508 func TestTeamMembersMinusGroupMembers(t *testing.T) { 2509 th := Setup().InitBasic() 2510 defer th.TearDown() 2511 2512 user1 := th.BasicUser 2513 user2 := th.BasicUser2 2514 2515 team := th.CreateTeam() 2516 team.GroupConstrained = model.NewBool(true) 2517 team, err := th.App.UpdateTeam(team) 2518 require.Nil(t, err) 2519 2520 _, err = th.App.AddTeamMember(team.Id, user1.Id) 2521 require.Nil(t, err) 2522 _, err = th.App.AddTeamMember(team.Id, user2.Id) 2523 require.Nil(t, err) 2524 2525 group1 := th.CreateGroup() 2526 group2 := th.CreateGroup() 2527 2528 _, err = th.App.UpsertGroupMember(group1.Id, user1.Id) 2529 require.Nil(t, err) 2530 _, err = th.App.UpsertGroupMember(group2.Id, user2.Id) 2531 require.Nil(t, err) 2532 2533 // No permissions 2534 _, _, res := th.Client.TeamMembersMinusGroupMembers(team.Id, []string{group1.Id, group2.Id}, 0, 100, "") 2535 require.Equal(t, "api.context.permissions.app_error", res.Error.Id) 2536 2537 testCases := map[string]struct { 2538 groupIDs []string 2539 page int 2540 perPage int 2541 length int 2542 count int 2543 otherAssertions func([]*model.UserWithGroups) 2544 }{ 2545 "All groups, expect no users removed": { 2546 groupIDs: []string{group1.Id, group2.Id}, 2547 page: 0, 2548 perPage: 100, 2549 length: 0, 2550 count: 0, 2551 }, 2552 "Some nonexistent group, page 0": { 2553 groupIDs: []string{model.NewId()}, 2554 page: 0, 2555 perPage: 1, 2556 length: 1, 2557 count: 2, 2558 }, 2559 "Some nonexistent group, page 1": { 2560 groupIDs: []string{model.NewId()}, 2561 page: 1, 2562 perPage: 1, 2563 length: 1, 2564 count: 2, 2565 }, 2566 "One group, expect one user removed": { 2567 groupIDs: []string{group1.Id}, 2568 page: 0, 2569 perPage: 100, 2570 length: 1, 2571 count: 1, 2572 otherAssertions: func(uwg []*model.UserWithGroups) { 2573 require.Equal(t, uwg[0].Id, user2.Id) 2574 }, 2575 }, 2576 "Other group, expect other user removed": { 2577 groupIDs: []string{group2.Id}, 2578 page: 0, 2579 perPage: 100, 2580 length: 1, 2581 count: 1, 2582 otherAssertions: func(uwg []*model.UserWithGroups) { 2583 require.Equal(t, uwg[0].Id, user1.Id) 2584 }, 2585 }, 2586 } 2587 2588 for name, tc := range testCases { 2589 t.Run(name, func(t *testing.T) { 2590 uwg, count, res := th.SystemAdminClient.TeamMembersMinusGroupMembers(team.Id, tc.groupIDs, tc.page, tc.perPage, "") 2591 require.Nil(t, res.Error) 2592 require.Len(t, uwg, tc.length) 2593 require.Equal(t, tc.count, int(count)) 2594 if tc.otherAssertions != nil { 2595 tc.otherAssertions(uwg) 2596 } 2597 }) 2598 } 2599 }