github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/user_viewmembers_test.go (about) 1 package api4 2 3 import ( 4 "testing" 5 6 "github.com/xzl8028/xenia-server/model" 7 "github.com/stretchr/testify/require" 8 ) 9 10 func TestApiResctrictedViewMembers(t *testing.T) { 11 th := Setup() 12 defer th.TearDown() 13 14 // Create first account for system admin 15 _, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user0", Password: "test-password-0", Username: "test-user-0", Roles: model.SYSTEM_USER_ROLE_ID}) 16 require.Nil(t, err) 17 18 user1, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user1", Password: "test-password-1", Username: "test-user-1", Roles: model.SYSTEM_USER_ROLE_ID}) 19 require.Nil(t, err) 20 user2, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user2", Password: "test-password-2", Username: "test-user-2", Roles: model.SYSTEM_USER_ROLE_ID}) 21 require.Nil(t, err) 22 user3, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user3", Password: "test-password-3", Username: "test-user-3", Roles: model.SYSTEM_USER_ROLE_ID}) 23 require.Nil(t, err) 24 user4, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user4", Password: "test-password-4", Username: "test-user-4", Roles: model.SYSTEM_USER_ROLE_ID}) 25 require.Nil(t, err) 26 user5, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user5", Password: "test-password-5", Username: "test-user-5", Roles: model.SYSTEM_USER_ROLE_ID}) 27 require.Nil(t, err) 28 29 team1, err := th.App.CreateTeam(&model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}) 30 require.Nil(t, err) 31 team2, err := th.App.CreateTeam(&model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}) 32 require.Nil(t, err) 33 34 channel1, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false) 35 require.Nil(t, err) 36 channel2, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false) 37 require.Nil(t, err) 38 channel3, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team2.Id, CreatorId: model.NewId()}, false) 39 require.Nil(t, err) 40 41 th.LinkUserToTeam(user1, team1) 42 th.LinkUserToTeam(user2, team1) 43 th.LinkUserToTeam(user3, team2) 44 th.LinkUserToTeam(user4, team1) 45 th.LinkUserToTeam(user4, team2) 46 47 th.AddUserToChannel(user1, channel1) 48 th.AddUserToChannel(user2, channel2) 49 th.AddUserToChannel(user3, channel3) 50 th.AddUserToChannel(user4, channel1) 51 th.AddUserToChannel(user4, channel3) 52 53 th.App.SetStatusOnline(user1.Id, true) 54 th.App.SetStatusOnline(user2.Id, true) 55 th.App.SetStatusOnline(user3.Id, true) 56 th.App.SetStatusOnline(user4.Id, true) 57 th.App.SetStatusOnline(user5.Id, true) 58 59 _, resp := th.Client.Login(user1.Username, "test-password-1") 60 CheckNoError(t, resp) 61 62 t.Run("getUser", func(t *testing.T) { 63 testCases := []struct { 64 Name string 65 RestrictedTo string 66 UserId string 67 ExpectedError string 68 }{ 69 { 70 "Get visible user without restrictions", 71 "", 72 user5.Id, 73 "", 74 }, 75 { 76 "Get not existing user without restrictions", 77 "", 78 model.NewId(), 79 "store.sql_user.missing_account.const", 80 }, 81 { 82 "Get not existing user with restrictions to teams", 83 "teams", 84 model.NewId(), 85 "api.context.permissions.app_error", 86 }, 87 { 88 "Get visible user with restrictions to teams", 89 "teams", 90 user2.Id, 91 "", 92 }, 93 { 94 "Get not visible user with restrictions to teams", 95 "teams", 96 user5.Id, 97 "api.context.permissions.app_error", 98 }, 99 { 100 "Get not existing user with restrictions to channels", 101 "channels", 102 model.NewId(), 103 "api.context.permissions.app_error", 104 }, 105 { 106 "Get visible user with restrictions to channels", 107 "channels", 108 user4.Id, 109 "", 110 }, 111 { 112 "Get not visible user with restrictions to channels", 113 "channels", 114 user3.Id, 115 "api.context.permissions.app_error", 116 }, 117 } 118 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 119 120 for _, tc := range testCases { 121 t.Run(tc.Name, func(t *testing.T) { 122 if tc.RestrictedTo == "channels" { 123 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 124 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 125 } else if tc.RestrictedTo == "teams" { 126 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 127 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 128 } else { 129 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 130 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 131 } 132 133 _, resp := th.Client.GetUser(tc.UserId, "") 134 require.Nil(t, err) 135 if tc.ExpectedError != "" { 136 CheckErrorMessage(t, resp, tc.ExpectedError) 137 } else { 138 CheckNoError(t, resp) 139 } 140 }) 141 } 142 }) 143 144 t.Run("getUserByUsername", func(t *testing.T) { 145 testCases := []struct { 146 Name string 147 RestrictedTo string 148 Username string 149 ExpectedError string 150 }{ 151 { 152 "Get visible user without restrictions", 153 "", 154 user5.Username, 155 "", 156 }, 157 { 158 "Get not existing user without restrictions", 159 "", 160 model.NewId(), 161 "store.sql_user.get_by_username.app_error", 162 }, 163 { 164 "Get not existing user with restrictions to teams", 165 "teams", 166 model.NewId(), 167 "api.context.permissions.app_error", 168 }, 169 { 170 "Get visible user with restrictions to teams", 171 "teams", 172 user2.Username, 173 "", 174 }, 175 { 176 "Get not visible user with restrictions to teams", 177 "teams", 178 user5.Username, 179 "api.context.permissions.app_error", 180 }, 181 { 182 "Get not existing user with restrictions to channels", 183 "channels", 184 model.NewId(), 185 "api.context.permissions.app_error", 186 }, 187 { 188 "Get visible user with restrictions to channels", 189 "channels", 190 user4.Username, 191 "", 192 }, 193 { 194 "Get not visible user with restrictions to channels", 195 "channels", 196 user3.Username, 197 "api.context.permissions.app_error", 198 }, 199 } 200 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 201 202 for _, tc := range testCases { 203 t.Run(tc.Name, func(t *testing.T) { 204 if tc.RestrictedTo == "channels" { 205 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 206 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 207 } else if tc.RestrictedTo == "teams" { 208 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 209 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 210 } else { 211 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 212 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 213 } 214 215 _, resp := th.Client.GetUserByUsername(tc.Username, "") 216 require.Nil(t, err) 217 if tc.ExpectedError != "" { 218 CheckErrorMessage(t, resp, tc.ExpectedError) 219 } else { 220 CheckNoError(t, resp) 221 } 222 }) 223 } 224 }) 225 226 t.Run("getUserByEmail", func(t *testing.T) { 227 testCases := []struct { 228 Name string 229 RestrictedTo string 230 Email string 231 ExpectedError string 232 }{ 233 { 234 "Get visible user without restrictions", 235 "", 236 user5.Email, 237 "", 238 }, 239 { 240 "Get not existing user without restrictions", 241 "", 242 th.GenerateTestEmail(), 243 "store.sql_user.missing_account.const", 244 }, 245 { 246 "Get not existing user with restrictions to teams", 247 "teams", 248 th.GenerateTestEmail(), 249 "api.context.permissions.app_error", 250 }, 251 { 252 "Get visible user with restrictions to teams", 253 "teams", 254 user2.Email, 255 "", 256 }, 257 { 258 "Get not visible user with restrictions to teams", 259 "teams", 260 user5.Email, 261 "api.context.permissions.app_error", 262 }, 263 { 264 "Get not existing user with restrictions to channels", 265 "channels", 266 th.GenerateTestEmail(), 267 "api.context.permissions.app_error", 268 }, 269 { 270 "Get visible user with restrictions to channels", 271 "channels", 272 user4.Email, 273 "", 274 }, 275 { 276 "Get not visible user with restrictions to channels", 277 "channels", 278 user3.Email, 279 "api.context.permissions.app_error", 280 }, 281 } 282 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 283 284 for _, tc := range testCases { 285 t.Run(tc.Name, func(t *testing.T) { 286 if tc.RestrictedTo == "channels" { 287 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 288 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 289 } else if tc.RestrictedTo == "teams" { 290 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 291 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 292 } else { 293 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 294 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 295 } 296 297 _, resp := th.Client.GetUserByEmail(tc.Email, "") 298 require.Nil(t, err) 299 if tc.ExpectedError != "" { 300 CheckErrorMessage(t, resp, tc.ExpectedError) 301 } else { 302 CheckNoError(t, resp) 303 } 304 }) 305 } 306 }) 307 308 t.Run("getDefaultProfileImage", func(t *testing.T) { 309 testCases := []struct { 310 Name string 311 RestrictedTo string 312 UserId string 313 ExpectedError string 314 }{ 315 { 316 "Get visible user without restrictions", 317 "", 318 user5.Id, 319 "", 320 }, 321 { 322 "Get not existing user without restrictions", 323 "", 324 model.NewId(), 325 "store.sql_user.missing_account.const", 326 }, 327 { 328 "Get not existing user with restrictions to teams", 329 "teams", 330 model.NewId(), 331 "api.context.permissions.app_error", 332 }, 333 { 334 "Get visible user with restrictions to teams", 335 "teams", 336 user2.Id, 337 "", 338 }, 339 { 340 "Get not visible user with restrictions to teams", 341 "teams", 342 user5.Id, 343 "api.context.permissions.app_error", 344 }, 345 { 346 "Get not existing user with restrictions to channels", 347 "channels", 348 model.NewId(), 349 "api.context.permissions.app_error", 350 }, 351 { 352 "Get visible user with restrictions to channels", 353 "channels", 354 user4.Id, 355 "", 356 }, 357 { 358 "Get not visible user with restrictions to channels", 359 "channels", 360 user3.Id, 361 "api.context.permissions.app_error", 362 }, 363 } 364 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 365 366 for _, tc := range testCases { 367 t.Run(tc.Name, func(t *testing.T) { 368 if tc.RestrictedTo == "channels" { 369 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 370 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 371 } else if tc.RestrictedTo == "teams" { 372 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 373 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 374 } else { 375 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 376 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 377 } 378 379 _, resp := th.Client.GetDefaultProfileImage(tc.UserId) 380 require.Nil(t, err) 381 if tc.ExpectedError != "" { 382 CheckErrorMessage(t, resp, tc.ExpectedError) 383 } else { 384 CheckNoError(t, resp) 385 } 386 }) 387 } 388 }) 389 390 t.Run("getProfileImage", func(t *testing.T) { 391 testCases := []struct { 392 Name string 393 RestrictedTo string 394 UserId string 395 ExpectedError string 396 }{ 397 { 398 "Get visible user without restrictions", 399 "", 400 user5.Id, 401 "", 402 }, 403 { 404 "Get not existing user without restrictions", 405 "", 406 model.NewId(), 407 "store.sql_user.missing_account.const", 408 }, 409 { 410 "Get not existing user with restrictions to teams", 411 "teams", 412 model.NewId(), 413 "api.context.permissions.app_error", 414 }, 415 { 416 "Get visible user with restrictions to teams", 417 "teams", 418 user2.Id, 419 "", 420 }, 421 { 422 "Get not visible user with restrictions to teams", 423 "teams", 424 user5.Id, 425 "api.context.permissions.app_error", 426 }, 427 { 428 "Get not existing user with restrictions to channels", 429 "channels", 430 model.NewId(), 431 "api.context.permissions.app_error", 432 }, 433 { 434 "Get visible user with restrictions to channels", 435 "channels", 436 user4.Id, 437 "", 438 }, 439 { 440 "Get not visible user with restrictions to channels", 441 "channels", 442 user3.Id, 443 "api.context.permissions.app_error", 444 }, 445 } 446 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 447 448 for _, tc := range testCases { 449 t.Run(tc.Name, func(t *testing.T) { 450 if tc.RestrictedTo == "channels" { 451 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 452 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 453 } else if tc.RestrictedTo == "teams" { 454 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 455 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 456 } else { 457 th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID) 458 th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID) 459 } 460 461 _, resp := th.Client.GetProfileImage(tc.UserId, "") 462 require.Nil(t, err) 463 if tc.ExpectedError != "" { 464 CheckErrorMessage(t, resp, tc.ExpectedError) 465 } else { 466 CheckNoError(t, resp) 467 } 468 }) 469 } 470 }) 471 }