github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/user_viewmembers_test.go (about)

     1  package api4
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/xzl8028/xenia-server/model"
     7  	"github.com/stretchr/testify/require"
     8  )
     9  
    10  func TestApiResctrictedViewMembers(t *testing.T) {
    11  	th := Setup()
    12  	defer th.TearDown()
    13  
    14  	// Create first account for system admin
    15  	_, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user0", Password: "test-password-0", Username: "test-user-0", Roles: model.SYSTEM_USER_ROLE_ID})
    16  	require.Nil(t, err)
    17  
    18  	user1, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user1", Password: "test-password-1", Username: "test-user-1", Roles: model.SYSTEM_USER_ROLE_ID})
    19  	require.Nil(t, err)
    20  	user2, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user2", Password: "test-password-2", Username: "test-user-2", Roles: model.SYSTEM_USER_ROLE_ID})
    21  	require.Nil(t, err)
    22  	user3, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user3", Password: "test-password-3", Username: "test-user-3", Roles: model.SYSTEM_USER_ROLE_ID})
    23  	require.Nil(t, err)
    24  	user4, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user4", Password: "test-password-4", Username: "test-user-4", Roles: model.SYSTEM_USER_ROLE_ID})
    25  	require.Nil(t, err)
    26  	user5, err := th.App.CreateUser(&model.User{Email: th.GenerateTestEmail(), Nickname: "test user5", Password: "test-password-5", Username: "test-user-5", Roles: model.SYSTEM_USER_ROLE_ID})
    27  	require.Nil(t, err)
    28  
    29  	team1, err := th.App.CreateTeam(&model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN})
    30  	require.Nil(t, err)
    31  	team2, err := th.App.CreateTeam(&model.Team{DisplayName: "dn_" + model.NewId(), Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN})
    32  	require.Nil(t, err)
    33  
    34  	channel1, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false)
    35  	require.Nil(t, err)
    36  	channel2, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team1.Id, CreatorId: model.NewId()}, false)
    37  	require.Nil(t, err)
    38  	channel3, err := th.App.CreateChannel(&model.Channel{DisplayName: "dn_" + model.NewId(), Name: "name_" + model.NewId(), Type: model.CHANNEL_OPEN, TeamId: team2.Id, CreatorId: model.NewId()}, false)
    39  	require.Nil(t, err)
    40  
    41  	th.LinkUserToTeam(user1, team1)
    42  	th.LinkUserToTeam(user2, team1)
    43  	th.LinkUserToTeam(user3, team2)
    44  	th.LinkUserToTeam(user4, team1)
    45  	th.LinkUserToTeam(user4, team2)
    46  
    47  	th.AddUserToChannel(user1, channel1)
    48  	th.AddUserToChannel(user2, channel2)
    49  	th.AddUserToChannel(user3, channel3)
    50  	th.AddUserToChannel(user4, channel1)
    51  	th.AddUserToChannel(user4, channel3)
    52  
    53  	th.App.SetStatusOnline(user1.Id, true)
    54  	th.App.SetStatusOnline(user2.Id, true)
    55  	th.App.SetStatusOnline(user3.Id, true)
    56  	th.App.SetStatusOnline(user4.Id, true)
    57  	th.App.SetStatusOnline(user5.Id, true)
    58  
    59  	_, resp := th.Client.Login(user1.Username, "test-password-1")
    60  	CheckNoError(t, resp)
    61  
    62  	t.Run("getUser", func(t *testing.T) {
    63  		testCases := []struct {
    64  			Name          string
    65  			RestrictedTo  string
    66  			UserId        string
    67  			ExpectedError string
    68  		}{
    69  			{
    70  				"Get visible user without restrictions",
    71  				"",
    72  				user5.Id,
    73  				"",
    74  			},
    75  			{
    76  				"Get not existing user without restrictions",
    77  				"",
    78  				model.NewId(),
    79  				"store.sql_user.missing_account.const",
    80  			},
    81  			{
    82  				"Get not existing user with restrictions to teams",
    83  				"teams",
    84  				model.NewId(),
    85  				"api.context.permissions.app_error",
    86  			},
    87  			{
    88  				"Get visible user with restrictions to teams",
    89  				"teams",
    90  				user2.Id,
    91  				"",
    92  			},
    93  			{
    94  				"Get not visible user with restrictions to teams",
    95  				"teams",
    96  				user5.Id,
    97  				"api.context.permissions.app_error",
    98  			},
    99  			{
   100  				"Get not existing user with restrictions to channels",
   101  				"channels",
   102  				model.NewId(),
   103  				"api.context.permissions.app_error",
   104  			},
   105  			{
   106  				"Get visible user with restrictions to channels",
   107  				"channels",
   108  				user4.Id,
   109  				"",
   110  			},
   111  			{
   112  				"Get not visible user with restrictions to channels",
   113  				"channels",
   114  				user3.Id,
   115  				"api.context.permissions.app_error",
   116  			},
   117  		}
   118  		defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions())
   119  
   120  		for _, tc := range testCases {
   121  			t.Run(tc.Name, func(t *testing.T) {
   122  				if tc.RestrictedTo == "channels" {
   123  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   124  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   125  				} else if tc.RestrictedTo == "teams" {
   126  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   127  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   128  				} else {
   129  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   130  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   131  				}
   132  
   133  				_, resp := th.Client.GetUser(tc.UserId, "")
   134  				require.Nil(t, err)
   135  				if tc.ExpectedError != "" {
   136  					CheckErrorMessage(t, resp, tc.ExpectedError)
   137  				} else {
   138  					CheckNoError(t, resp)
   139  				}
   140  			})
   141  		}
   142  	})
   143  
   144  	t.Run("getUserByUsername", func(t *testing.T) {
   145  		testCases := []struct {
   146  			Name          string
   147  			RestrictedTo  string
   148  			Username      string
   149  			ExpectedError string
   150  		}{
   151  			{
   152  				"Get visible user without restrictions",
   153  				"",
   154  				user5.Username,
   155  				"",
   156  			},
   157  			{
   158  				"Get not existing user without restrictions",
   159  				"",
   160  				model.NewId(),
   161  				"store.sql_user.get_by_username.app_error",
   162  			},
   163  			{
   164  				"Get not existing user with restrictions to teams",
   165  				"teams",
   166  				model.NewId(),
   167  				"api.context.permissions.app_error",
   168  			},
   169  			{
   170  				"Get visible user with restrictions to teams",
   171  				"teams",
   172  				user2.Username,
   173  				"",
   174  			},
   175  			{
   176  				"Get not visible user with restrictions to teams",
   177  				"teams",
   178  				user5.Username,
   179  				"api.context.permissions.app_error",
   180  			},
   181  			{
   182  				"Get not existing user with restrictions to channels",
   183  				"channels",
   184  				model.NewId(),
   185  				"api.context.permissions.app_error",
   186  			},
   187  			{
   188  				"Get visible user with restrictions to channels",
   189  				"channels",
   190  				user4.Username,
   191  				"",
   192  			},
   193  			{
   194  				"Get not visible user with restrictions to channels",
   195  				"channels",
   196  				user3.Username,
   197  				"api.context.permissions.app_error",
   198  			},
   199  		}
   200  		defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions())
   201  
   202  		for _, tc := range testCases {
   203  			t.Run(tc.Name, func(t *testing.T) {
   204  				if tc.RestrictedTo == "channels" {
   205  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   206  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   207  				} else if tc.RestrictedTo == "teams" {
   208  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   209  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   210  				} else {
   211  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   212  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   213  				}
   214  
   215  				_, resp := th.Client.GetUserByUsername(tc.Username, "")
   216  				require.Nil(t, err)
   217  				if tc.ExpectedError != "" {
   218  					CheckErrorMessage(t, resp, tc.ExpectedError)
   219  				} else {
   220  					CheckNoError(t, resp)
   221  				}
   222  			})
   223  		}
   224  	})
   225  
   226  	t.Run("getUserByEmail", func(t *testing.T) {
   227  		testCases := []struct {
   228  			Name          string
   229  			RestrictedTo  string
   230  			Email         string
   231  			ExpectedError string
   232  		}{
   233  			{
   234  				"Get visible user without restrictions",
   235  				"",
   236  				user5.Email,
   237  				"",
   238  			},
   239  			{
   240  				"Get not existing user without restrictions",
   241  				"",
   242  				th.GenerateTestEmail(),
   243  				"store.sql_user.missing_account.const",
   244  			},
   245  			{
   246  				"Get not existing user with restrictions to teams",
   247  				"teams",
   248  				th.GenerateTestEmail(),
   249  				"api.context.permissions.app_error",
   250  			},
   251  			{
   252  				"Get visible user with restrictions to teams",
   253  				"teams",
   254  				user2.Email,
   255  				"",
   256  			},
   257  			{
   258  				"Get not visible user with restrictions to teams",
   259  				"teams",
   260  				user5.Email,
   261  				"api.context.permissions.app_error",
   262  			},
   263  			{
   264  				"Get not existing user with restrictions to channels",
   265  				"channels",
   266  				th.GenerateTestEmail(),
   267  				"api.context.permissions.app_error",
   268  			},
   269  			{
   270  				"Get visible user with restrictions to channels",
   271  				"channels",
   272  				user4.Email,
   273  				"",
   274  			},
   275  			{
   276  				"Get not visible user with restrictions to channels",
   277  				"channels",
   278  				user3.Email,
   279  				"api.context.permissions.app_error",
   280  			},
   281  		}
   282  		defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions())
   283  
   284  		for _, tc := range testCases {
   285  			t.Run(tc.Name, func(t *testing.T) {
   286  				if tc.RestrictedTo == "channels" {
   287  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   288  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   289  				} else if tc.RestrictedTo == "teams" {
   290  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   291  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   292  				} else {
   293  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   294  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   295  				}
   296  
   297  				_, resp := th.Client.GetUserByEmail(tc.Email, "")
   298  				require.Nil(t, err)
   299  				if tc.ExpectedError != "" {
   300  					CheckErrorMessage(t, resp, tc.ExpectedError)
   301  				} else {
   302  					CheckNoError(t, resp)
   303  				}
   304  			})
   305  		}
   306  	})
   307  
   308  	t.Run("getDefaultProfileImage", func(t *testing.T) {
   309  		testCases := []struct {
   310  			Name          string
   311  			RestrictedTo  string
   312  			UserId        string
   313  			ExpectedError string
   314  		}{
   315  			{
   316  				"Get visible user without restrictions",
   317  				"",
   318  				user5.Id,
   319  				"",
   320  			},
   321  			{
   322  				"Get not existing user without restrictions",
   323  				"",
   324  				model.NewId(),
   325  				"store.sql_user.missing_account.const",
   326  			},
   327  			{
   328  				"Get not existing user with restrictions to teams",
   329  				"teams",
   330  				model.NewId(),
   331  				"api.context.permissions.app_error",
   332  			},
   333  			{
   334  				"Get visible user with restrictions to teams",
   335  				"teams",
   336  				user2.Id,
   337  				"",
   338  			},
   339  			{
   340  				"Get not visible user with restrictions to teams",
   341  				"teams",
   342  				user5.Id,
   343  				"api.context.permissions.app_error",
   344  			},
   345  			{
   346  				"Get not existing user with restrictions to channels",
   347  				"channels",
   348  				model.NewId(),
   349  				"api.context.permissions.app_error",
   350  			},
   351  			{
   352  				"Get visible user with restrictions to channels",
   353  				"channels",
   354  				user4.Id,
   355  				"",
   356  			},
   357  			{
   358  				"Get not visible user with restrictions to channels",
   359  				"channels",
   360  				user3.Id,
   361  				"api.context.permissions.app_error",
   362  			},
   363  		}
   364  		defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions())
   365  
   366  		for _, tc := range testCases {
   367  			t.Run(tc.Name, func(t *testing.T) {
   368  				if tc.RestrictedTo == "channels" {
   369  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   370  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   371  				} else if tc.RestrictedTo == "teams" {
   372  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   373  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   374  				} else {
   375  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   376  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   377  				}
   378  
   379  				_, resp := th.Client.GetDefaultProfileImage(tc.UserId)
   380  				require.Nil(t, err)
   381  				if tc.ExpectedError != "" {
   382  					CheckErrorMessage(t, resp, tc.ExpectedError)
   383  				} else {
   384  					CheckNoError(t, resp)
   385  				}
   386  			})
   387  		}
   388  	})
   389  
   390  	t.Run("getProfileImage", func(t *testing.T) {
   391  		testCases := []struct {
   392  			Name          string
   393  			RestrictedTo  string
   394  			UserId        string
   395  			ExpectedError string
   396  		}{
   397  			{
   398  				"Get visible user without restrictions",
   399  				"",
   400  				user5.Id,
   401  				"",
   402  			},
   403  			{
   404  				"Get not existing user without restrictions",
   405  				"",
   406  				model.NewId(),
   407  				"store.sql_user.missing_account.const",
   408  			},
   409  			{
   410  				"Get not existing user with restrictions to teams",
   411  				"teams",
   412  				model.NewId(),
   413  				"api.context.permissions.app_error",
   414  			},
   415  			{
   416  				"Get visible user with restrictions to teams",
   417  				"teams",
   418  				user2.Id,
   419  				"",
   420  			},
   421  			{
   422  				"Get not visible user with restrictions to teams",
   423  				"teams",
   424  				user5.Id,
   425  				"api.context.permissions.app_error",
   426  			},
   427  			{
   428  				"Get not existing user with restrictions to channels",
   429  				"channels",
   430  				model.NewId(),
   431  				"api.context.permissions.app_error",
   432  			},
   433  			{
   434  				"Get visible user with restrictions to channels",
   435  				"channels",
   436  				user4.Id,
   437  				"",
   438  			},
   439  			{
   440  				"Get not visible user with restrictions to channels",
   441  				"channels",
   442  				user3.Id,
   443  				"api.context.permissions.app_error",
   444  			},
   445  		}
   446  		defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions())
   447  
   448  		for _, tc := range testCases {
   449  			t.Run(tc.Name, func(t *testing.T) {
   450  				if tc.RestrictedTo == "channels" {
   451  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   452  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   453  				} else if tc.RestrictedTo == "teams" {
   454  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   455  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   456  				} else {
   457  					th.RemovePermissionFromRole(model.PERMISSION_VIEW_MEMBERS.Id, model.TEAM_USER_ROLE_ID)
   458  					th.AddPermissionToRole(model.PERMISSION_VIEW_MEMBERS.Id, model.SYSTEM_USER_ROLE_ID)
   459  				}
   460  
   461  				_, resp := th.Client.GetProfileImage(tc.UserId, "")
   462  				require.Nil(t, err)
   463  				if tc.ExpectedError != "" {
   464  					CheckErrorMessage(t, resp, tc.ExpectedError)
   465  				} else {
   466  					CheckNoError(t, resp)
   467  				}
   468  			})
   469  		}
   470  	})
   471  }