diff --git a/server/channels/api4/command.go b/server/channels/api4/command.go index 5e01d1f79c0..6f08f3922f7 100644 --- a/server/channels/api4/command.go +++ b/server/channels/api4/command.go @@ -335,6 +335,11 @@ func executeCommand(c *Context, w http.ResponseWriter, r *http.Request) { return } + if channel.DeleteAt != 0 { + c.Err = model.NewAppError("createPost", "api.command.execute_command.deleted.error", nil, "", http.StatusBadRequest) + return + } + if channel.Type != model.ChannelTypeDirect && channel.Type != model.ChannelTypeGroup { // if this isn't a DM or GM, the team id is implicitly taken from the channel so that slash commands created on // some other team can't be run against this one diff --git a/server/channels/api4/command_test.go b/server/channels/api4/command_test.go index c63ca758345..25e3491ea6a 100644 --- a/server/channels/api4/command_test.go +++ b/server/channels/api4/command_test.go @@ -1140,4 +1140,21 @@ func TestExecuteCommandReadOnly(t *testing.T) { _, resp, err = client.ExecuteCommandWithTeam(context.Background(), th.BasicChannel.Id, th.BasicChannel.TeamId, "/postcommand") require.Error(t, err) CheckForbiddenStatus(t, resp) + + // Confirm that the command works when the channel is not read only - use different channel + _, resp, err = client.ExecuteCommandWithTeam(context.Background(), th.BasicChannel2.Id, th.BasicChannel2.TeamId, "/postcommand") + require.NoError(t, err) + CheckOKStatus(t, resp) + + appErr = th.App.DeleteChannel( + th.Context, + th.BasicChannel2, + th.SystemAdminUser.Id, + ) + require.Nil(t, appErr, "failed to delete channel") + + // Confirm that the command fails when the channel is archived + _, resp, err = client.ExecuteCommandWithTeam(context.Background(), th.BasicChannel2.Id, th.BasicChannel2.TeamId, "/postcommand") + require.Error(t, err) + CheckBadRequestStatus(t, resp) } diff --git a/server/i18n/en.json b/server/i18n/en.json index bd858af4130..f2d191d9c86 100644 --- a/server/i18n/en.json +++ b/server/i18n/en.json @@ -603,6 +603,10 @@ "id": "api.command.execute_command.create_post_failed.app_error", "translation": "Command '{{.Trigger}}' failed to post response. Please contact your System Administrator." }, + { + "id": "api.command.execute_command.deleted.error", + "translation": "Can not run command in deleted channel." + }, { "id": "api.command.execute_command.failed.app_error", "translation": "Command with a trigger of '{{.Trigger}}' failed."