mirror of
https://github.com/mattermost/mattermost.git
synced 2026-04-15 22:12:19 -04:00
c7f6efdfb0
* Guest cannot add file to post without upload_file permission * Move checks to api layer, addd checks in update patch post scheduled post * Minor * Linter fixes * i18n translations * removed the duplicated check from scheduled_post app layer * Move scheduled post permission test from app layer to API layer The permission check for updating scheduled posts belonging to other users was moved from the app layer to the API layer in the PR. This commit moves the corresponding test to the API layer to match. * Move scheduled post delete permission check to API layer Move the permission check for deleting scheduled posts from the app layer to the API layer, consistent with update permission check. Also enhance API tests to verify posts aren't modified after forbidden operations. * Fix inconsistent status code for non-existent scheduled post Return StatusNotFound instead of StatusInternalServerError when a scheduled post doesn't exist in UpdateScheduledPost, matching the API layer behavior. * Fix flaky TestAddUserToChannelCreatesChannelMemberHistoryRecord test Use ElementsMatch instead of Equal to compare user ID slices since the order returned from GetUsersInChannelDuring is not guaranteed. --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Jesse Hallam <jesse@mattermost.com>
155 lines
4.9 KiB
Go
155 lines
4.9 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestUpdateScheduledPost(t *testing.T) {
|
|
mainHelper.Parallel(t)
|
|
th := Setup(t).InitBasic(t)
|
|
|
|
th.App.Srv().SetLicense(model.NewTestLicenseSKU(model.LicenseShortSkuProfessional))
|
|
|
|
t.Run("should not allow updating a scheduled post not belonging to the user", func(t *testing.T) {
|
|
scheduledPost := &model.ScheduledPost{
|
|
Draft: model.Draft{
|
|
CreateAt: model.GetMillis(),
|
|
UserId: th.BasicUser.Id,
|
|
ChannelId: th.BasicChannel.Id,
|
|
Message: "this is a scheduled post",
|
|
},
|
|
ScheduledAt: model.GetMillis() + 100000,
|
|
}
|
|
createdScheduledPost, _, err := th.Client.CreateScheduledPost(context.Background(), scheduledPost)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, createdScheduledPost)
|
|
|
|
originalMessage := createdScheduledPost.Message
|
|
originalScheduledAt := createdScheduledPost.ScheduledAt
|
|
|
|
createdScheduledPost.ScheduledAt = model.GetMillis() + 9999999
|
|
createdScheduledPost.Message = "Updated Message!!!"
|
|
|
|
// Switch to BasicUser2
|
|
th.LoginBasic2(t)
|
|
|
|
_, resp, err := th.Client.UpdateScheduledPost(context.Background(), createdScheduledPost)
|
|
require.Error(t, err)
|
|
CheckForbiddenStatus(t, resp)
|
|
|
|
// Switch back to original user and verify the post wasn't modified
|
|
th.LoginBasic(t)
|
|
|
|
fetchedPost, err := th.App.Srv().Store().ScheduledPost().Get(createdScheduledPost.Id)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, fetchedPost)
|
|
require.Equal(t, originalMessage, fetchedPost.Message)
|
|
require.Equal(t, originalScheduledAt, fetchedPost.ScheduledAt)
|
|
})
|
|
}
|
|
|
|
func TestDeleteScheduledPost(t *testing.T) {
|
|
mainHelper.Parallel(t)
|
|
th := Setup(t).InitBasic(t)
|
|
|
|
th.App.Srv().SetLicense(model.NewTestLicenseSKU(model.LicenseShortSkuProfessional))
|
|
|
|
t.Run("should not allow deleting a scheduled post not belonging to the user", func(t *testing.T) {
|
|
scheduledPost := &model.ScheduledPost{
|
|
Draft: model.Draft{
|
|
CreateAt: model.GetMillis(),
|
|
UserId: th.BasicUser.Id,
|
|
ChannelId: th.BasicChannel.Id,
|
|
Message: "this is a scheduled post",
|
|
},
|
|
ScheduledAt: model.GetMillis() + 100000,
|
|
}
|
|
createdScheduledPost, _, err := th.Client.CreateScheduledPost(context.Background(), scheduledPost)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, createdScheduledPost)
|
|
|
|
// Switch to BasicUser2
|
|
th.LoginBasic2(t)
|
|
|
|
_, resp, err := th.Client.DeleteScheduledPost(context.Background(), createdScheduledPost.Id)
|
|
require.Error(t, err)
|
|
CheckForbiddenStatus(t, resp)
|
|
|
|
// Switch back to original user and verify the post wasn't deleted
|
|
th.LoginBasic(t)
|
|
|
|
fetchedPost, err := th.App.Srv().Store().ScheduledPost().Get(createdScheduledPost.Id)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, fetchedPost)
|
|
require.Equal(t, createdScheduledPost.Id, fetchedPost.Id)
|
|
require.Equal(t, createdScheduledPost.Message, fetchedPost.Message)
|
|
})
|
|
}
|
|
|
|
func TestCreateScheduledPost(t *testing.T) {
|
|
mainHelper.Parallel(t)
|
|
th := Setup(t).InitBasic(t)
|
|
|
|
th.App.Srv().SetLicense(model.NewTestLicenseSKU(model.LicenseShortSkuProfessional))
|
|
|
|
client := th.Client
|
|
|
|
t.Run("base case", func(t *testing.T) {
|
|
userId := model.NewId()
|
|
|
|
scheduledPost := &model.ScheduledPost{
|
|
Draft: model.Draft{
|
|
CreateAt: model.GetMillis(),
|
|
UserId: userId,
|
|
ChannelId: th.BasicChannel.Id,
|
|
Message: "this is a scheduled post",
|
|
},
|
|
ScheduledAt: model.GetMillis() + 100000, // 100 seconds in the future
|
|
}
|
|
createdScheduledPost, _, err := client.CreateScheduledPost(context.Background(), scheduledPost)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, createdScheduledPost)
|
|
})
|
|
|
|
t.Run("should not allow created scheduled post in read-only channel", func(t *testing.T) {
|
|
channel := th.CreatePublicChannel(t)
|
|
th.AddUserToChannel(t, th.BasicUser, channel)
|
|
|
|
channelModerationPatches := []*model.ChannelModerationPatch{
|
|
{
|
|
Name: model.NewPointer(model.PermissionCreatePost.Id),
|
|
Roles: &model.ChannelModeratedRolesPatch{
|
|
Guests: model.NewPointer(true),
|
|
Members: model.NewPointer(false),
|
|
},
|
|
},
|
|
}
|
|
|
|
err := th.App.SetPhase2PermissionsMigrationStatus(true)
|
|
require.NoError(t, err)
|
|
|
|
_, appErr := th.App.PatchChannelModerationsForChannel(th.Context, channel, channelModerationPatches)
|
|
require.Nil(t, appErr)
|
|
|
|
scheduledPost := &model.ScheduledPost{
|
|
Draft: model.Draft{
|
|
CreateAt: model.GetMillis(),
|
|
UserId: th.BasicUser.Id,
|
|
ChannelId: channel.Id,
|
|
Message: "this is a scheduled post",
|
|
},
|
|
ScheduledAt: model.GetMillis() + 100000, // 100 seconds in the future
|
|
}
|
|
createdScheduledPost, _, httpErr := client.CreateScheduledPost(context.Background(), scheduledPost)
|
|
require.Error(t, httpErr)
|
|
require.Contains(t, httpErr.Error(), "You do not have the appropriate permissions.")
|
|
require.Nil(t, createdScheduledPost)
|
|
})
|
|
}
|