1// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2// See LICENSE.txt for license information. 3 4package api4 5 6import ( 7 "context" 8 "strings" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 14 "github.com/mattermost/mattermost-server/v6/model" 15) 16 17func TestCreateScheme(t *testing.T) { 18 th := Setup(t) 19 defer th.TearDown() 20 21 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 22 23 th.App.SetPhase2PermissionsMigrationStatus(true) 24 25 // Basic test of creating a team scheme. 26 scheme1 := &model.Scheme{ 27 DisplayName: model.NewId(), 28 Name: model.NewId(), 29 Description: model.NewId(), 30 Scope: model.SchemeScopeTeam, 31 } 32 33 s1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 34 require.NoError(t, err) 35 36 assert.Equal(t, s1.DisplayName, scheme1.DisplayName) 37 assert.Equal(t, s1.Name, scheme1.Name) 38 assert.Equal(t, s1.Description, scheme1.Description) 39 assert.NotZero(t, s1.CreateAt) 40 assert.Equal(t, s1.CreateAt, s1.UpdateAt) 41 assert.Zero(t, s1.DeleteAt) 42 assert.Equal(t, s1.Scope, scheme1.Scope) 43 assert.NotZero(t, len(s1.DefaultTeamAdminRole)) 44 assert.NotZero(t, len(s1.DefaultTeamUserRole)) 45 assert.NotZero(t, len(s1.DefaultTeamGuestRole)) 46 assert.NotZero(t, len(s1.DefaultChannelAdminRole)) 47 assert.NotZero(t, len(s1.DefaultChannelUserRole)) 48 assert.NotZero(t, len(s1.DefaultChannelGuestRole)) 49 50 // Check the default roles have been created. 51 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole) 52 require.NoError(t, err) 53 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole) 54 require.NoError(t, err) 55 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 56 require.NoError(t, err) 57 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 58 require.NoError(t, err) 59 60 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 61 require.NoError(t, err) 62 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 63 require.NoError(t, err) 64 _, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 65 require.NoError(t, err) 66 67 // Basic Test of a Channel scheme. 68 scheme2 := &model.Scheme{ 69 DisplayName: model.NewId(), 70 Name: model.NewId(), 71 Description: model.NewId(), 72 Scope: model.SchemeScopeChannel, 73 } 74 75 s2, _, err := th.SystemAdminClient.CreateScheme(scheme2) 76 require.NoError(t, err) 77 78 assert.Equal(t, s2.DisplayName, scheme2.DisplayName) 79 assert.Equal(t, s2.Name, scheme2.Name) 80 assert.Equal(t, s2.Description, scheme2.Description) 81 assert.NotZero(t, s2.CreateAt) 82 assert.Equal(t, s2.CreateAt, s2.UpdateAt) 83 assert.Zero(t, s2.DeleteAt) 84 assert.Equal(t, s2.Scope, scheme2.Scope) 85 assert.Zero(t, len(s2.DefaultTeamAdminRole)) 86 assert.Zero(t, len(s2.DefaultTeamUserRole)) 87 assert.Zero(t, len(s2.DefaultTeamGuestRole)) 88 assert.NotZero(t, len(s2.DefaultChannelAdminRole)) 89 assert.NotZero(t, len(s2.DefaultChannelUserRole)) 90 assert.NotZero(t, len(s2.DefaultChannelGuestRole)) 91 92 // Check the default roles have been created. 93 _, _, err = th.SystemAdminClient.GetRoleByName(s2.DefaultChannelAdminRole) 94 require.NoError(t, err) 95 _, _, err = th.SystemAdminClient.GetRoleByName(s2.DefaultChannelUserRole) 96 require.NoError(t, err) 97 _, _, err = th.SystemAdminClient.GetRoleByName(s2.DefaultChannelGuestRole) 98 require.NoError(t, err) 99 100 // Try and create a scheme with an invalid scope. 101 scheme3 := &model.Scheme{ 102 DisplayName: model.NewId(), 103 Name: model.NewId(), 104 Description: model.NewId(), 105 Scope: model.NewId(), 106 } 107 108 _, r3, _ := th.SystemAdminClient.CreateScheme(scheme3) 109 CheckBadRequestStatus(t, r3) 110 111 // Try and create a scheme with an invalid display name. 112 scheme4 := &model.Scheme{ 113 DisplayName: strings.Repeat(model.NewId(), 100), 114 Name: "Name", 115 Description: model.NewId(), 116 Scope: model.NewId(), 117 } 118 _, r4, _ := th.SystemAdminClient.CreateScheme(scheme4) 119 CheckBadRequestStatus(t, r4) 120 121 // Try and create a scheme with an invalid name. 122 scheme8 := &model.Scheme{ 123 DisplayName: "DisplayName", 124 Name: strings.Repeat(model.NewId(), 100), 125 Description: model.NewId(), 126 Scope: model.NewId(), 127 } 128 _, r8, _ := th.SystemAdminClient.CreateScheme(scheme8) 129 CheckBadRequestStatus(t, r8) 130 131 // Try and create a scheme without the appropriate permissions. 132 scheme5 := &model.Scheme{ 133 DisplayName: model.NewId(), 134 Name: model.NewId(), 135 Description: model.NewId(), 136 Scope: model.SchemeScopeTeam, 137 } 138 _, r5, err := th.Client.CreateScheme(scheme5) 139 require.Error(t, err) 140 CheckForbiddenStatus(t, r5) 141 142 // Try and create a scheme without a license. 143 th.App.Srv().SetLicense(nil) 144 scheme6 := &model.Scheme{ 145 DisplayName: model.NewId(), 146 Name: model.NewId(), 147 Description: model.NewId(), 148 Scope: model.SchemeScopeTeam, 149 } 150 _, r6, _ := th.SystemAdminClient.CreateScheme(scheme6) 151 CheckNotImplementedStatus(t, r6) 152 153 th.App.SetPhase2PermissionsMigrationStatus(false) 154 155 th.LoginSystemAdmin() 156 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 157 158 scheme7 := &model.Scheme{ 159 DisplayName: model.NewId(), 160 Name: model.NewId(), 161 Description: model.NewId(), 162 Scope: model.SchemeScopeTeam, 163 } 164 _, r7, _ := th.SystemAdminClient.CreateScheme(scheme7) 165 CheckNotImplementedStatus(t, r7) 166} 167 168func TestGetScheme(t *testing.T) { 169 th := Setup(t).InitBasic() 170 defer th.TearDown() 171 172 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 173 174 // Basic test of creating a team scheme. 175 scheme1 := &model.Scheme{ 176 DisplayName: model.NewId(), 177 Name: model.NewId(), 178 Description: model.NewId(), 179 Scope: model.SchemeScopeTeam, 180 } 181 182 th.App.SetPhase2PermissionsMigrationStatus(true) 183 184 s1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 185 require.NoError(t, err) 186 187 assert.Equal(t, s1.DisplayName, scheme1.DisplayName) 188 assert.Equal(t, s1.Name, scheme1.Name) 189 assert.Equal(t, s1.Description, scheme1.Description) 190 assert.NotZero(t, s1.CreateAt) 191 assert.Equal(t, s1.CreateAt, s1.UpdateAt) 192 assert.Zero(t, s1.DeleteAt) 193 assert.Equal(t, s1.Scope, scheme1.Scope) 194 assert.NotZero(t, len(s1.DefaultTeamAdminRole)) 195 assert.NotZero(t, len(s1.DefaultTeamUserRole)) 196 assert.NotZero(t, len(s1.DefaultTeamGuestRole)) 197 assert.NotZero(t, len(s1.DefaultChannelAdminRole)) 198 assert.NotZero(t, len(s1.DefaultChannelUserRole)) 199 assert.NotZero(t, len(s1.DefaultChannelGuestRole)) 200 201 s2, _, err := th.SystemAdminClient.GetScheme(s1.Id) 202 require.NoError(t, err) 203 204 assert.Equal(t, s1, s2) 205 206 _, r3, _ := th.SystemAdminClient.GetScheme(model.NewId()) 207 CheckNotFoundStatus(t, r3) 208 209 _, r4, _ := th.SystemAdminClient.GetScheme("12345") 210 CheckBadRequestStatus(t, r4) 211 212 th.SystemAdminClient.Logout() 213 _, r5, _ := th.SystemAdminClient.GetScheme(s1.Id) 214 CheckUnauthorizedStatus(t, r5) 215 216 th.SystemAdminClient.Login(th.SystemAdminUser.Username, th.SystemAdminUser.Password) 217 th.App.Srv().SetLicense(nil) 218 _, _, err = th.SystemAdminClient.GetScheme(s1.Id) 219 require.NoError(t, err) 220 221 _, r7, err := th.Client.GetScheme(s1.Id) 222 require.Error(t, err) 223 CheckForbiddenStatus(t, r7) 224 225 th.App.SetPhase2PermissionsMigrationStatus(false) 226 227 _, r8, _ := th.SystemAdminClient.GetScheme(s1.Id) 228 CheckNotImplementedStatus(t, r8) 229} 230 231func TestGetSchemes(t *testing.T) { 232 th := Setup(t).InitBasic() 233 defer th.TearDown() 234 235 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 236 237 scheme1 := &model.Scheme{ 238 DisplayName: model.NewId(), 239 Name: model.NewId(), 240 Description: model.NewId(), 241 Scope: model.SchemeScopeTeam, 242 } 243 244 scheme2 := &model.Scheme{ 245 DisplayName: model.NewId(), 246 Name: model.NewId(), 247 Description: model.NewId(), 248 Scope: model.SchemeScopeChannel, 249 } 250 251 th.App.SetPhase2PermissionsMigrationStatus(true) 252 253 _, _, err := th.SystemAdminClient.CreateScheme(scheme1) 254 require.NoError(t, err) 255 _, _, err = th.SystemAdminClient.CreateScheme(scheme2) 256 require.NoError(t, err) 257 258 l3, _, err := th.SystemAdminClient.GetSchemes("", 0, 100) 259 require.NoError(t, err) 260 261 assert.NotZero(t, len(l3)) 262 263 l4, _, err := th.SystemAdminClient.GetSchemes("team", 0, 100) 264 require.NoError(t, err) 265 266 for _, s := range l4 { 267 assert.Equal(t, "team", s.Scope) 268 } 269 270 l5, _, err := th.SystemAdminClient.GetSchemes("channel", 0, 100) 271 require.NoError(t, err) 272 273 for _, s := range l5 { 274 assert.Equal(t, "channel", s.Scope) 275 } 276 277 _, r6, _ := th.SystemAdminClient.GetSchemes("asdf", 0, 100) 278 CheckBadRequestStatus(t, r6) 279 280 th.Client.Logout() 281 _, r7, _ := th.Client.GetSchemes("", 0, 100) 282 CheckUnauthorizedStatus(t, r7) 283 284 th.Client.Login(th.BasicUser.Username, th.BasicUser.Password) 285 _, r8, err := th.Client.GetSchemes("", 0, 100) 286 require.Error(t, err) 287 CheckForbiddenStatus(t, r8) 288 289 th.App.SetPhase2PermissionsMigrationStatus(false) 290 291 _, r9, _ := th.SystemAdminClient.GetSchemes("", 0, 100) 292 CheckNotImplementedStatus(t, r9) 293} 294 295func TestGetTeamsForScheme(t *testing.T) { 296 th := Setup(t).InitBasic() 297 defer th.TearDown() 298 299 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 300 301 th.App.SetPhase2PermissionsMigrationStatus(true) 302 303 scheme1 := &model.Scheme{ 304 DisplayName: model.NewId(), 305 Name: model.NewId(), 306 Description: model.NewId(), 307 Scope: model.SchemeScopeTeam, 308 } 309 scheme1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 310 require.NoError(t, err) 311 312 team1 := &model.Team{ 313 Name: GenerateTestUsername(), 314 DisplayName: "A Test Team", 315 Type: model.TeamOpen, 316 } 317 318 team1, err = th.App.Srv().Store.Team().Save(team1) 319 require.NoError(t, err) 320 321 l2, _, err := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 322 require.NoError(t, err) 323 assert.Zero(t, len(l2)) 324 325 team1.SchemeId = &scheme1.Id 326 team1, err = th.App.Srv().Store.Team().Update(team1) 327 assert.NoError(t, err) 328 329 l3, _, err := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 330 require.NoError(t, err) 331 assert.Len(t, l3, 1) 332 assert.Equal(t, team1.Id, l3[0].Id) 333 334 team2 := &model.Team{ 335 Name: GenerateTestUsername(), 336 DisplayName: "B Test Team", 337 Type: model.TeamOpen, 338 SchemeId: &scheme1.Id, 339 } 340 team2, err = th.App.Srv().Store.Team().Save(team2) 341 require.NoError(t, err) 342 343 l4, _, err := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 344 require.NoError(t, err) 345 assert.Len(t, l4, 2) 346 assert.Equal(t, team1.Id, l4[0].Id) 347 assert.Equal(t, team2.Id, l4[1].Id) 348 349 l5, _, err := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 1, 1) 350 require.NoError(t, err) 351 assert.Len(t, l5, 1) 352 assert.Equal(t, team2.Id, l5[0].Id) 353 354 // Check various error cases. 355 _, ri1, _ := th.SystemAdminClient.GetTeamsForScheme(model.NewId(), 0, 100) 356 CheckNotFoundStatus(t, ri1) 357 358 _, ri2, _ := th.SystemAdminClient.GetTeamsForScheme("", 0, 100) 359 CheckBadRequestStatus(t, ri2) 360 361 th.Client.Logout() 362 _, ri3, _ := th.Client.GetTeamsForScheme(model.NewId(), 0, 100) 363 CheckUnauthorizedStatus(t, ri3) 364 365 th.Client.Login(th.BasicUser.Username, th.BasicUser.Password) 366 _, ri4, err := th.Client.GetTeamsForScheme(model.NewId(), 0, 100) 367 require.Error(t, err) 368 CheckForbiddenStatus(t, ri4) 369 370 scheme2 := &model.Scheme{ 371 DisplayName: model.NewId(), 372 Name: model.NewId(), 373 Description: model.NewId(), 374 Scope: model.SchemeScopeChannel, 375 } 376 scheme2, _, err = th.SystemAdminClient.CreateScheme(scheme2) 377 require.NoError(t, err) 378 379 _, ri5, _ := th.SystemAdminClient.GetTeamsForScheme(scheme2.Id, 0, 100) 380 CheckBadRequestStatus(t, ri5) 381 382 th.App.SetPhase2PermissionsMigrationStatus(false) 383 384 _, ri6, _ := th.SystemAdminClient.GetTeamsForScheme(scheme1.Id, 0, 100) 385 CheckNotImplementedStatus(t, ri6) 386} 387 388func TestGetChannelsForScheme(t *testing.T) { 389 th := Setup(t).InitBasic() 390 defer th.TearDown() 391 392 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 393 394 th.App.SetPhase2PermissionsMigrationStatus(true) 395 396 scheme1 := &model.Scheme{ 397 DisplayName: model.NewId(), 398 Name: model.NewId(), 399 Description: model.NewId(), 400 Scope: model.SchemeScopeChannel, 401 } 402 scheme1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 403 require.NoError(t, err) 404 405 channel1 := &model.Channel{ 406 TeamId: model.NewId(), 407 DisplayName: "A Name", 408 Name: model.NewId(), 409 Type: model.ChannelTypeOpen, 410 } 411 412 channel1, errCh := th.App.Srv().Store.Channel().Save(channel1, 1000000) 413 assert.NoError(t, errCh) 414 415 l2, _, err := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 416 require.NoError(t, err) 417 assert.Zero(t, len(l2)) 418 419 channel1.SchemeId = &scheme1.Id 420 channel1, err = th.App.Srv().Store.Channel().Update(channel1) 421 assert.NoError(t, err) 422 423 l3, _, err := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 424 require.NoError(t, err) 425 assert.Len(t, l3, 1) 426 assert.Equal(t, channel1.Id, l3[0].Id) 427 428 channel2 := &model.Channel{ 429 TeamId: model.NewId(), 430 DisplayName: "B Name", 431 Name: model.NewId(), 432 Type: model.ChannelTypeOpen, 433 SchemeId: &scheme1.Id, 434 } 435 channel2, err = th.App.Srv().Store.Channel().Save(channel2, 1000000) 436 assert.NoError(t, err) 437 438 l4, _, err := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 439 require.NoError(t, err) 440 assert.Len(t, l4, 2) 441 assert.Equal(t, channel1.Id, l4[0].Id) 442 assert.Equal(t, channel2.Id, l4[1].Id) 443 444 l5, _, err := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 1, 1) 445 require.NoError(t, err) 446 assert.Len(t, l5, 1) 447 assert.Equal(t, channel2.Id, l5[0].Id) 448 449 // Check various error cases. 450 _, ri1, _ := th.SystemAdminClient.GetChannelsForScheme(model.NewId(), 0, 100) 451 CheckNotFoundStatus(t, ri1) 452 453 _, ri2, _ := th.SystemAdminClient.GetChannelsForScheme("", 0, 100) 454 CheckBadRequestStatus(t, ri2) 455 456 th.Client.Logout() 457 _, ri3, _ := th.Client.GetChannelsForScheme(model.NewId(), 0, 100) 458 CheckUnauthorizedStatus(t, ri3) 459 460 th.Client.Login(th.BasicUser.Username, th.BasicUser.Password) 461 _, ri4, err := th.Client.GetChannelsForScheme(model.NewId(), 0, 100) 462 require.Error(t, err) 463 CheckForbiddenStatus(t, ri4) 464 465 scheme2 := &model.Scheme{ 466 DisplayName: model.NewId(), 467 Name: model.NewId(), 468 Description: model.NewId(), 469 Scope: model.SchemeScopeTeam, 470 } 471 scheme2, _, err = th.SystemAdminClient.CreateScheme(scheme2) 472 require.NoError(t, err) 473 474 _, ri5, _ := th.SystemAdminClient.GetChannelsForScheme(scheme2.Id, 0, 100) 475 CheckBadRequestStatus(t, ri5) 476 477 th.App.SetPhase2PermissionsMigrationStatus(false) 478 479 _, ri6, _ := th.SystemAdminClient.GetChannelsForScheme(scheme1.Id, 0, 100) 480 CheckNotImplementedStatus(t, ri6) 481} 482 483func TestPatchScheme(t *testing.T) { 484 th := Setup(t) 485 defer th.TearDown() 486 487 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 488 489 th.App.SetPhase2PermissionsMigrationStatus(true) 490 491 // Basic test of creating a team scheme. 492 scheme1 := &model.Scheme{ 493 DisplayName: model.NewId(), 494 Name: model.NewId(), 495 Description: model.NewId(), 496 Scope: model.SchemeScopeTeam, 497 } 498 499 s1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 500 require.NoError(t, err) 501 502 assert.Equal(t, s1.DisplayName, scheme1.DisplayName) 503 assert.Equal(t, s1.Name, scheme1.Name) 504 assert.Equal(t, s1.Description, scheme1.Description) 505 assert.NotZero(t, s1.CreateAt) 506 assert.Equal(t, s1.CreateAt, s1.UpdateAt) 507 assert.Zero(t, s1.DeleteAt) 508 assert.Equal(t, s1.Scope, scheme1.Scope) 509 assert.NotZero(t, len(s1.DefaultTeamAdminRole)) 510 assert.NotZero(t, len(s1.DefaultTeamUserRole)) 511 assert.NotZero(t, len(s1.DefaultTeamGuestRole)) 512 assert.NotZero(t, len(s1.DefaultChannelAdminRole)) 513 assert.NotZero(t, len(s1.DefaultChannelUserRole)) 514 assert.NotZero(t, len(s1.DefaultChannelGuestRole)) 515 516 s2, _, err := th.SystemAdminClient.GetScheme(s1.Id) 517 require.NoError(t, err) 518 519 assert.Equal(t, s1, s2) 520 521 // Test with a valid patch. 522 schemePatch := &model.SchemePatch{ 523 DisplayName: new(string), 524 Name: new(string), 525 Description: new(string), 526 } 527 *schemePatch.DisplayName = model.NewId() 528 *schemePatch.Name = model.NewId() 529 *schemePatch.Description = model.NewId() 530 531 s3, _, err := th.SystemAdminClient.PatchScheme(s2.Id, schemePatch) 532 require.NoError(t, err) 533 assert.Equal(t, s3.Id, s2.Id) 534 assert.Equal(t, s3.DisplayName, *schemePatch.DisplayName) 535 assert.Equal(t, s3.Name, *schemePatch.Name) 536 assert.Equal(t, s3.Description, *schemePatch.Description) 537 538 s4, _, err := th.SystemAdminClient.GetScheme(s3.Id) 539 require.NoError(t, err) 540 assert.Equal(t, s3, s4) 541 542 // Test with a partial patch. 543 *schemePatch.Name = model.NewId() 544 *schemePatch.DisplayName = model.NewId() 545 schemePatch.Description = nil 546 547 s5, _, err := th.SystemAdminClient.PatchScheme(s4.Id, schemePatch) 548 require.NoError(t, err) 549 assert.Equal(t, s5.Id, s4.Id) 550 assert.Equal(t, s5.DisplayName, *schemePatch.DisplayName) 551 assert.Equal(t, s5.Name, *schemePatch.Name) 552 assert.Equal(t, s5.Description, s4.Description) 553 554 s6, _, err := th.SystemAdminClient.GetScheme(s5.Id) 555 require.NoError(t, err) 556 assert.Equal(t, s5, s6) 557 558 // Test with invalid patch. 559 *schemePatch.Name = strings.Repeat(model.NewId(), 20) 560 _, r7, _ := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch) 561 CheckBadRequestStatus(t, r7) 562 563 // Test with unknown ID. 564 *schemePatch.Name = model.NewId() 565 _, r8, _ := th.SystemAdminClient.PatchScheme(model.NewId(), schemePatch) 566 CheckNotFoundStatus(t, r8) 567 568 // Test with invalid ID. 569 _, r9, _ := th.SystemAdminClient.PatchScheme("12345", schemePatch) 570 CheckBadRequestStatus(t, r9) 571 572 // Test without required permissions. 573 _, r10, err := th.Client.PatchScheme(s6.Id, schemePatch) 574 require.Error(t, err) 575 CheckForbiddenStatus(t, r10) 576 577 // Test without license. 578 th.App.Srv().SetLicense(nil) 579 _, r11, _ := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch) 580 CheckNotImplementedStatus(t, r11) 581 582 th.App.SetPhase2PermissionsMigrationStatus(false) 583 584 th.LoginSystemAdmin() 585 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 586 587 _, r12, _ := th.SystemAdminClient.PatchScheme(s6.Id, schemePatch) 588 CheckNotImplementedStatus(t, r12) 589} 590 591func TestDeleteScheme(t *testing.T) { 592 th := Setup(t) 593 defer th.TearDown() 594 595 t.Run("ValidTeamScheme", func(t *testing.T) { 596 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 597 598 th.App.SetPhase2PermissionsMigrationStatus(true) 599 600 // Create a team scheme. 601 scheme1 := &model.Scheme{ 602 DisplayName: model.NewId(), 603 Name: model.NewId(), 604 Description: model.NewId(), 605 Scope: model.SchemeScopeTeam, 606 } 607 608 s1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 609 require.NoError(t, err) 610 611 // Retrieve the roles and check they are not deleted. 612 role1, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole) 613 require.NoError(t, err) 614 role2, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole) 615 require.NoError(t, err) 616 role3, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 617 require.NoError(t, err) 618 role4, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 619 require.NoError(t, err) 620 role5, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 621 require.NoError(t, err) 622 role6, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 623 require.NoError(t, err) 624 625 assert.Zero(t, role1.DeleteAt) 626 assert.Zero(t, role2.DeleteAt) 627 assert.Zero(t, role3.DeleteAt) 628 assert.Zero(t, role4.DeleteAt) 629 assert.Zero(t, role5.DeleteAt) 630 assert.Zero(t, role6.DeleteAt) 631 632 // Make sure this scheme is in use by a team. 633 team, err := th.App.Srv().Store.Team().Save(&model.Team{ 634 Name: "zz" + model.NewId(), 635 DisplayName: model.NewId(), 636 Email: model.NewId() + "@nowhere.com", 637 Type: model.TeamOpen, 638 SchemeId: &s1.Id, 639 }) 640 require.NoError(t, err) 641 642 // Delete the Scheme. 643 _, err = th.SystemAdminClient.DeleteScheme(s1.Id) 644 require.NoError(t, err) 645 646 // Check the roles were deleted. 647 role1, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamAdminRole) 648 require.NoError(t, err) 649 role2, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamUserRole) 650 require.NoError(t, err) 651 role3, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 652 require.NoError(t, err) 653 role4, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 654 require.NoError(t, err) 655 role5, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultTeamGuestRole) 656 require.NoError(t, err) 657 role6, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 658 require.NoError(t, err) 659 660 assert.NotZero(t, role1.DeleteAt) 661 assert.NotZero(t, role2.DeleteAt) 662 assert.NotZero(t, role3.DeleteAt) 663 assert.NotZero(t, role4.DeleteAt) 664 assert.NotZero(t, role5.DeleteAt) 665 assert.NotZero(t, role6.DeleteAt) 666 667 // Check the team now uses the default scheme 668 c2, _, err := th.SystemAdminClient.GetTeam(team.Id, "") 669 require.NoError(t, err) 670 assert.Equal(t, "", *c2.SchemeId) 671 }) 672 673 t.Run("ValidChannelScheme", func(t *testing.T) { 674 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 675 676 th.App.SetPhase2PermissionsMigrationStatus(true) 677 678 // Create a channel scheme. 679 scheme1 := &model.Scheme{ 680 DisplayName: model.NewId(), 681 Name: model.NewId(), 682 Description: model.NewId(), 683 Scope: model.SchemeScopeChannel, 684 } 685 686 s1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 687 require.NoError(t, err) 688 689 // Retrieve the roles and check they are not deleted. 690 role3, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 691 require.NoError(t, err) 692 role4, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 693 require.NoError(t, err) 694 role6, _, err := th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 695 require.NoError(t, err) 696 697 assert.Zero(t, role3.DeleteAt) 698 assert.Zero(t, role4.DeleteAt) 699 assert.Zero(t, role6.DeleteAt) 700 701 // Make sure this scheme is in use by a team. 702 channel, err := th.App.Srv().Store.Channel().Save(&model.Channel{ 703 TeamId: model.NewId(), 704 DisplayName: model.NewId(), 705 Name: model.NewId(), 706 Type: model.ChannelTypeOpen, 707 SchemeId: &s1.Id, 708 }, -1) 709 assert.NoError(t, err) 710 711 // Delete the Scheme. 712 _, err = th.SystemAdminClient.DeleteScheme(s1.Id) 713 require.NoError(t, err) 714 715 // Check the roles were deleted. 716 role3, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelAdminRole) 717 require.NoError(t, err) 718 role4, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelUserRole) 719 require.NoError(t, err) 720 role6, _, err = th.SystemAdminClient.GetRoleByName(s1.DefaultChannelGuestRole) 721 require.NoError(t, err) 722 723 assert.NotZero(t, role3.DeleteAt) 724 assert.NotZero(t, role4.DeleteAt) 725 assert.NotZero(t, role6.DeleteAt) 726 727 // Check the channel now uses the default scheme 728 c2, _, err := th.SystemAdminClient.GetChannelByName(channel.Name, channel.TeamId, "") 729 require.NoError(t, err) 730 assert.Equal(t, "", *c2.SchemeId) 731 }) 732 733 t.Run("FailureCases", func(t *testing.T) { 734 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 735 736 th.App.SetPhase2PermissionsMigrationStatus(true) 737 738 scheme1 := &model.Scheme{ 739 DisplayName: model.NewId(), 740 Name: model.NewId(), 741 Description: model.NewId(), 742 Scope: model.SchemeScopeChannel, 743 } 744 745 s1, _, err := th.SystemAdminClient.CreateScheme(scheme1) 746 require.NoError(t, err) 747 748 // Test with unknown ID. 749 r2, err := th.SystemAdminClient.DeleteScheme(model.NewId()) 750 require.Error(t, err) 751 CheckNotFoundStatus(t, r2) 752 753 // Test with invalid ID. 754 r3, err := th.SystemAdminClient.DeleteScheme("12345") 755 require.Error(t, err) 756 CheckBadRequestStatus(t, r3) 757 758 // Test without required permissions. 759 r4, err := th.Client.DeleteScheme(s1.Id) 760 require.Error(t, err) 761 CheckForbiddenStatus(t, r4) 762 763 // Test without license. 764 th.App.Srv().SetLicense(nil) 765 r5, err := th.SystemAdminClient.DeleteScheme(s1.Id) 766 require.Error(t, err) 767 CheckNotImplementedStatus(t, r5) 768 769 th.App.SetPhase2PermissionsMigrationStatus(false) 770 771 th.App.Srv().SetLicense(model.NewTestLicense("custom_permissions_schemes")) 772 773 r6, err := th.SystemAdminClient.DeleteScheme(s1.Id) 774 require.Error(t, err) 775 CheckNotImplementedStatus(t, r6) 776 }) 777} 778 779func TestUpdateTeamSchemeWithTeamMembers(t *testing.T) { 780 th := Setup(t).InitBasic() 781 defer th.TearDown() 782 783 t.Run("Correctly invalidates team member cache", func(t *testing.T) { 784 th.App.SetPhase2PermissionsMigrationStatus(true) 785 786 team := th.CreateTeam() 787 _, _, appErr := th.App.AddUserToTeam(th.Context, team.Id, th.BasicUser.Id, th.SystemAdminUser.Id) 788 require.Nil(t, appErr) 789 790 teamScheme := th.SetupTeamScheme() 791 792 teamUserRole, appErr := th.App.GetRoleByName(context.Background(), teamScheme.DefaultTeamUserRole) 793 require.Nil(t, appErr) 794 teamUserRole.Permissions = []string{} 795 _, appErr = th.App.UpdateRole(teamUserRole) 796 require.Nil(t, appErr) 797 798 th.LoginBasic() 799 800 _, _, err := th.Client.CreateChannel(&model.Channel{DisplayName: "Test API Name", Name: GenerateTestChannelName(), Type: model.ChannelTypeOpen, TeamId: team.Id}) 801 require.NoError(t, err) 802 803 team.SchemeId = &teamScheme.Id 804 team, appErr = th.App.UpdateTeamScheme(team) 805 require.Nil(t, appErr) 806 807 _, _, err = th.Client.CreateChannel(&model.Channel{DisplayName: "Test API Name", Name: GenerateTestChannelName(), Type: model.ChannelTypeOpen, TeamId: team.Id}) 808 require.Error(t, err) 809 }) 810} 811