Commit 75c90740 authored by George Goldberg's avatar George Goldberg

MM-12110: Don't /invite or /kick deactivated users.

parent 1e9e30c2
...@@ -49,15 +49,21 @@ func (me *InviteProvider) DoCommand(a *App, args *model.CommandArgs, message str ...@@ -49,15 +49,21 @@ func (me *InviteProvider) DoCommand(a *App, args *model.CommandArgs, message str
targetUsername := splitMessage[0] targetUsername := splitMessage[0]
targetUsername = strings.TrimPrefix(targetUsername, "@") targetUsername = strings.TrimPrefix(targetUsername, "@")
var userProfile *model.User result := <-a.Srv.Store.User().GetByUsername(targetUsername)
if result := <-a.Srv.Store.User().GetByUsername(targetUsername); result.Err != nil { if result.Err != nil {
mlog.Error(result.Err.Error()) mlog.Error(result.Err.Error())
return &model.CommandResponse{ return &model.CommandResponse{
Text: args.T("api.command_invite.missing_user.app_error"), Text: args.T("api.command_invite.missing_user.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL, ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
} }
} else { }
userProfile = result.Data.(*model.User)
userProfile := result.Data.(*model.User)
if userProfile.DeleteAt != 0 {
return &model.CommandResponse{
Text: args.T("api.command_invite.missing_user.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
var channelToJoin *model.Channel var channelToJoin *model.Channel
......
...@@ -23,6 +23,8 @@ func TestInviteProvider(t *testing.T) { ...@@ -23,6 +23,8 @@ func TestInviteProvider(t *testing.T) {
basicUser3 := th.CreateUser() basicUser3 := th.CreateUser()
th.LinkUserToTeam(basicUser3, th.BasicTeam) th.LinkUserToTeam(basicUser3, th.BasicTeam)
basicUser4 := th.CreateUser() basicUser4 := th.CreateUser()
deactivatedUser := th.CreateUser()
th.App.UpdateActive(deactivatedUser, false)
InviteP := InviteProvider{} InviteP := InviteProvider{}
args := &model.CommandArgs{ args := &model.CommandArgs{
...@@ -38,6 +40,7 @@ func TestInviteProvider(t *testing.T) { ...@@ -38,6 +40,7 @@ func TestInviteProvider(t *testing.T) {
userAndPrivateChannel := "@" + th.BasicUser2.Username + " ~" + privateChannel.Name userAndPrivateChannel := "@" + th.BasicUser2.Username + " ~" + privateChannel.Name
userAndDMChannel := "@" + basicUser3.Username + " ~" + dmChannel.Name userAndDMChannel := "@" + basicUser3.Username + " ~" + dmChannel.Name
userAndInvalidPrivate := "@" + basicUser3.Username + " ~" + privateChannel2.Name userAndInvalidPrivate := "@" + basicUser3.Username + " ~" + privateChannel2.Name
deactivatedUserPublicChannel := "@" + deactivatedUser.Username + " ~" + channel.Name
tests := []struct { tests := []struct {
desc string desc string
...@@ -99,6 +102,11 @@ func TestInviteProvider(t *testing.T) { ...@@ -99,6 +102,11 @@ func TestInviteProvider(t *testing.T) {
expected: "api.command_invite.private_channel.app_error", expected: "api.command_invite.private_channel.app_error",
msg: userAndInvalidPrivate, msg: userAndInvalidPrivate,
}, },
{
desc: "try to add a deleted user to a public channel",
expected: "api.command_invite.missing_user.app_error",
msg: deactivatedUserPublicChannel,
},
} }
for _, test := range tests { for _, test := range tests {
......
...@@ -67,24 +67,39 @@ func (me *KickProvider) DoCommand(a *App, args *model.CommandArgs, message strin ...@@ -67,24 +67,39 @@ func (me *KickProvider) DoCommand(a *App, args *model.CommandArgs, message strin
func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandResponse { func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandResponse {
channel, err := a.GetChannel(args.ChannelId) channel, err := a.GetChannel(args.ChannelId)
if err != nil { if err != nil {
return &model.CommandResponse{Text: args.T("api.command_channel_rename.channel.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T("api.command_channel_remove.channel.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
switch channel.Type { switch channel.Type {
case model.CHANNEL_OPEN: case model.CHANNEL_OPEN:
if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) { if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) {
return &model.CommandResponse{Text: args.T("api.command_remove.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T("api.command_remove.permission.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
case model.CHANNEL_PRIVATE: case model.CHANNEL_PRIVATE:
if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) { if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
return &model.CommandResponse{Text: args.T("api.command_remove.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T("api.command_remove.permission.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
default: default:
return &model.CommandResponse{Text: args.T("api.command_remove.direct_group.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T("api.command_remove.direct_group.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
if len(message) == 0 { if len(message) == 0 {
return &model.CommandResponse{Text: args.T("api.command_remove.message.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T("api.command_remove.message.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
targetUsername := "" targetUsername := ""
...@@ -92,22 +107,40 @@ func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandRe ...@@ -92,22 +107,40 @@ func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandRe
targetUsername = strings.SplitN(message, " ", 2)[0] targetUsername = strings.SplitN(message, " ", 2)[0]
targetUsername = strings.TrimPrefix(targetUsername, "@") targetUsername = strings.TrimPrefix(targetUsername, "@")
var userProfile *model.User result := <-a.Srv.Store.User().GetByUsername(targetUsername)
if result := <-a.Srv.Store.User().GetByUsername(targetUsername); result.Err != nil { if result.Err != nil {
mlog.Error(result.Err.Error()) mlog.Error(result.Err.Error())
return &model.CommandResponse{Text: args.T("api.command_remove.missing.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
} else { Text: args.T("api.command_remove.missing.app_error"),
userProfile = result.Data.(*model.User) ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
userProfile := result.Data.(*model.User)
if userProfile.DeleteAt != 0 {
return &model.CommandResponse{
Text: args.T("api.command_remove.missing.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
_, err = a.GetChannelMember(args.ChannelId, userProfile.Id) _, err = a.GetChannelMember(args.ChannelId, userProfile.Id)
if err != nil { if err != nil {
nameFormat := *a.Config().TeamSettings.TeammateNameDisplay nameFormat := *a.Config().TeamSettings.TeammateNameDisplay
return &model.CommandResponse{Text: args.T("api.command_remove.user_not_in_channel", map[string]interface{}{"Username": userProfile.GetDisplayName(nameFormat)}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T("api.command_remove.user_not_in_channel", map[string]interface{}{
"Username": userProfile.GetDisplayName(nameFormat),
}),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
if err = a.RemoveUserFromChannel(userProfile.Id, args.UserId, channel); err != nil { if err = a.RemoveUserFromChannel(userProfile.Id, args.UserId, channel); err != nil {
return &model.CommandResponse{Text: args.T(err.Id, map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL} return &model.CommandResponse{
Text: args.T(err.Id, map[string]interface{}{
"Channel": model.DEFAULT_CHANNEL,
}),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} }
return &model.CommandResponse{} return &model.CommandResponse{}
......
...@@ -106,4 +106,19 @@ func TestRemoveProviderDoCommand(t *testing.T) { ...@@ -106,4 +106,19 @@ func TestRemoveProviderDoCommand(t *testing.T) {
actual = rp.DoCommand(th.App, args, user1.Username).Text actual = rp.DoCommand(th.App, args, user1.Username).Text
assert.Equal(t, "api.command_remove.direct_group.app_error", actual) assert.Equal(t, "api.command_remove.direct_group.app_error", actual)
// Try a public channel with a deactivated user.
deactivatedUser := th.CreateUser()
th.App.AddUserToTeam(th.BasicTeam.Id, deactivatedUser.Id, deactivatedUser.Id)
th.App.AddUserToChannel(deactivatedUser, publicChannel)
th.App.UpdateActive(deactivatedUser, false)
args = &model.CommandArgs{
T: func(s string, args ...interface{}) string { return s },
ChannelId: publicChannel.Id,
Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: ""}}},
}
actual = rp.DoCommand(th.App, args, deactivatedUser.Username).Text
assert.Equal(t, "api.command_remove.missing.app_error", actual)
} }
...@@ -411,6 +411,10 @@ ...@@ -411,6 +411,10 @@
"id": "api.command_channel_purpose.update_channel.app_error", "id": "api.command_channel_purpose.update_channel.app_error",
"translation": "Error to update the current channel." "translation": "Error to update the current channel."
}, },
{
"id": "api.command_channel_remove.channel.app_error",
"translation": "Error retrieving the current channel."
},
{ {
"id": "api.command_channel_rename.channel.app_error", "id": "api.command_channel_rename.channel.app_error",
"translation": "Error to retrieve the current channel." "translation": "Error to retrieve the current channel."
...@@ -616,7 +620,7 @@ ...@@ -616,7 +620,7 @@
}, },
{ {
"id": "api.command_invite.missing_user.app_error", "id": "api.command_invite.missing_user.app_error",
"translation": "Unable to find the user." "translation": "We couldn't find the user. They may have been deactivated by the System Administrator."
}, },
{ {
"id": "api.command_invite.name", "id": "api.command_invite.name",
...@@ -824,7 +828,7 @@ ...@@ -824,7 +828,7 @@
}, },
{ {
"id": "api.command_remove.missing.app_error", "id": "api.command_remove.missing.app_error",
"translation": "Unable to find the user" "translation": "We couldn't find the user. They may have been deactivated by the System Administrator."
}, },
{ {
"id": "api.command_remove.name", "id": "api.command_remove.name",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment