Commit fadd9514 authored by Joram Wilander's avatar Joram Wilander Committed by GitHub

PLT-7718 Patch for files (#7564)

* Patch for files

* Fix merge

* Fix tests

* Fix another test
parent fa80cb10
......@@ -24,7 +24,7 @@ import (
)
func TestUploadFile(t *testing.T) {
th := Setup().InitBasic()
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
if *utils.Cfg.FileSettings.DriverName == "" {
......@@ -38,7 +38,9 @@ func TestUploadFile(t *testing.T) {
channel := th.BasicChannel
var uploadInfo *model.FileInfo
if data, err := readTestFile("test.png"); err != nil {
var data []byte
var err error
if data, err = readTestFile("test.png"); err != nil {
t.Fatal(err)
} else if resp, err := Client.UploadPostAttachment(data, channel.Id, "test.png"); err != nil {
t.Fatal(err)
......@@ -103,6 +105,22 @@ func TestUploadFile(t *testing.T) {
t.Fatalf("file preview should've been saved in %v", expectedPreviewPath)
}
if _, err := Client.UploadPostAttachment(data, model.NewId(), "test.png"); err == nil || err.StatusCode != http.StatusForbidden {
t.Fatal("should have failed - bad channel id")
}
if _, err := Client.UploadPostAttachment(data, "../../junk", "test.png"); err == nil || err.StatusCode != http.StatusForbidden {
t.Fatal("should have failed - bad channel id")
}
if _, err := th.SystemAdminClient.UploadPostAttachment(data, model.NewId(), "test.png"); err == nil || err.StatusCode != http.StatusForbidden {
t.Fatal("should have failed - bad channel id")
}
if _, err := th.SystemAdminClient.UploadPostAttachment(data, "../../junk", "test.png"); err == nil || err.StatusCode != http.StatusForbidden {
t.Fatal("should have failed - bad channel id")
}
enableFileAttachments := *utils.Cfg.FileSettings.EnableFileAttachments
defer func() {
*utils.Cfg.FileSettings.EnableFileAttachments = enableFileAttachments
......
......@@ -1475,7 +1475,7 @@ func TestGetChannelUnread(t *testing.T) {
CheckNoError(t, resp)
_, resp = th.SystemAdminClient.GetChannelUnread(model.NewId(), user.Id)
CheckNotFoundStatus(t, resp)
CheckForbiddenStatus(t, resp)
_, resp = th.SystemAdminClient.GetChannelUnread(channel.Id, model.NewId())
CheckNotFoundStatus(t, resp)
......
......@@ -102,6 +102,15 @@ func TestUploadFile(t *testing.T) {
_, resp := Client.UploadFile(data, model.NewId(), "test.png")
CheckForbiddenStatus(t, resp)
_, resp = Client.UploadFile(data, "../../junk", "test.png")
CheckForbiddenStatus(t, resp)
_, resp = th.SystemAdminClient.UploadFile(data, model.NewId(), "test.png")
CheckForbiddenStatus(t, resp)
_, resp = th.SystemAdminClient.UploadFile(data, "../../junk", "test.png")
CheckForbiddenStatus(t, resp)
_, resp = th.SystemAdminClient.UploadFile(data, channel.Id, "test.png")
CheckNoError(t, resp)
......
......@@ -391,11 +391,7 @@ func TestGetOutgoingWebhooks(t *testing.T) {
}
hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
CheckNoError(t, resp)
if len(hooks) != 0 {
t.Fatal("no hooks should be returned")
}
CheckForbiddenStatus(t, resp)
_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
CheckForbiddenStatus(t, resp)
......
......@@ -4,6 +4,7 @@
package app
import (
"net/http"
"strings"
l4g "github.com/alecthomas/log4go"
......@@ -50,6 +51,8 @@ func (a *App) SessionHasPermissionToChannel(session model.Session, channelId str
channel, err := a.GetChannel(channelId)
if err == nil && channel.TeamId != "" {
return SessionHasPermissionToTeam(session, channel.TeamId, permission)
} else if err != nil && err.StatusCode == http.StatusNotFound {
return false
}
return SessionHasPermissionTo(session, permission)
......
......@@ -291,8 +291,11 @@ func (a *App) UploadFiles(teamId string, channelId string, userId string, fileHe
return resStruct, nil
}
func (a *App) DoUploadFile(now time.Time, teamId string, channelId string, userId string, rawFilename string, data []byte) (*model.FileInfo, *model.AppError) {
func (a *App) DoUploadFile(now time.Time, rawTeamId string, rawChannelId string, rawUserId string, rawFilename string, data []byte) (*model.FileInfo, *model.AppError) {
filename := filepath.Base(rawFilename)
teamId := filepath.Base(rawTeamId)
channelId := filepath.Base(rawChannelId)
userId := filepath.Base(rawUserId)
info, err := model.GetInfoForBytes(filename, data)
if err != nil {
......
......@@ -85,4 +85,18 @@ func TestDoUploadFile(t *testing.T) {
if info3.Path != fmt.Sprintf("20080305/teams/%v/channels/%v/users/%v/%v/%v", teamId, channelId, userId, info3.Id, filename) {
t.Fatal("stored file at incorrect path", info3.Path)
}
info4, err := th.App.DoUploadFile(time.Date(2009, 3, 5, 1, 2, 3, 4, time.Local), "../../"+teamId, "../../"+channelId, "../../"+userId, "../../"+filename, data)
if err != nil {
t.Fatal(err)
} else {
defer func() {
<-th.App.Srv.Store.FileInfo().PermanentDelete(info3.Id)
utils.RemoveFile(info3.Path)
}()
}
if info4.Path != fmt.Sprintf("20090305/teams/%v/channels/%v/users/%v/%v/%v", teamId, channelId, userId, info4.Id, filename) {
t.Fatal("stored file at incorrect path", info4.Path)
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment