Commit 75c90740 authored by George Goldberg's avatar George Goldberg

MM-12110: Don't /invite or /kick deactivated users.

parent 1e9e30c2
......@@ -49,15 +49,21 @@ func (me *InviteProvider) DoCommand(a *App, args *model.CommandArgs, message str
targetUsername := splitMessage[0]
targetUsername = strings.TrimPrefix(targetUsername, "@")
var userProfile *model.User
if result := <-a.Srv.Store.User().GetByUsername(targetUsername); result.Err != nil {
result := <-a.Srv.Store.User().GetByUsername(targetUsername)
if result.Err != nil {
mlog.Error(result.Err.Error())
return &model.CommandResponse{
Text: args.T("api.command_invite.missing_user.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
} else {
userProfile = result.Data.(*model.User)
}
userProfile := result.Data.(*model.User)
if userProfile.DeleteAt != 0 {
return &model.CommandResponse{
Text: args.T("api.command_invite.missing_user.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
var channelToJoin *model.Channel
......
......@@ -23,6 +23,8 @@ func TestInviteProvider(t *testing.T) {
basicUser3 := th.CreateUser()
th.LinkUserToTeam(basicUser3, th.BasicTeam)
basicUser4 := th.CreateUser()
deactivatedUser := th.CreateUser()
th.App.UpdateActive(deactivatedUser, false)
InviteP := InviteProvider{}
args := &model.CommandArgs{
......@@ -38,6 +40,7 @@ func TestInviteProvider(t *testing.T) {
userAndPrivateChannel := "@" + th.BasicUser2.Username + " ~" + privateChannel.Name
userAndDMChannel := "@" + basicUser3.Username + " ~" + dmChannel.Name
userAndInvalidPrivate := "@" + basicUser3.Username + " ~" + privateChannel2.Name
deactivatedUserPublicChannel := "@" + deactivatedUser.Username + " ~" + channel.Name
tests := []struct {
desc string
......@@ -99,6 +102,11 @@ func TestInviteProvider(t *testing.T) {
expected: "api.command_invite.private_channel.app_error",
msg: userAndInvalidPrivate,
},
{
desc: "try to add a deleted user to a public channel",
expected: "api.command_invite.missing_user.app_error",
msg: deactivatedUserPublicChannel,
},
}
for _, test := range tests {
......
......@@ -67,24 +67,39 @@ func (me *KickProvider) DoCommand(a *App, args *model.CommandArgs, message strin
func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandResponse {
channel, err := a.GetChannel(args.ChannelId)
if err != nil {
return &model.CommandResponse{Text: args.T("api.command_channel_rename.channel.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T("api.command_channel_remove.channel.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
switch channel.Type {
case model.CHANNEL_OPEN:
if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS) {
return &model.CommandResponse{Text: args.T("api.command_remove.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T("api.command_remove.permission.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
case model.CHANNEL_PRIVATE:
if !a.SessionHasPermissionToChannel(args.Session, args.ChannelId, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS) {
return &model.CommandResponse{Text: args.T("api.command_remove.permission.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T("api.command_remove.permission.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
default:
return &model.CommandResponse{Text: args.T("api.command_remove.direct_group.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T("api.command_remove.direct_group.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
if len(message) == 0 {
return &model.CommandResponse{Text: args.T("api.command_remove.message.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T("api.command_remove.message.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
targetUsername := ""
......@@ -92,22 +107,40 @@ func doCommand(a *App, args *model.CommandArgs, message string) *model.CommandRe
targetUsername = strings.SplitN(message, " ", 2)[0]
targetUsername = strings.TrimPrefix(targetUsername, "@")
var userProfile *model.User
if result := <-a.Srv.Store.User().GetByUsername(targetUsername); result.Err != nil {
result := <-a.Srv.Store.User().GetByUsername(targetUsername)
if result.Err != nil {
mlog.Error(result.Err.Error())
return &model.CommandResponse{Text: args.T("api.command_remove.missing.app_error"), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
} else {
userProfile = result.Data.(*model.User)
return &model.CommandResponse{
Text: args.T("api.command_remove.missing.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
userProfile := result.Data.(*model.User)
if userProfile.DeleteAt != 0 {
return &model.CommandResponse{
Text: args.T("api.command_remove.missing.app_error"),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
_, err = a.GetChannelMember(args.ChannelId, userProfile.Id)
if err != nil {
nameFormat := *a.Config().TeamSettings.TeammateNameDisplay
return &model.CommandResponse{Text: args.T("api.command_remove.user_not_in_channel", map[string]interface{}{"Username": userProfile.GetDisplayName(nameFormat)}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T("api.command_remove.user_not_in_channel", map[string]interface{}{
"Username": userProfile.GetDisplayName(nameFormat),
}),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
if err = a.RemoveUserFromChannel(userProfile.Id, args.UserId, channel); err != nil {
return &model.CommandResponse{Text: args.T(err.Id, map[string]interface{}{"Channel": model.DEFAULT_CHANNEL}), ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL}
return &model.CommandResponse{
Text: args.T(err.Id, map[string]interface{}{
"Channel": model.DEFAULT_CHANNEL,
}),
ResponseType: model.COMMAND_RESPONSE_TYPE_EPHEMERAL,
}
}
return &model.CommandResponse{}
......
......@@ -106,4 +106,19 @@ func TestRemoveProviderDoCommand(t *testing.T) {
actual = rp.DoCommand(th.App, args, user1.Username).Text
assert.Equal(t, "api.command_remove.direct_group.app_error", actual)
// Try a public channel with a deactivated user.
deactivatedUser := th.CreateUser()
th.App.AddUserToTeam(th.BasicTeam.Id, deactivatedUser.Id, deactivatedUser.Id)
th.App.AddUserToChannel(deactivatedUser, publicChannel)
th.App.UpdateActive(deactivatedUser, false)
args = &model.CommandArgs{
T: func(s string, args ...interface{}) string { return s },
ChannelId: publicChannel.Id,
Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: ""}}},
}
actual = rp.DoCommand(th.App, args, deactivatedUser.Username).Text
assert.Equal(t, "api.command_remove.missing.app_error", actual)
}
......@@ -411,6 +411,10 @@
"id": "api.command_channel_purpose.update_channel.app_error",
"translation": "Error to update the current channel."
},
{
"id": "api.command_channel_remove.channel.app_error",
"translation": "Error retrieving the current channel."
},
{
"id": "api.command_channel_rename.channel.app_error",
"translation": "Error to retrieve the current channel."
......@@ -616,7 +620,7 @@
},
{
"id": "api.command_invite.missing_user.app_error",
"translation": "Unable to find the user."
"translation": "We couldn't find the user. They may have been deactivated by the System Administrator."
},
{
"id": "api.command_invite.name",
......@@ -824,7 +828,7 @@
},
{
"id": "api.command_remove.missing.app_error",
"translation": "Unable to find the user"
"translation": "We couldn't find the user. They may have been deactivated by the System Administrator."
},
{
"id": "api.command_remove.name",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment