Commit f506b769 authored by Harshil Sharma's avatar Harshil Sharma Committed by George Goldberg

#MM-12130 Added permission check for createServiceTerms API (#9556)

* #MM-12130 changes for custom service terms

* Fixed styling

* Added getServiceTerms API

* removed unnecessary panic

* removed custom service terms text from flat config

* reverted user sql store as those changes are no longer needed

* added tests

* Updated a config key to be more standard

* Added copyright info

* Loading service terms only if the feature is enabled

* Loading service terms only if the feature is enabled

* removed unused index

* added createservice termns API

* made a param to bool instead of string

* added createservice termns API

* review fixes

* fixed styling

* Minor refactoring

* removed saveConfig and loadConfig magic

* added empty service terms text check to createServiceTerms API

* refactoed some urls to be terms_of_service instead of service_terms

* removed check for support settings

* changed URLs in tests

* removed unused code

* fixed a bug

* added service termd id in conif

* fixed a test

* review fixes

* minor fixes

* Fixed TestCreateServiceTerms

* Fix incorrect key in en.json and changes some translations from service terms to terms of service

* Improved translated messages

* Added permission check in createServiceTerms API
parent 0c2bf28d
......@@ -25,6 +25,11 @@ func getServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createServiceTerms(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
if license := c.App.License(); license == nil || !*license.Features.CustomTermsOfService {
c.Err = model.NewAppError("createServiceTerms", "api.create_service_terms.custom_service_terms_disabled.app_error", nil, "", http.StatusBadRequest)
return
......
......@@ -30,15 +30,24 @@ func TestCreateServiceTerms(t *testing.T) {
defer th.TearDown()
Client := th.Client
serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id)
_, resp := Client.CreateServiceTerms("service terms new", th.BasicUser.Id)
CheckErrorMessage(t, resp, "api.context.permissions.app_error")
}
func TestCreateServiceTermsAdminUser(t *testing.T) {
th := Setup().InitSystemAdmin()
defer th.TearDown()
Client := th.SystemAdminClient
serviceTerms, resp := Client.CreateServiceTerms("service terms new", th.SystemAdminUser.Id)
CheckErrorMessage(t, resp, "api.create_service_terms.custom_service_terms_disabled.app_error")
th.App.SetLicense(model.NewTestLicense("EnableCustomServiceTerms"))
serviceTerms, resp = Client.CreateServiceTerms("service terms new", th.BasicUser.Id)
serviceTerms, resp = Client.CreateServiceTerms("service terms new_2", th.SystemAdminUser.Id)
CheckNoError(t, resp)
assert.NotEmpty(t, serviceTerms.Id)
assert.NotEmpty(t, serviceTerms.CreateAt)
assert.Equal(t, "service terms new", serviceTerms.Text)
assert.Equal(t, th.BasicUser.Id, serviceTerms.UserId)
assert.Equal(t, "service terms new_2", serviceTerms.Text)
assert.Equal(t, th.SystemAdminUser.Id, serviceTerms.UserId)
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment