Unverified Commit 0291730c authored by Jesús Espino's avatar Jesús Espino Committed by GitHub
Browse files

MM-11270: Forbid react/de-react in archived channels (#9323)

parent 7a3cf112
......@@ -192,13 +192,36 @@ func TestSaveReaction(t *testing.T) {
_, resp := Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 3 {
t.Fatal("should have not created a reactions")
if reactions, err := th.App.GetReactionsForPost(post.Id); err != nil || len(reactions) != 0 {
t.Fatal("should have not created a reaction")
}
th.App.RemoveLicense()
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = false })
})
t.Run("unable-to-react-in-an-archived-channel", func(t *testing.T) {
th.LoginBasic()
channel := th.CreatePublicChannel()
post := th.CreatePostWithClient(th.Client, channel)
reaction := &model.Reaction{
UserId: userId,
PostId: post.Id,
EmojiName: "smile",
}
err := th.App.DeleteChannel(channel, userId)
assert.Nil(t, err)
_, resp := Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(post.Id); err != nil || len(reactions) != 0 {
t.Fatal("should have not created a reaction")
}
})
}
func TestGetReactions(t *testing.T) {
......@@ -498,7 +521,7 @@ func TestDeleteReaction(t *testing.T) {
CheckNoError(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("should have created a reactions")
t.Fatal("should have created a reaction")
}
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = true })
......@@ -507,10 +530,40 @@ func TestDeleteReaction(t *testing.T) {
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("should have not deleted a reactions")
t.Fatal("should have not deleted a reaction")
}
th.App.RemoveLicense()
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.ExperimentalTownSquareIsReadOnly = false })
})
t.Run("unable-to-delete-reactions-in-an-archived-channel", func(t *testing.T) {
th.LoginBasic()
channel := th.CreatePublicChannel()
post := th.CreatePostWithClient(th.Client, channel)
reaction := &model.Reaction{
UserId: userId,
PostId: post.Id,
EmojiName: "smile",
}
r1, resp := Client.SaveReaction(reaction)
CheckNoError(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("should have created a reaction")
}
err := th.App.DeleteChannel(channel, userId)
assert.Nil(t, err)
_, resp = Client.SaveReaction(r1)
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(post.Id); err != nil || len(reactions) != 1 {
t.Fatal("should have not deleted a reaction")
}
})
}
......@@ -15,43 +15,46 @@ func (a *App) SaveReactionForPost(reaction *model.Reaction) (*model.Reaction, *m
return nil, err
}
if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly {
var channel *model.Channel
if channel, err = a.GetChannel(post.ChannelId); err != nil {
channel, err := a.GetChannel(post.ChannelId)
if err != nil {
return nil, err
}
if channel.DeleteAt > 0 {
return nil, model.NewAppError("deleteReactionForPost", "api.reaction.save.archived_channel.app_error", nil, "", http.StatusForbidden)
}
if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly && channel.Name == model.DEFAULT_CHANNEL {
user, err := a.GetUser(reaction.UserId)
if err != nil {
return nil, err
}
if channel.Name == model.DEFAULT_CHANNEL {
var user *model.User
if user, err = a.GetUser(reaction.UserId); err != nil {
return nil, err
}
if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
return nil, model.NewAppError("saveReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden)
}
if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
return nil, model.NewAppError("saveReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden)
}
}
if result := <-a.Srv.Store.Reaction().Save(reaction); result.Err != nil {
result := <-a.Srv.Store.Reaction().Save(reaction)
if result.Err != nil {
return nil, result.Err
} else {
reaction = result.Data.(*model.Reaction)
}
a.Go(func() {
a.sendReactionEvent(model.WEBSOCKET_EVENT_REACTION_ADDED, reaction, post, true)
})
reaction = result.Data.(*model.Reaction)
return reaction, nil
}
a.Go(func() {
a.sendReactionEvent(model.WEBSOCKET_EVENT_REACTION_ADDED, reaction, post, true)
})
return reaction, nil
}
func (a *App) GetReactionsForPost(postId string) ([]*model.Reaction, *model.AppError) {
if result := <-a.Srv.Store.Reaction().GetForPost(postId, true); result.Err != nil {
result := <-a.Srv.Store.Reaction().GetForPost(postId, true)
if result.Err != nil {
return nil, result.Err
} else {
return result.Data.([]*model.Reaction), nil
}
return result.Data.([]*model.Reaction), nil
}
func (a *App) DeleteReactionForPost(reaction *model.Reaction) *model.AppError {
......@@ -60,21 +63,23 @@ func (a *App) DeleteReactionForPost(reaction *model.Reaction) *model.AppError {
return err
}
if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly {
var channel *model.Channel
if channel, err = a.GetChannel(post.ChannelId); err != nil {
channel, err := a.GetChannel(post.ChannelId)
if err != nil {
return err
}
if channel.DeleteAt > 0 {
return model.NewAppError("deleteReactionForPost", "api.reaction.delete.archived_channel.app_error", nil, "", http.StatusForbidden)
}
if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly && channel.Name == model.DEFAULT_CHANNEL {
user, err := a.GetUser(reaction.UserId)
if err != nil {
return err
}
if channel.Name == model.DEFAULT_CHANNEL {
var user *model.User
if user, err = a.GetUser(reaction.UserId); err != nil {
return err
}
if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
return model.NewAppError("deleteReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden)
}
if !a.RolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
return model.NewAppError("deleteReactionForPost", "api.reaction.town_square_read_only", nil, "", http.StatusForbidden)
}
}
......@@ -85,12 +90,12 @@ func (a *App) DeleteReactionForPost(reaction *model.Reaction) *model.AppError {
if result := <-a.Srv.Store.Reaction().Delete(reaction); result.Err != nil {
return result.Err
} else {
a.Go(func() {
a.sendReactionEvent(model.WEBSOCKET_EVENT_REACTION_REMOVED, reaction, post, hasReactions)
})
}
a.Go(func() {
a.sendReactionEvent(model.WEBSOCKET_EVENT_REACTION_REMOVED, reaction, post, hasReactions)
})
return nil
}
......
......@@ -1434,6 +1434,14 @@
"id": "api.preference.update_preferences.set.app_error",
"translation": "Unable to set user preferences."
},
{
"id": "api.reaction.delete.archived_channel.app_error",
"translation": "You cannot remove a reaction in an archived channel."
},
{
"id": "api.reaction.save.archived_channel.app_error",
"translation": "You cannot react in an archived channel."
},
{
"id": "api.reaction.save_reaction.invalid.app_error",
"translation": "Reaction is not valid."
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment