Permissions integration tests (#2697)

* Initial permissions review infrastructure * Adding more tests cases * Modifying a bit the tests approach and adding more tests * Adding more tests * Adding more tests for permissions * Adding more tests * Adding more permissions tests * Adding more tests * Adding more permission checks * Adding more permissions tests * Adding more permission tests * Adding more tests * Adding subscriptions tests * Adding more permissions tests * Adding tests for read tokens in the files * Update APIs and fix unit tests * Fix linter errors * Auto-assign category id from the database (as expected because is serial/auto_increment integer field) * Revert "Auto-assign category id from the database (as expected because is serial/auto_increment integer field)" This reverts commit 5c98fd76a3. * Fixing Category scheme in postgres and MySQL * Removing restriction about the channel_id and add it to all the databases * Moving everything to a new migration * Fix bad merge (?) * Update 000021_fix_categories.up.sql Fix Postgres ALTER COLUMN syntax * Update 000021_fix_categories.down.sql Fix Postgres ALTER COLUMN syntax * Update 000021_fix_categories.up.sql Remove unnecessary, and unsupported MODIFY COLUMNs for SQLite. * Update 000021_fix_categories.up.sql Remove not null from categories.channel_id * Update 000021_fix_categories.down.sql Migrate down removing not null from categories.channel_id * Update 000021_fix_categories.up.sql Fix drop not null on categories.channel_id * Update 000021_fix_categories.down.sql Fix down migration of drop not null from categories.channel_id. * Restore default notification level to debug Co-authored-by: Chen-I Lim <chenilim@gmail.com> Co-authored-by: Chen-I Lim <46905241+chenilim@users.noreply.github.com>
2025-07-12 23:50:27 +02:00 · 2022-04-05 17:00:04 +02:00
parent 0cff6e10b1
commit a4ef8ec6bc
19 changed files with 3077 additions and 239 deletions
--- a/server/api/auth.go
+++ b/server/api/auth.go
@ -170,6 +170,11 @@ func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
 		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
 	}

+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
+		return
+	}
+
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
 		a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
@ -235,6 +240,11 @@ func (a *API) handleLogout(w http.ResponseWriter, r *http.Request) {
 		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
 	}

+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
+		return
+	}
+
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
 		a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
@ -288,6 +298,11 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
 		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
 	}

+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
+		return
+	}
+
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
 		a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
@ -390,6 +405,11 @@ func (a *API) handleChangePassword(w http.ResponseWriter, r *http.Request) {
 		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
 	}

+	if a.MattermostAuth {
+		a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
+		return
+	}
+
 	if len(a.singleUserToken) > 0 {
 		// Not permitted in single-user mode
 		a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)