[MM-223] Fixing Post Permissions Access #233
Conversation
|
Hello @vicky-demansol, Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here. |
|
Please note that there are CI failures occurring in this PR, including tests failing:
|
|
/update-branch |
There was a problem hiding this comment.
Per https://community-daily.mattermost.com/core/pl/os7iatp5jifhzbgssqw8gxu3xw the CI issues are unrelated. Approving as it is.
hanzei
added
3: QA Review
| @@ -303,6 +303,10 @@ func (p *Plugin) postMeeting(creator *model.User, meetingID int, channelID strin | |||
| topic = defaultMeetingTopic | |||
| } | |||
|
|
|||
| if !p.API.HasPermissionToChannel(creator.Id, channelID, model.PERMISSION_CREATE_POST) { | |||
| return errors.New("this channel is not accessible, you might not have permissions to write in this channel. Contact the administrator of this channel to find out if you have access permissions") | |||
There was a problem hiding this comment.
@vicky-demansol We still need a unit test that covers the inside of this if statement
There was a problem hiding this comment.
I was add the unit test but the server response will return http code = 500, this response could be it returned as "forbidden" or "unauthorized"
There was a problem hiding this comment.
Hi @vicky-demansol, please make sure you mention the person you're replying to on GitHub issues/PRs, so we can stay up-to-date on discussions like this.
I was add the unit test but the server response will return http code = 500, this response could be it returned as "forbidden" or "unauthorized"
Can we create a unit test just to cover that this line will run? If it take a lot of restructure to accomplish changing the response code, let's just make sure this error occurs in general.
There was a problem hiding this comment.
@mickmister i was trying, if we want to get http code error need to use appError but i don't think this function can use in general, but this code on code coverage was covered
|
Thanks for participating in Hacktoberfest! You can claim your sticker set here: https://get.printfection.com/hacktober21/4144583267 @vicky-demansol |
|
@hanzei i tested this and its working but i have some question so after a call with @DHaussermann i will add the final review at the end of the day. |
hanzei
added
4: Reviews Complete
* Cross-plugin task: Enable the CircleCI "test" job in each plugin repo that has a webapp plugin (#237) Co-authored-by: maisnamrajusingh <[email protected]> * [MM-223] Fixing Post Permissions Access (#233) * For non-cloud plugin settings, set hosting property to `on-prem` (#269) * set hosting to on-prem for `Enable OAuth`, `APIKey`, and `APISecret` plugin settings * use actual server commit * force oauth to be used when using cloud version of the plugin * bump go mod version * test circleci config * remove references to plugin-ci * bump Go version in circleci * use cimg * add other cimg changes * go mod tidy * revert circleci changes * revert build/go.mod changes so we are using the old server version * extend manifest struct to support hosting field * Revert "extend manifest struct to support hosting field" This reverts commit b862b40. * revert all go mod changes * remove manifest field name restriction * add comment explaining commented out code * reorder conditions for readability * Fix OAuth token refresh (#253) * avoid refreshing token if an error occurs while fetching current token * pass in firstConnect bool * lint * explicitly assign firstConnect boolean to local variable * ensure oauth token is decrypted when fetched from the kv store * rename functions * wrap account level token refresh in firstConnect block as well * Cherrypick "Correct docs and cleanup screenshots" * Revert "Cherrypick "Correct docs and cleanup screenshots"" This reverts commit 7164075. * preserve access token when saving encrypted version * use refresh token for check Co-authored-by: Mattermod <[email protected]> Co-authored-by: Ben Schumacher <[email protected]> Co-authored-by: Daniel Espino García <[email protected]> * bump to 1.6.1 * add GetLicense call in test * check nil license features (#277) Co-authored-by: sibasankarnayak <[email protected]> Co-authored-by: maisnamrajusingh <[email protected]> Co-authored-by: Jupri Abel <[email protected]> Co-authored-by: Mattermod <[email protected]> Co-authored-by: Ben Schumacher <[email protected]> Co-authored-by: Daniel Espino García <[email protected]>
Summary
Prevent user post zoom call if channel permissions make member with read-only permissions
Ticket Link
#223