Commit c420af16 by Leonard Gram

teams: editor/viewer team admin cant remove the last admin.

parent 246e1280
......@@ -67,6 +67,10 @@ func UpdateTeamMember(c *m.ReqContext, cmd m.UpdateTeamMemberCommand) Response {
return Error(403, "Not allowed to update team member", err)
}
if c.OrgRole != m.ROLE_ADMIN {
cmd.ProtectLastAdmin = true
}
cmd.TeamId = teamId
cmd.UserId = c.ParamsInt64(":userId")
cmd.OrgId = orgId
......@@ -91,7 +95,7 @@ func (hs *HTTPServer) RemoveTeamMember(c *m.ReqContext) Response {
}
protectLastAdmin := false
if c.OrgRole == m.ROLE_EDITOR {
if c.OrgRole != m.ROLE_ADMIN {
protectLastAdmin = true
}
......
......@@ -39,6 +39,7 @@ type UpdateTeamMemberCommand struct {
OrgId int64 `json:"-"`
TeamId int64 `json:"-"`
Permission PermissionType `json:"permission"`
ProtectLastAdmin bool `json:"-"`
}
type RemoveTeamMemberCommand struct {
......
......@@ -271,6 +271,18 @@ func UpdateTeamMember(cmd *m.UpdateTeamMemberCommand) error {
return m.ErrTeamMemberNotFound
}
if cmd.ProtectLastAdmin {
lastAdmin, err := isLastAdmin(sess, cmd.OrgId, cmd.TeamId, cmd.UserId)
if err != nil {
return err
}
if lastAdmin {
return m.ErrLastTeamAdmin
}
}
if cmd.Permission != m.PERMISSION_ADMIN {
cmd.Permission = 0
}
......
......@@ -190,11 +190,21 @@ func TestTeamCommandsAndQueries(t *testing.T) {
})
Convey("A user should be able to remove an admin if there are other admins", func() {
err = AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
err = RemoveTeamMember(&m.RemoveTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], ProtectLastAdmin: true})
So(err, ShouldEqual, nil)
})
Convey("A user should not be able to remove the admin permission for the last admin", func() {
err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
So(err, ShouldEqual, m.ErrLastTeamAdmin)
})
Convey("A user should be able to remove the admin permission if there are other admins", func() {
AddTeamMember(&m.AddTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[1], Permission: m.PERMISSION_ADMIN})
err = UpdateTeamMember(&m.UpdateTeamMemberCommand{OrgId: testOrgId, TeamId: group1.Result.Id, UserId: userIds[0], Permission: 0, ProtectLastAdmin: true})
So(err, ShouldEqual, nil)
})
})
Convey("Should be able to remove a group with users and permissions", func() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment