@@ -149,18 +149,106 @@ func TestCreateChannel(t *testing.T) {
149149 t .Run ("Test create channel with missing team id" , func (t * testing.T ) {
150150 channel := & model.Channel {DisplayName : "Test API Name" , Name : GenerateTestChannelName (), Type : model .ChannelTypeOpen , TeamId : "" }
151151
152- _ , resp , err : =client .CreateChannel (context .Background (), channel )
152+ _ , resp , err = client .CreateChannel (context .Background (), channel )
153153 CheckErrorID (t , err , "api.context.invalid_body_param.app_error" )
154154 CheckBadRequestStatus (t , resp )
155155 })
156156
157157 t .Run ("Test create channel with missing display name" , func (t * testing.T ) {
158158 channel := & model.Channel {DisplayName : "" , Name : GenerateTestChannelName (), Type : model .ChannelTypeOpen , TeamId : team .Id }
159159
160- _ , resp , err : =client .CreateChannel (context .Background (), channel )
160+ _ , resp , err = client .CreateChannel (context .Background (), channel )
161161 CheckErrorID (t , err , "api.context.invalid_body_param.app_error" )
162162 CheckBadRequestStatus (t , resp )
163163 })
164+
165+ t .Run ("Guest users" , func (t * testing.T ) {
166+ th .App .Srv ().SetLicense (model .NewTestLicenseSKU (model .LicenseShortSkuEnterprise ))
167+ th .App .UpdateConfig (func (cfg * model.Config ) { * cfg .GuestAccountsSettings .Enable = true })
168+ th .App .UpdateConfig (func (cfg * model.Config ) { * cfg .GuestAccountsSettings .AllowEmailAccounts = true })
169+
170+ guestUser := th .CreateUser ()
171+ appErr := th .App .VerifyUserEmail (guestUser .Id , guestUser .Email )
172+ require .Nil (t , appErr )
173+
174+ appErr = th .App .DemoteUserToGuest (th .Context , guestUser )
175+ require .Nil (t , appErr )
176+
177+ _ , _ , appErr = th .App .AddUserToTeam (th .Context , th .BasicTeam .Id , guestUser .Id , "" )
178+ require .Nil (t , appErr )
179+
180+ guestClient := th .CreateClient ()
181+ _ , _ , err := guestClient .Login (context .Background (), guestUser .Username , guestUser .Password )
182+ require .NoError (t , err )
183+ t .Cleanup (func () {
184+ _ , lErr := guestClient .Logout (context .Background ())
185+ require .NoError (t , lErr )
186+ })
187+
188+ userOutsideOfChannels := th .CreateUser ()
189+ _ , _ , err = th .Client .AddTeamMember (context .Background (), team .Id , userOutsideOfChannels .Id )
190+ require .NoError (t , err )
191+
192+ public := & model.Channel {DisplayName : "Test API Name" , Name : GenerateTestChannelName (), Type : model .ChannelTypeOpen , TeamId : team .Id }
193+ private := & model.Channel {DisplayName : "Test API Name" , Name : GenerateTestChannelName (), Type : model .ChannelTypePrivate , TeamId : team .Id }
194+
195+ t .Run ("Guest user should not be able to create channels" , func (t * testing.T ) {
196+ _ , resp , err = guestClient .CreateChannel (context .Background (), public )
197+ require .Error (t , err )
198+ CheckForbiddenStatus (t , resp )
199+
200+ private .Name = GenerateTestChannelName ()
201+ _ , resp , err = guestClient .CreateChannel (context .Background (), private )
202+ require .Error (t , err )
203+ CheckForbiddenStatus (t , resp )
204+ })
205+
206+ t .Run ("Guest user should not be able to add channel members if they have no common channels" , func (t * testing.T ) {
207+ // Now actually create the channels with the main client
208+ public , _ , err = th .Client .CreateChannel (context .Background (), public )
209+ require .NoError (t , err )
210+ private , _ , err = th .Client .CreateChannel (context .Background (), private )
211+ require .NoError (t , err )
212+
213+ // Add the guest user to the private channel
214+ _ , _ , err = th .Client .AddChannelMember (context .Background (), private .Id , guestUser .Id )
215+ require .NoError (t , err )
216+
217+ // Verify that the guest user can access the private channel they were added to
218+ _ , _ , err = guestClient .GetChannel (context .Background (), private .Id , "" )
219+ require .NoError (t , err )
220+
221+ // Verify that the guest user cannot add members to the private channel
222+ _ , resp , err = guestClient .AddChannelMember (context .Background (), private .Id , userOutsideOfChannels .Id )
223+ require .Error (t , err )
224+ CheckForbiddenStatus (t , resp )
225+
226+ // Add the guest user to the public channel
227+ _ , _ , err = th .Client .AddChannelMember (context .Background (), public .Id , guestUser .Id )
228+ require .NoError (t , err )
229+
230+ // Verify that the guest user can access the public channel they were added to
231+ _ , _ , err = guestClient .GetChannel (context .Background (), public .Id , "" )
232+ require .NoError (t , err )
233+
234+ // Verify that the guest user cannot add members to the public channel
235+ _ , resp , err = guestClient .AddChannelMember (context .Background (), public .Id , userOutsideOfChannels .Id )
236+ require .Error (t , err )
237+ CheckForbiddenStatus (t , resp )
238+
239+ // Update team guest permissions to allow creating private channels
240+ th .AddPermissionToRole (model .PermissionCreatePrivateChannel .Id , model .TeamGuestRoleId )
241+ privateGuest := & model.Channel {DisplayName : "Test API Name" , Name : GenerateTestChannelName (), Type : model .ChannelTypePrivate , TeamId : team .Id }
242+ privateGuest , resp , err = guestClient .CreateChannel (context .Background (), privateGuest )
243+ require .NoError (t , err )
244+ CheckCreatedStatus (t , resp )
245+
246+ // Verify that the guest user can't add users they have no visibility to
247+ _ , resp , err = guestClient .AddChannelMember (context .Background (), privateGuest .Id , userOutsideOfChannels .Id )
248+ require .Error (t , err )
249+ CheckForbiddenStatus (t , resp )
250+ })
251+ })
164252}
165253
166254func TestUpdateChannel (t * testing.T ) {
0 commit comments