Add test case to ensure team owners can't delete rooms they don't own

apps/meteor/tests/end-to-end/api/02-channels.js

@@ -1835,6 +1835,22 @@ describe('[Channels]', function () {
 					expect(res.body.errorType).to.be.equal('error-not-allowed');
 				});
 		});
+		it(`should fail deleting a team's channel when member has the necessary permission in the team, but not in the deleted room`, async () => {
+			await request
+				.post(api('channels.delete'))
+				.set(moderatorUserCredentials)
+				.send({
+					roomName: testTeamChannel.name,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(400)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', false);
+					expect(res.body).to.have.a.property('error');
+					expect(res.body).to.have.a.property('errorType');
+					expect(res.body.errorType).to.be.equal('error-not-allowed');
+				});
+		});
 		it(`should successfully delete a team's channel when member has both team and channel permissions`, async () => {
 			await request
 				.post(api('channels.delete'))

apps/meteor/tests/end-to-end/api/03-groups.js

@@ -1723,6 +1723,22 @@ describe('[Groups]', function () {
 					expect(res.body.errorType).to.be.equal('error-not-allowed');
 				});
 		});
+		it(`should fail deleting a team's group when member has the necessary permission in the team, but not in the deleted room`, async () => {
+			await request
+				.post(api('groups.delete'))
+				.set(moderatorUserCredentials)
+				.send({
+					roomName: testTeamGroup.name,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(400)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', false);
+					expect(res.body).to.have.a.property('error');
+					expect(res.body).to.have.a.property('errorType');
+					expect(res.body.errorType).to.be.equal('error-not-allowed');
+				});
+		});
 		it(`should successfully delete a team's group when member has both team and group permissions`, async () => {
 			await request
 				.post(api('groups.delete'))