diff options
| author | Christopher Speller <crspeller@gmail.com> | 2016-11-01 12:05:48 -0400 |
|---|---|---|
| committer | Corey Hulen <corey@hulen.com> | 2016-11-01 09:05:48 -0700 |
| commit | aa6cb03b2042ff0f11e7c418ad2535eccc29d218 (patch) | |
| tree | 43cf15ffe933790fb6c53f6cdabf8ddac2cad7c8 | |
| parent | 92642bab6852d02e6b58f881ac909788299d0c5c (diff) | |
| download | chat-aa6cb03b2042ff0f11e7c418ad2535eccc29d218.tar.gz chat-aa6cb03b2042ff0f11e7c418ad2535eccc29d218.tar.bz2 chat-aa6cb03b2042ff0f11e7c418ad2535eccc29d218.zip | |
Prevent system_admin role mistake (#4405)
| -rw-r--r-- | api/user_test.go | 4 | ||||
| -rw-r--r-- | mattermost.go | 13 | ||||
| -rw-r--r-- | model/user.go | 5 |
3 files changed, 20 insertions, 2 deletions
diff --git a/api/user_test.go b/api/user_test.go index 20c555931..2c6238c54 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -986,6 +986,10 @@ func TestUserUpdateRoles(t *testing.T) { t.Fatal("Should have errored, bad id") } + if _, err := Client.UpdateUserRoles("system_admin", ""); err == nil { + t.Fatal("Should have errored, we want to avoid this mistake") + } + if _, err := Client.UpdateUserRoles("12345678901234567890123456", ""); err == nil { t.Fatal("Should have errored, bad id") } diff --git a/mattermost.go b/mattermost.go index 6d80f19e7..50427450a 100644 --- a/mattermost.go +++ b/mattermost.go @@ -706,6 +706,15 @@ func cmdAssignRole() { os.Exit(1) } + // Do some conversions + if flagRole == "system_admin" { + flagRole = "system_user system_admin" + } + + if flagRole == "" { + flagRole = "system_user" + } + if !model.IsValidUserRoles(flagRole) { fmt.Fprintln(os.Stderr, "flag invalid argument: -role") flag.Usage() @@ -1527,7 +1536,7 @@ FLAGS: -role="system_admin" The role used in other commands valid values are - "" - The empty role is basic user + "system_user" - Is basic user permissions "system_admin" - Represents a system admin who has access to all teams @@ -1572,7 +1581,7 @@ COMMANDS: -assign_role Assigns role to a user. It requires the -role and -email flag. You may need to log out of your current sessions for the new role to be - applied. + applied. For system admin use "system_admin". For Regular user just use "system_user". Example: platform -assign_role -email="user@example.com" -role="system_admin" diff --git a/model/user.go b/model/user.go index f5edf302f..330d26d82 100644 --- a/model/user.go +++ b/model/user.go @@ -337,6 +337,11 @@ func IsValidUserRoles(userRoles string) bool { } } + // Exclude just the system_admin role explicitly to prevent mistakes + if len(roles) == 1 && roles[0] == "system_admin" { + return false + } + return true } |