diff options
author | George Goldberg <george@gberg.me> | 2016-12-21 19:18:41 +0000 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2016-12-21 11:18:41 -0800 |
commit | dce4205699bed68046f9dc6ed371ad959d93ee59 (patch) | |
tree | 7bd2d857ee9786ec59b782c52ffc5f59c0853728 | |
parent | f0f53260984a210f44458d86ed5ac9e3afb3f363 (diff) | |
download | chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.gz chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.bz2 chat-dce4205699bed68046f9dc6ed371ad959d93ee59.zip |
PLT-4990 - Server: Split out channel permissions to Create/Manage/Delete (#4864)
* Server side changes.
* Fix unit tests and default config.
-rw-r--r-- | api/channel_test.go | 24 | ||||
-rw-r--r-- | config/config.json | 4 | ||||
-rw-r--r-- | model/config.go | 28 | ||||
-rw-r--r-- | utils/authorization.go | 66 | ||||
-rw-r--r-- | utils/config.go | 4 |
5 files changed, 108 insertions, 18 deletions
diff --git a/api/channel_test.go b/api/channel_test.go index c916a27cf..ae4573c9c 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -121,8 +121,8 @@ func TestCreateChannel(t *testing.T) { t.Fatal(err) } - *utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN - *utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN + *utils.Cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_TEAM_ADMIN + *utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_TEAM_ADMIN utils.SetDefaultRolesBasedOnConfig() channel2.Name = "a" + model.NewId() + "a" @@ -146,8 +146,8 @@ func TestCreateChannel(t *testing.T) { t.Fatal(err) } - *utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_SYSTEM_ADMIN - *utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_SYSTEM_ADMIN + *utils.Cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_SYSTEM_ADMIN + *utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_SYSTEM_ADMIN utils.SetDefaultRolesBasedOnConfig() channel2.Name = "a" + model.NewId() + "a" @@ -167,6 +167,10 @@ func TestCreateChannel(t *testing.T) { if _, err := SystemAdminClient.CreateChannel(channel3); err != nil { t.Fatal(err) } + + *utils.Cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_ALL + *utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_ALL + utils.SetDefaultRolesBasedOnConfig() } func TestCreateDirectChannel(t *testing.T) { @@ -1161,8 +1165,8 @@ func TestDeleteChannel(t *testing.T) { t.Fatal(err) } - *utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN - *utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN + *utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_TEAM_ADMIN + *utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_TEAM_ADMIN utils.SetDefaultRolesBasedOnConfig() th.LoginSystemAdmin() @@ -1193,8 +1197,8 @@ func TestDeleteChannel(t *testing.T) { t.Fatal(err) } - *utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_SYSTEM_ADMIN - *utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_SYSTEM_ADMIN + *utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_SYSTEM_ADMIN + *utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_SYSTEM_ADMIN utils.SetDefaultRolesBasedOnConfig() th.LoginSystemAdmin() @@ -1226,6 +1230,10 @@ func TestDeleteChannel(t *testing.T) { if _, err := Client.DeleteChannel(channel3.Id); err != nil { t.Fatal(err) } + + *utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_ALL + *utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_ALL + utils.SetDefaultRolesBasedOnConfig() } func TestGetChannelStats(t *testing.T) { diff --git a/config/config.json b/config/config.json index 2209a9656..649081597 100644 --- a/config/config.json +++ b/config/config.json @@ -49,8 +49,12 @@ "CustomDescriptionText": "", "RestrictDirectMessage": "any", "RestrictTeamInvite": "all", + "RestrictPublicChannelCreation": "all", + "RestrictPrivateChannelCreation": "all", "RestrictPublicChannelManagement": "all", "RestrictPrivateChannelManagement": "all", + "RestrictPublicChannelDeletion": "all", + "RestrictPrivateChannelDeletion": "all", "UserStatusAwayTimeout": 300, "MaxChannelsPerTeam": 2000, "MaxNotificationsPerChannel": 1000 diff --git a/model/config.go b/model/config.go index 0a3fcb33e..29fa995fd 100644 --- a/model/config.go +++ b/model/config.go @@ -226,6 +226,10 @@ type TeamSettings struct { RestrictTeamInvite *string RestrictPublicChannelManagement *string RestrictPrivateChannelManagement *string + RestrictPublicChannelCreation *string + RestrictPrivateChannelCreation *string + RestrictPublicChannelDeletion *string + RestrictPrivateChannelDeletion *string UserStatusAwayTimeout *int64 MaxChannelsPerTeam *int64 MaxNotificationsPerChannel *int64 @@ -507,6 +511,30 @@ func (o *Config) SetDefaults() { *o.TeamSettings.RestrictPrivateChannelManagement = PERMISSIONS_ALL } + if o.TeamSettings.RestrictPublicChannelCreation == nil { + o.TeamSettings.RestrictPublicChannelCreation = new(string) + // If this setting does not exist, assume migration from <3.6, so use management setting as default. + *o.TeamSettings.RestrictPublicChannelCreation = *o.TeamSettings.RestrictPublicChannelManagement + } + + if o.TeamSettings.RestrictPrivateChannelCreation == nil { + o.TeamSettings.RestrictPrivateChannelCreation = new(string) + // If this setting does not exist, assume migration from <3.6, so use management setting as default. + *o.TeamSettings.RestrictPrivateChannelCreation = *o.TeamSettings.RestrictPrivateChannelManagement + } + + if o.TeamSettings.RestrictPublicChannelDeletion == nil { + o.TeamSettings.RestrictPublicChannelDeletion = new(string) + // If this setting does not exist, assume migration from <3.6, so use management setting as default. + *o.TeamSettings.RestrictPublicChannelDeletion = *o.TeamSettings.RestrictPublicChannelManagement + } + + if o.TeamSettings.RestrictPrivateChannelDeletion == nil { + o.TeamSettings.RestrictPrivateChannelDeletion = new(string) + // If this setting does not exist, assume migration from <3.6, so use management setting as default. + *o.TeamSettings.RestrictPrivateChannelDeletion = *o.TeamSettings.RestrictPrivateChannelManagement + } + if o.TeamSettings.UserStatusAwayTimeout == nil { o.TeamSettings.UserStatusAwayTimeout = new(int64) *o.TeamSettings.UserStatusAwayTimeout = 300 diff --git a/utils/authorization.go b/utils/authorization.go index 23a7673fe..75f92062d 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -9,46 +9,92 @@ func SetDefaultRolesBasedOnConfig() { // Reset the roles to default to make this logic easier model.InitalizeRoles() + switch *Cfg.TeamSettings.RestrictPublicChannelCreation { + case model.PERMISSIONS_ALL: + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + } + switch *Cfg.TeamSettings.RestrictPublicChannelManagement { case model.PERMISSIONS_ALL: - model.ROLE_CHANNEL_USER.Permissions = append( - model.ROLE_CHANNEL_USER.Permissions, + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, ) + break + } + + switch *Cfg.TeamSettings.RestrictPublicChannelDeletion { + case model.PERMISSIONS_ALL: model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, ) break case model.PERMISSIONS_TEAM_ADMIN: model.ROLE_TEAM_ADMIN.Permissions = append( model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + } + + switch *Cfg.TeamSettings.RestrictPrivateChannelCreation { + case model.PERMISSIONS_ALL: + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break } switch *Cfg.TeamSettings.RestrictPrivateChannelManagement { case model.PERMISSIONS_ALL: - model.ROLE_CHANNEL_USER.Permissions = append( - model.ROLE_CHANNEL_USER.Permissions, + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, ) + break + } + + switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion { + case model.PERMISSIONS_ALL: model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, - model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break case model.PERMISSIONS_TEAM_ADMIN: model.ROLE_TEAM_ADMIN.Permissions = append( model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, - model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break } diff --git a/utils/config.go b/utils/config.go index c06223e6c..ab149d55f 100644 --- a/utils/config.go +++ b/utils/config.go @@ -238,8 +238,12 @@ func getClientConfig(c *model.Config) map[string]string { props["EnableOpenServer"] = strconv.FormatBool(*c.TeamSettings.EnableOpenServer) props["RestrictDirectMessage"] = *c.TeamSettings.RestrictDirectMessage props["RestrictTeamInvite"] = *c.TeamSettings.RestrictTeamInvite + props["RestrictPublicChannelCreation"] = *c.TeamSettings.RestrictPublicChannelCreation + props["RestrictPrivateChannelCreation"] = *c.TeamSettings.RestrictPrivateChannelCreation props["RestrictPublicChannelManagement"] = *c.TeamSettings.RestrictPublicChannelManagement props["RestrictPrivateChannelManagement"] = *c.TeamSettings.RestrictPrivateChannelManagement + props["RestrictPublicChannelDeletion"] = *c.TeamSettings.RestrictPublicChannelDeletion + props["RestrictPrivateChannelDeletion"] = *c.TeamSettings.RestrictPrivateChannelDeletion props["EnableOAuthServiceProvider"] = strconv.FormatBool(c.ServiceSettings.EnableOAuthServiceProvider) props["SegmentDeveloperKey"] = c.ServiceSettings.SegmentDeveloperKey |