MM-11707: Change the default setting for EDIT_OTHERS_POSTS (#9447)

* MM-11707: Removes edit_others_posts permission from the team_admin role in MakeDefaultRoles().

* MM-11707: Tests fix.

* MM-11707: Update test store.

* MM-11707: Allow to change the permission for edit the others posts on TE

* Fixing tests

5 files changed, 15 insertions, 12 deletions

diff --git a/api4/post_test.go b/api4/post_test.go
index 8ccd88a42..3c9875975 100644
--- a/api4/post_test.go
+++ b/api4/post_test.go
@@ -587,6 +587,12 @@ func TestUpdatePost(t *testing.T) {
 
 	Client.Logout()
 
+	th.LoginTeamAdmin()
+	_, resp = Client.UpdatePost(rpost.Id, rpost)
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+
 	_, resp = th.SystemAdminClient.UpdatePost(rpost.Id, rpost)
 	CheckNoError(t, resp)
 }
@@ -673,7 +679,7 @@ func TestPatchPost(t *testing.T) {
 
 	th.LoginTeamAdmin()
 	_, resp = Client.PatchPost(post.Id, patch)
-	CheckNoError(t, resp)
+	CheckForbiddenStatus(t, resp)
 
 	_, resp = th.SystemAdminClient.PatchPost(post.Id, patch)
 	CheckNoError(t, resp)
@@ -1599,7 +1605,7 @@ func TestSearchPostsWithDateFlags(t *testing.T) {
 	posts, _ = Client.SearchPosts(th.BasicTeam.Id, "before:2018-08-03 after:2018-08-01", false)
 	if len(posts.Order) != 1 {
 		t.Fatalf("wrong number of posts returned %v", len(posts.Order))
-	}	
+	}
 }
 
 func TestGetFileInfosForPost(t *testing.T) {
diff --git a/api4/role.go b/api4/role.go
index 4e367629b..384738c36 100644
--- a/api4/role.go
+++ b/api4/role.go
@@ -104,6 +104,7 @@ func patchRole(c *Context, w http.ResponseWriter, r *http.Request) {
 			model.PERMISSION_MANAGE_OAUTH.Id,
 			model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
 			model.PERMISSION_MANAGE_EMOJIS.Id,
+			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 		}
 
 		changedPermissions := model.PermissionsChangedByPatch(oldRole, patch)
diff --git a/app/app_test.go b/app/app_test.go
index 1849f1b03..c071643c9 100644
--- a/app/app_test.go
+++ b/app/app_test.go
@@ -152,7 +152,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 			model.PERMISSION_CREATE_POST_PUBLIC.Id,
 		},
 		"team_admin": []string{
-			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 			model.PERMISSION_MANAGE_TEAM.Id,
 			model.PERMISSION_IMPORT_TEAM.Id,
@@ -197,6 +196,7 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 			model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
 			model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
 			model.PERMISSION_EDIT_OTHER_USERS.Id,
+			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_MANAGE_OAUTH.Id,
 			model.PERMISSION_INVITE_USER.Id,
 			model.PERMISSION_DELETE_POST.Id,
@@ -222,7 +222,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 			model.PERMISSION_GET_PUBLIC_LINK.Id,
 			model.PERMISSION_CREATE_POST.Id,
 			model.PERMISSION_USE_SLASH_COMMANDS.Id,
-			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 			model.PERMISSION_MANAGE_TEAM.Id,
 			model.PERMISSION_IMPORT_TEAM.Id,
@@ -315,7 +314,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 			model.PERMISSION_CREATE_POST_PUBLIC.Id,
 		},
 		"team_admin": []string{
-			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 			model.PERMISSION_MANAGE_TEAM.Id,
 			model.PERMISSION_IMPORT_TEAM.Id,
@@ -362,6 +360,7 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 			model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
 			model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
 			model.PERMISSION_EDIT_OTHER_USERS.Id,
+			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_MANAGE_OAUTH.Id,
 			model.PERMISSION_INVITE_USER.Id,
 			model.PERMISSION_DELETE_POST.Id,
@@ -387,7 +386,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 			model.PERMISSION_GET_PUBLIC_LINK.Id,
 			model.PERMISSION_CREATE_POST.Id,
 			model.PERMISSION_USE_SLASH_COMMANDS.Id,
-			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 			model.PERMISSION_MANAGE_TEAM.Id,
 			model.PERMISSION_IMPORT_TEAM.Id,
@@ -496,6 +494,7 @@ func TestDoEmojisPermissionsMigration(t *testing.T) {
 		model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
 		model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
 		model.PERMISSION_EDIT_OTHER_USERS.Id,
+		model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 		model.PERMISSION_MANAGE_OAUTH.Id,
 		model.PERMISSION_INVITE_USER.Id,
 		model.PERMISSION_DELETE_POST.Id,
@@ -521,7 +520,6 @@ func TestDoEmojisPermissionsMigration(t *testing.T) {
 		model.PERMISSION_GET_PUBLIC_LINK.Id,
 		model.PERMISSION_CREATE_POST.Id,
 		model.PERMISSION_USE_SLASH_COMMANDS.Id,
-		model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 		model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 		model.PERMISSION_MANAGE_TEAM.Id,
 		model.PERMISSION_IMPORT_TEAM.Id,
@@ -549,7 +547,6 @@ func TestDoEmojisPermissionsMigration(t *testing.T) {
 	role2, err2 := th.App.GetRoleByName(model.TEAM_ADMIN_ROLE_ID)
 	assert.Nil(t, err2)
 	expected2 := []string{
-		model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 		model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 		model.PERMISSION_MANAGE_TEAM.Id,
 		model.PERMISSION_IMPORT_TEAM.Id,
diff --git a/model/role.go b/model/role.go
index 80ae1ae34..27b32ed69 100644
--- a/model/role.go
+++ b/model/role.go
@@ -243,7 +243,6 @@ func MakeDefaultRoles() map[string]*Role {
 		DisplayName: "authentication.roles.team_admin.name",
 		Description: "authentication.roles.team_admin.description",
 		Permissions: []string{
-			PERMISSION_EDIT_OTHERS_POSTS.Id,
 			PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 			PERMISSION_MANAGE_TEAM.Id,
 			PERMISSION_IMPORT_TEAM.Id,
@@ -332,6 +331,7 @@ func MakeDefaultRoles() map[string]*Role {
 							PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
 							PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
 							PERMISSION_EDIT_OTHER_USERS.Id,
+							PERMISSION_EDIT_OTHERS_POSTS.Id,
 							PERMISSION_MANAGE_OAUTH.Id,
 							PERMISSION_INVITE_USER.Id,
 							PERMISSION_DELETE_POST.Id,
diff --git a/store/storetest/scheme_store.go b/store/storetest/scheme_store.go
index a9204fbe2..464af05bb 100644
--- a/store/storetest/scheme_store.go
+++ b/store/storetest/scheme_store.go
@@ -28,7 +28,6 @@ func createDefaultRoles(t *testing.T, ss store.Store) {
 		Name:        model.TEAM_ADMIN_ROLE_ID,
 		DisplayName: model.TEAM_ADMIN_ROLE_ID,
 		Permissions: []string{
-			model.PERMISSION_EDIT_OTHERS_POSTS.Id,
 			model.PERMISSION_DELETE_OTHERS_POSTS.Id,
 		},
 	})
@@ -91,7 +90,7 @@ func testSchemeStoreSave(t *testing.T, ss store.Store) {
 	roleRes1 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole)
 	assert.Nil(t, roleRes1.Err)
 	role1 := roleRes1.Data.(*model.Role)
-	assert.Equal(t, role1.Permissions, []string{"edit_others_posts", "delete_others_posts"})
+	assert.Equal(t, role1.Permissions, []string{"delete_others_posts"})
 	assert.True(t, role1.SchemeManaged)
 
 	roleRes2 := <-ss.Role().GetByName(d1.DefaultTeamUserRole)
@@ -314,7 +313,7 @@ func testSchemeStoreDelete(t *testing.T, ss store.Store) {
 	roleRes1 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole)
 	assert.Nil(t, roleRes1.Err)
 	role1 := roleRes1.Data.(*model.Role)
-	assert.Equal(t, role1.Permissions, []string{"edit_others_posts", "delete_others_posts"})
+	assert.Equal(t, role1.Permissions, []string{"delete_others_posts"})
 	assert.True(t, role1.SchemeManaged)
 
 	roleRes2 := <-ss.Role().GetByName(d1.DefaultTeamUserRole)