Merge branch 'master' into advanced-permissions-phase-2

9 files changed, 53 insertions, 12 deletions

diff --git a/app/diagnostics.go b/app/diagnostics.go
index 6855731ce..527ca9840 100644
--- a/app/diagnostics.go
+++ b/app/diagnostics.go
@@ -338,6 +338,7 @@ func (a *App) trackConfig() {
 		"enable_email_batching":                *cfg.EmailSettings.EnableEmailBatching,
 		"email_batching_buffer_size":           *cfg.EmailSettings.EmailBatchingBufferSize,
 		"email_batching_interval":              *cfg.EmailSettings.EmailBatchingInterval,
+		"enable_preview_mode_banner":           *cfg.EmailSettings.EnablePreviewModeBanner,
 		"isdefault_feedback_name":              isDefault(cfg.EmailSettings.FeedbackName, ""),
 		"isdefault_feedback_email":             isDefault(cfg.EmailSettings.FeedbackEmail, ""),
 		"isdefault_feedback_organization":      isDefault(*cfg.EmailSettings.FeedbackOrganization, model.EMAIL_SETTINGS_DEFAULT_FEEDBACK_ORGANIZATION),
diff --git a/app/webhook.go b/app/webhook.go
index a5ab28952..c887fec97 100644
--- a/app/webhook.go
+++ b/app/webhook.go
@@ -633,6 +633,10 @@ func (a *App) HandleIncomingWebhook(hookId string, req *model.IncomingWebhookReq
 		}
 	}
 
+	if hook.ChannelLocked && hook.ChannelId != channel.Id {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel_locked.app_error", nil, "", http.StatusForbidden)
+	}
+
 	if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly &&
 		channel.Name == model.DEFAULT_CHANNEL {
 		return model.NewAppError("HandleIncomingWebhook", "api.post.create_post.town_square_read_only", nil, "", http.StatusForbidden)
diff --git a/config/default.json b/config/default.json
index 97b2696aa..c80ff48de 100644
--- a/config/default.json
+++ b/config/default.json
@@ -177,6 +177,7 @@
         "EnableEmailBatching": false,
         "EmailBatchingBufferSize": 256,
         "EmailBatchingInterval": 30,
+        "EnablePreviewModeBanner": true,
         "SkipServerCertificateVerification": false,
         "EmailNotificationContentsType": "full",
         "LoginButtonColor": "",
diff --git a/i18n/en.json b/i18n/en.json
index 88bbcb9f1..59a600f23 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -6887,6 +6887,10 @@
     "translation": "Unable to get roles"
   },
   {
+    "id": "web.incoming_webhook.channel_locked.app_error",
+    "translation": "This webhook is not permitted to post to the requested channel"
+  },
+  {
     "id": "store.sql_role.permanent_delete_all.app_error",
     "translation": "We could not permanently delete all the roles"
   },
diff --git a/model/config.go b/model/config.go
index 4710658ec..7a2125061 100644
--- a/model/config.go
+++ b/model/config.go
@@ -739,6 +739,7 @@ type EmailSettings struct {
 	EnableEmailBatching               *bool
 	EmailBatchingBufferSize           *int
 	EmailBatchingInterval             *int
+	EnablePreviewModeBanner           *bool
 	SkipServerCertificateVerification *bool
 	EmailNotificationContentsType     *string
 	LoginButtonColor                  *string
@@ -791,6 +792,10 @@ func (s *EmailSettings) SetDefaults() {
 		s.EmailBatchingInterval = NewInt(EMAIL_BATCHING_INTERVAL)
 	}
 
+	if s.EnablePreviewModeBanner == nil {
+		s.EnablePreviewModeBanner = NewBool(true)
+	}
+
 	if s.EnableSMTPAuth == nil {
 		s.EnableSMTPAuth = new(bool)
 		if s.ConnectionSecurity == CONN_SECURITY_NONE {
diff --git a/model/incoming_webhook.go b/model/incoming_webhook.go
index ca9bd116d..202073b5b 100644
--- a/model/incoming_webhook.go
+++ b/model/incoming_webhook.go
@@ -16,17 +16,18 @@ const (
 )
 
 type IncomingWebhook struct {
-	Id          string `json:"id"`
-	CreateAt    int64  `json:"create_at"`
-	UpdateAt    int64  `json:"update_at"`
-	DeleteAt    int64  `json:"delete_at"`
-	UserId      string `json:"user_id"`
-	ChannelId   string `json:"channel_id"`
-	TeamId      string `json:"team_id"`
-	DisplayName string `json:"display_name"`
-	Description string `json:"description"`
-	Username    string `json:"username"`
-	IconURL     string `json:"icon_url"`
+	Id            string `json:"id"`
+	CreateAt      int64  `json:"create_at"`
+	UpdateAt      int64  `json:"update_at"`
+	DeleteAt      int64  `json:"delete_at"`
+	UserId        string `json:"user_id"`
+	ChannelId     string `json:"channel_id"`
+	TeamId        string `json:"team_id"`
+	DisplayName   string `json:"display_name"`
+	Description   string `json:"description"`
+	Username      string `json:"username"`
+	IconURL       string `json:"icon_url"`
+	ChannelLocked bool   `json:"channel_locked"`
 }
 
 type IncomingWebhookRequest struct {
diff --git a/store/sqlstore/upgrade.go b/store/sqlstore/upgrade.go
index 371639312..f6eb383f5 100644
--- a/store/sqlstore/upgrade.go
+++ b/store/sqlstore/upgrade.go
@@ -427,7 +427,7 @@ func UpgradeDatabaseToVersion410(sqlStore SqlStore) {
 func UpgradeDatabaseToVersion50(sqlStore SqlStore) {
 	// TODO: Uncomment following condition when version 5.0.0 is released
 	//if shouldPerformUpgrade(sqlStore, VERSION_4_10_0, VERSION_5_0_0) {
-
+  
 	sqlStore.CreateColumnIfNotExistsNoDefault("Teams", "SchemeId", "varchar(26)", "varchar(26)")
 	sqlStore.CreateColumnIfNotExistsNoDefault("Channels", "SchemeId", "varchar(26)", "varchar(26)")
 
@@ -439,6 +439,7 @@ func UpgradeDatabaseToVersion50(sqlStore SqlStore) {
 	sqlStore.CreateColumnIfNotExists("Roles", "BuiltIn", "boolean", "boolean", "0")
 	sqlStore.GetMaster().Exec("UPDATE Roles SET BuiltIn=true")
 	sqlStore.GetMaster().Exec("UPDATE Roles SET SchemeManaged=false WHERE Name NOT IN ('system_user', 'system_admin', 'team_user', 'team_admin', 'channel_user', 'channel_admin')")
+	sqlStore.CreateColumnIfNotExists("IncomingWebhooks", "ChannelLocked", "boolean", "boolean", "0")
 
 	//	saveSchemaVersion(sqlStore, VERSION_5_0_0)
 	//}
diff --git a/utils/config.go b/utils/config.go
index c3f58cc79..dd782c0fc 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -501,6 +501,7 @@ func GenerateClientConfig(c *model.Config, diagnosticId string, license *model.L
 	props["EnableSignInWithUsername"] = strconv.FormatBool(*c.EmailSettings.EnableSignInWithUsername)
 	props["RequireEmailVerification"] = strconv.FormatBool(c.EmailSettings.RequireEmailVerification)
 	props["EnableEmailBatching"] = strconv.FormatBool(*c.EmailSettings.EnableEmailBatching)
+	props["EnablePreviewModeBanner"] = strconv.FormatBool(*c.EmailSettings.EnablePreviewModeBanner)
 	props["EmailNotificationContentsType"] = *c.EmailSettings.EmailNotificationContentsType
 
 	props["EmailLoginButtonColor"] = *c.EmailSettings.LoginButtonColor
diff --git a/web/webhook_test.go b/web/webhook_test.go
index 48e0a2744..64ce7bf25 100644
--- a/web/webhook_test.go
+++ b/web/webhook_test.go
@@ -182,6 +182,29 @@ func TestIncomingWebhook(t *testing.T) {
 		assert.True(t, resp.StatusCode == http.StatusOK)
 	})
 
+	t.Run("ChannelLockedWebhook", func(t *testing.T) {
+		channel, err := th.App.CreateChannel(&model.Channel{TeamId: th.BasicTeam.Id, Name: model.NewId(), DisplayName: model.NewId(), Type: model.CHANNEL_OPEN, CreatorId: th.BasicUser.Id}, true)
+		require.Nil(t, err)
+
+		hook, err := th.App.CreateIncomingWebhookForChannel(th.BasicUser.Id, th.BasicChannel, &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, ChannelLocked: true})
+		require.Nil(t, err)
+
+		url := ApiClient.Url + "/hooks/" + hook.Id
+
+		payload := "payload={\"text\": \"test text\"}"
+		resp, err2 := http.Post(url, "application/x-www-form-urlencoded", strings.NewReader(payload))
+		require.Nil(t, err2)
+		assert.True(t, resp.StatusCode == http.StatusOK)
+
+		resp, err2 = http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", th.BasicChannel.Name)))
+		require.Nil(t, err2)
+		assert.True(t, resp.StatusCode == http.StatusOK)
+
+		resp, err2 = http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", channel.Name)))
+		require.Nil(t, err2)
+		assert.True(t, resp.StatusCode == http.StatusForbidden)
+	})
+
 	t.Run("DisableWebhooks", func(t *testing.T) {
 		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = false })
 		resp, err := http.Post(url, "application/json", strings.NewReader("{\"text\":\"this is a test\"}"))