diff options
| author | Martin Kraft <mkraft@users.noreply.github.com> | 2018-05-17 11:37:00 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-05-17 11:37:00 -0400 |
| commit | e0390632b3c941670671d968b8828bcefbf71581 (patch) | |
| tree | d4eb82a217aa45c5be8a3afb2fc1d2d7ed5d6b37 /app/permissions.go | |
| parent | 463065c8ba4b4aece7fd9b7764ba917df3e73292 (diff) | |
| download | chat-e0390632b3c941670671d968b8828bcefbf71581.tar.gz chat-e0390632b3c941670671d968b8828bcefbf71581.tar.bz2 chat-e0390632b3c941670671d968b8828bcefbf71581.zip | |
MM-10264: Adds CLI command to import and export permissions. (#8787)
* MM-10264: Adds CLI command to import and export permissions.
* MM-10264: Changes Scheme Name to DisplayName and adds Name slug field.
* MM-10264: Changes display name max size.
* MM-10264: Another merge fix.
* MM-10264: Changes for more Schemes methods checking for migration.
* MM-10264: More updates for Schemes migration checking.
Diffstat (limited to 'app/permissions.go')
| -rw-r--r-- | app/permissions.go | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/app/permissions.go b/app/permissions.go index 75aa2ecf9..70b8cc689 100644 --- a/app/permissions.go +++ b/app/permissions.go @@ -4,9 +4,17 @@ package app import ( + "bufio" + "encoding/json" + "fmt" + "io" + "github.com/mattermost/mattermost-server/model" + "github.com/pkg/errors" ) +const permissionsExportBatchSize = 100 + func (a *App) ResetPermissionsSystem() *model.AppError { // Reset all Teams to not have a scheme. if result := <-a.Srv.Store.Team().ResetAllTeamSchemes(); result.Err != nil { @@ -38,3 +46,138 @@ func (a *App) ResetPermissionsSystem() *model.AppError { return nil } + +func (a *App) ExportPermissions(w io.Writer) error { + + next := a.SchemesIterator(permissionsExportBatchSize) + var schemeBatch []*model.Scheme + + for schemeBatch = next(); len(schemeBatch) > 0; schemeBatch = next() { + + for _, scheme := range schemeBatch { + + roleIDs := []string{ + scheme.DefaultTeamAdminRole, + scheme.DefaultTeamUserRole, + scheme.DefaultChannelAdminRole, + scheme.DefaultChannelUserRole, + } + + roles := []*model.Role{} + for _, roleID := range roleIDs { + if len(roleID) == 0 { + continue + } + role, err := a.GetRole(roleID) + if err != nil { + return err + } + roles = append(roles, role) + } + + schemeExport, err := json.Marshal(&model.SchemeConveyor{ + Name: scheme.Name, + DisplayName: scheme.DisplayName, + Description: scheme.Description, + Scope: scheme.Scope, + TeamAdmin: scheme.DefaultTeamAdminRole, + TeamUser: scheme.DefaultTeamUserRole, + ChannelAdmin: scheme.DefaultChannelAdminRole, + ChannelUser: scheme.DefaultChannelUserRole, + Roles: roles, + }) + if err != nil { + return err + } + + schemeExport = append(schemeExport, []byte("\n")...) + + _, err = w.Write(schemeExport) + if err != nil { + return err + } + } + + } + + return nil +} + +func (a *App) ImportPermissions(jsonl io.Reader) error { + createdSchemeIDs := []string{} + + scanner := bufio.NewScanner(jsonl) + + for scanner.Scan() { + var schemeConveyor *model.SchemeConveyor + err := json.Unmarshal(scanner.Bytes(), &schemeConveyor) + if err != nil { + return err + } + + // Create the new Scheme. The new Roles are created automatically. + var appErr *model.AppError + schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme()) + if appErr != nil { + return errors.New(appErr.Message) + } + createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id) + + schemeIn := schemeConveyor.Scheme() + roleIDTuples := [][]string{ + {schemeCreated.DefaultTeamAdminRole, schemeIn.DefaultTeamAdminRole}, + {schemeCreated.DefaultTeamUserRole, schemeIn.DefaultTeamUserRole}, + {schemeCreated.DefaultChannelAdminRole, schemeIn.DefaultChannelAdminRole}, + {schemeCreated.DefaultChannelUserRole, schemeIn.DefaultChannelUserRole}, + } + for _, roleIDTuple := range roleIDTuples { + if len(roleIDTuple[0]) == 0 || len(roleIDTuple[1]) == 0 { + continue + } + + err = updateRole(a, schemeConveyor, roleIDTuple[0], roleIDTuple[1]) + if err != nil { + // Delete the new Schemes. The new Roles are deleted automatically. + for _, schemeID := range createdSchemeIDs { + a.DeleteScheme(schemeID) + } + return err + } + } + } + + if err := scanner.Err(); err != nil { + return err + } + + return nil +} + +func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedID, defaultRoleID string) error { + var err *model.AppError + + roleCreated, err := a.GetRole(roleCreatedID) + if err != nil { + return errors.New(err.Message) + } + + var roleIn *model.Role + for _, role := range sc.Roles { + if role.Id == defaultRoleID { + roleIn = role + break + } + } + + roleCreated.Name = roleIn.Name + roleCreated.DisplayName = roleIn.DisplayName + roleCreated.Description = roleIn.Description + roleCreated.Permissions = roleIn.Permissions + + _, err = a.UpdateRole(roleCreated) + if err != nil { + return errors.New(fmt.Sprintf("%v: %v\n", err.Message, err.DetailedError)) + } + + return nil +} |