Config to make town square read only (#7140)

* Be able to make Town Square read-only (Disable typing messages for non admins).

* Do not emit UserTypingEvent when TownSquareIsReadOnly and is Town Square.

* Add unit tests for TownSquareIsReadOnly config value and logic.

* Add TownSquareIsReadOnly to System console>Policy. Added Telemetry.

* Add control for TownSquareIsReadOnly=true only for License Enterprise Edition E10 & E20.

* Update en.json

* Update en.json

* Update policy_settings.jsx

* Change config value from TownSquareIsReadOnly to ExperimentalTownSquareIsReadOnly.

* Refactored to simplify. Avoid code repeat and multiple db calls.

3 files changed, 46 insertions, 11 deletions

diff --git a/app/diagnostics.go b/app/diagnostics.go
index 84d11054b..f05d90bec 100644
--- a/app/diagnostics.go
+++ b/app/diagnostics.go
@@ -243,6 +243,7 @@ func trackConfig() {
 		"isdefault_custom_description_text":       isDefault(*utils.Cfg.TeamSettings.CustomDescriptionText, model.TEAM_SETTINGS_DEFAULT_CUSTOM_DESCRIPTION_TEXT),
 		"isdefault_user_status_away_timeout":      isDefault(*utils.Cfg.TeamSettings.UserStatusAwayTimeout, model.TEAM_SETTINGS_DEFAULT_USER_STATUS_AWAY_TIMEOUT),
 		"restrict_private_channel_manage_members": *utils.Cfg.TeamSettings.RestrictPrivateChannelManageMembers,
+		"experimental_town_square_is_read_only":   *utils.Cfg.TeamSettings.ExperimentalTownSquareIsReadOnly,
 	})
 
 	SendDiagnostic(TRACK_CONFIG_CLIENT_REQ, map[string]interface{}{
diff --git a/app/post.go b/app/post.go
index c852a90d2..3845e1006 100644
--- a/app/post.go
+++ b/app/post.go
@@ -44,6 +44,29 @@ func CreatePostAsUser(post *model.Post) (*model.Post, *model.AppError) {
 			err.StatusCode = http.StatusBadRequest
 		}
 
+		if err.Id == "api.post.create_post.town_square_read_only" {
+			uchan := Srv.Store.User().Get(post.UserId)
+			var user *model.User
+			if result := <-uchan; result.Err != nil {
+				return nil, result.Err
+			} else {
+				user = result.Data.(*model.User)
+			}
+
+			T := utils.GetUserTranslations(user.Locale)
+			SendEphemeralPost(
+				post.UserId,
+				&model.Post{
+					ChannelId: channel.Id,
+					ParentId:  post.ParentId,
+					RootId:    post.RootId,
+					UserId:    post.UserId,
+					Message:   T("api.post.create_post.town_square_read_only"),
+					CreateAt:  model.GetMillis() + 1,
+				},
+			)
+		}
+
 		return nil, err
 	} else {
 		// Update the LastViewAt only if the post does not have from_webhook prop set (eg. Zapier app)
@@ -82,6 +105,21 @@ func CreatePost(post *model.Post, channel *model.Channel, triggerWebhooks bool)
 		pchan = Srv.Store.Post().Get(post.RootId)
 	}
 
+	uchan := Srv.Store.User().Get(post.UserId)
+	var user *model.User
+	if result := <-uchan; result.Err != nil {
+		return nil, result.Err
+	} else {
+		user = result.Data.(*model.User)
+	}
+
+	if utils.IsLicensed() && *utils.Cfg.TeamSettings.ExperimentalTownSquareIsReadOnly &&
+		!post.IsSystemMessage() &&
+		channel.Name == model.DEFAULT_CHANNEL &&
+		!CheckIfRolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
+		return nil, model.NewLocAppError("createPost", "api.post.create_post.town_square_read_only", nil, "")
+	}
+
 	// Verify the parent/child relationships are correct
 	var parentPostList *model.PostList
 	if pchan != nil {
@@ -139,21 +177,19 @@ func CreatePost(post *model.Post, channel *model.Channel, triggerWebhooks bool)
 		}
 	}
 
-	if err := handlePostEvents(rpost, channel, triggerWebhooks, parentPostList); err != nil {
+	if err := handlePostEvents(rpost, user, channel, triggerWebhooks, parentPostList); err != nil {
 		return nil, err
 	}
 
 	return rpost, nil
 }
 
-func handlePostEvents(post *model.Post, channel *model.Channel, triggerWebhooks bool, parentPostList *model.PostList) *model.AppError {
+func handlePostEvents(post *model.Post, user *model.User, channel *model.Channel, triggerWebhooks bool, parentPostList *model.PostList) *model.AppError {
 	var tchan store.StoreChannel
 	if len(channel.TeamId) > 0 {
 		tchan = Srv.Store.Team().Get(channel.TeamId)
 	}
 
-	uchan := Srv.Store.User().Get(post.UserId)
-
 	var team *model.Team
 	if tchan != nil {
 		if result := <-tchan; result.Err != nil {
@@ -169,13 +205,6 @@ func handlePostEvents(post *model.Post, channel *model.Channel, triggerWebhooks
 	InvalidateCacheForChannel(channel)
 	InvalidateCacheForChannelPosts(channel.Id)
 
-	var user *model.User
-	if result := <-uchan; result.Err != nil {
-		return result.Err
-	} else {
-		user = result.Data.(*model.User)
-	}
-
 	if _, err := SendNotifications(post, team, channel, user, parentPostList); err != nil {
 		return err
 	}
diff --git a/app/webhook.go b/app/webhook.go
index ce154ff70..cf4f156a2 100644
--- a/app/webhook.go
+++ b/app/webhook.go
@@ -520,6 +520,11 @@ func HandleIncomingWebhook(hookId string, req *model.IncomingWebhookRequest) *mo
 		}
 	}
 
+	if utils.IsLicensed() && *utils.Cfg.TeamSettings.ExperimentalTownSquareIsReadOnly &&
+		channel.Name == model.DEFAULT_CHANNEL {
+		return model.NewLocAppError("HandleIncomingWebhook", "api.post.create_post.town_square_read_only", nil, "")
+	}
+
 	if channel.Type != model.CHANNEL_OPEN && !HasPermissionToChannel(hook.UserId, channel.Id, model.PERMISSION_READ_CHANNEL) {
 		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.permissions.app_error", nil, "", http.StatusForbidden)
 	}