Role refactor (#7867)

* role refactor * add missing file * fix web test
author: Chris <ccbrown112@gmail.com> 2017-11-21 13:08:32 -0600
committer: Christopher Speller <crspeller@gmail.com> 2017-11-21 11:08:32 -0800
commit: 816a30397da6ceff836d8723233dc5cdbda70871 (patch)
tree: d9075e04c6570296cea924b97088839f49d6ce9d /app
parent: 01e652ed481ed0ef0a8d8c021751655c1a58dd2a (diff)
download: chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.gz
chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.bz2
chat-816a30397da6ceff836d8723233dc5cdbda70871.zip
14 files changed, 100 insertions, 90 deletions
diff --git a/app/app.go b/app/app.go
index 55fb43b30..ea79d8e81 100644
--- a/app/app.go
+++ b/app/app.go
@@ -55,6 +55,8 @@ type App struct {
 
 	htmlTemplateWatcher *utils.HTMLTemplateWatcher
 	sessionCache        *utils.Cache
+	roles               map[string]*model.Role
+	configListenerId    string
 }
 
 var appCount = 0
@@ -86,6 +88,11 @@ func New(options ...Option) *App {
 	utils.LoadGlobalConfig(app.configFile)
 	utils.InitTranslations(utils.Cfg.LocalizationSettings)
 
+	app.configListenerId = utils.AddConfigListener(func(_, cfg *model.Config) {
+		app.SetDefaultRolesBasedOnConfig()
+	})
+	app.SetDefaultRolesBasedOnConfig()
+
 	l4g.Info(utils.T("api.server.new_server.init.info"))
 
 	app.initEnterprise()
@@ -137,6 +144,7 @@ func (a *App) Shutdown() {
 		a.htmlTemplateWatcher.Close()
 	}
 
+	utils.RemoveConfigListener(a.configListenerId)
 	l4g.Info(utils.T("api.server.stop_server.stopped.info"))
 }
 
diff --git a/app/authorization.go b/app/authorization.go
index ed485e597..3a64bb717 100644
--- a/app/authorization.go
+++ b/app/authorization.go
@@ -12,7 +12,7 @@ import (
 )
 
 func (a *App) SessionHasPermissionTo(session model.Session, permission *model.Permission) bool {
-	if !CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) {
+	if !a.CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) {
 		a.ClearSessionCacheForUser(session.UserId)
 		return false
 	}
@@ -21,21 +21,6 @@ func (a *App) SessionHasPermissionTo(session model.Session, permission *model.Pe
 }
 
 /// DO NOT USE: LEGACY
-func SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool {
-	if teamId == "" {
-		return false
-	}
-
-	teamMember := session.GetTeamByTeamId(teamId)
-	if teamMember != nil {
-		if CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) {
-			return true
-		}
-	}
-
-	return CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id)
-}
-
 func (a *App) SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool {
 	if teamId == "" {
 		return false
@@ -43,12 +28,12 @@ func (a *App) SessionHasPermissionToTeam(session model.Session, teamId string, p
 
 	teamMember := session.GetTeamByTeamId(teamId)
 	if teamMember != nil {
-		if CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) {
+		if a.CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) {
 			return true
 		}
 	}
 
-	return a.SessionHasPermissionTo(session, permission)
+	return a.CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id)
 }
 
 func (a *App) SessionHasPermissionToChannel(session model.Session, channelId string, permission *model.Permission) bool {
@@ -63,7 +48,7 @@ func (a *App) SessionHasPermissionToChannel(session model.Session, channelId str
 		ids := cmcresult.Data.(map[string]string)
 		if roles, ok := ids[channelId]; ok {
 			channelRoles = strings.Fields(roles)
-			if CheckIfRolesGrantPermission(channelRoles, permission.Id) {
+			if a.CheckIfRolesGrantPermission(channelRoles, permission.Id) {
 				return true
 			}
 		}
@@ -84,7 +69,7 @@ func (a *App) SessionHasPermissionToChannelByPost(session model.Session, postId
 	if result := <-a.Srv.Store.Channel().GetMemberForPost(postId, session.UserId); result.Err == nil {
 		channelMember = result.Data.(*model.ChannelMember)
 
-		if CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) {
+		if a.CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) {
 			return true
 		}
 	}
@@ -134,7 +119,7 @@ func (a *App) HasPermissionTo(askingUserId string, permission *model.Permission)
 
 	roles := user.GetRoles()
 
-	return CheckIfRolesGrantPermission(roles, permission.Id)
+	return a.CheckIfRolesGrantPermission(roles, permission.Id)
 }
 
 func (a *App) HasPermissionToTeam(askingUserId string, teamId string, permission *model.Permission) bool {
@@ -149,7 +134,7 @@ func (a *App) HasPermissionToTeam(askingUserId string, teamId string, permission
 
 	roles := teamMember.GetRoles()
 
-	if CheckIfRolesGrantPermission(roles, permission.Id) {
+	if a.CheckIfRolesGrantPermission(roles, permission.Id) {
 		return true
 	}
 
@@ -164,7 +149,7 @@ func (a *App) HasPermissionToChannel(askingUserId string, channelId string, perm
 	channelMember, err := a.GetChannelMember(channelId, askingUserId)
 	if err == nil {
 		roles := channelMember.GetRoles()
-		if CheckIfRolesGrantPermission(roles, permission.Id) {
+		if a.CheckIfRolesGrantPermission(roles, permission.Id) {
 			return true
 		}
 	}
@@ -183,7 +168,7 @@ func (a *App) HasPermissionToChannelByPost(askingUserId string, postId string, p
 	if result := <-a.Srv.Store.Channel().GetMemberForPost(postId, askingUserId); result.Err == nil {
 		channelMember = result.Data.(*model.ChannelMember)
 
-		if CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) {
+		if a.CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) {
 			return true
 		}
 	}
@@ -208,9 +193,9 @@ func (a *App) HasPermissionToUser(askingUserId string, userId string) bool {
 	return false
 }
 
-func CheckIfRolesGrantPermission(roles []string, permissionId string) bool {
+func (a *App) CheckIfRolesGrantPermission(roles []string, permissionId string) bool {
 	for _, roleId := range roles {
-		if role, ok := model.BuiltInRoles[roleId]; !ok {
+		if role := a.Role(roleId); role == nil {
 			l4g.Debug("Bad role in system " + roleId)
 			return false
 		} else {
diff --git a/app/authorization_test.go b/app/authorization_test.go
index 375b279dc..a65fe8333 100644
--- a/app/authorization_test.go
+++ b/app/authorization_test.go
@@ -10,23 +10,26 @@ import (
 )
 
 func TestCheckIfRolesGrantPermission(t *testing.T) {
+	th := Setup().InitBasic()
+	defer th.TearDown()
+
 	cases := []struct {
 		roles        []string
 		permissionId string
 		shouldGrant  bool
 	}{
-		{[]string{model.ROLE_SYSTEM_ADMIN.Id}, model.ROLE_SYSTEM_ADMIN.Permissions[0], true},
-		{[]string{model.ROLE_SYSTEM_ADMIN.Id}, "non-existant-permission", false},
-		{[]string{model.ROLE_CHANNEL_USER.Id}, model.ROLE_CHANNEL_USER.Permissions[0], true},
-		{[]string{model.ROLE_CHANNEL_USER.Id}, model.PERMISSION_MANAGE_SYSTEM.Id, false},
-		{[]string{model.ROLE_SYSTEM_ADMIN.Id, model.ROLE_CHANNEL_USER.Id}, model.PERMISSION_MANAGE_SYSTEM.Id, true},
-		{[]string{model.ROLE_CHANNEL_USER.Id, model.ROLE_SYSTEM_ADMIN.Id}, model.PERMISSION_MANAGE_SYSTEM.Id, true},
-		{[]string{model.ROLE_TEAM_USER.Id, model.ROLE_TEAM_ADMIN.Id}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true},
-		{[]string{model.ROLE_TEAM_ADMIN.Id, model.ROLE_TEAM_USER.Id}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true},
+		{[]string{model.SYSTEM_ADMIN_ROLE_ID}, th.App.Role(model.SYSTEM_ADMIN_ROLE_ID).Permissions[0], true},
+		{[]string{model.SYSTEM_ADMIN_ROLE_ID}, "non-existant-permission", false},
+		{[]string{model.CHANNEL_USER_ROLE_ID}, th.App.Role(model.CHANNEL_USER_ROLE_ID).Permissions[0], true},
+		{[]string{model.CHANNEL_USER_ROLE_ID}, model.PERMISSION_MANAGE_SYSTEM.Id, false},
+		{[]string{model.SYSTEM_ADMIN_ROLE_ID, model.CHANNEL_USER_ROLE_ID}, model.PERMISSION_MANAGE_SYSTEM.Id, true},
+		{[]string{model.CHANNEL_USER_ROLE_ID, model.SYSTEM_ADMIN_ROLE_ID}, model.PERMISSION_MANAGE_SYSTEM.Id, true},
+		{[]string{model.TEAM_USER_ROLE_ID, model.TEAM_ADMIN_ROLE_ID}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true},
+		{[]string{model.TEAM_ADMIN_ROLE_ID, model.TEAM_USER_ROLE_ID}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true},
 	}
 
 	for testnum, testcase := range cases {
-		if CheckIfRolesGrantPermission(testcase.roles, testcase.permissionId) != testcase.shouldGrant {
+		if th.App.CheckIfRolesGrantPermission(testcase.roles, testcase.permissionId) != testcase.shouldGrant {
 			t.Fatal("Failed test case ", testnum)
 		}
 	}
diff --git a/app/channel.go b/app/channel.go
index ea58795ea..50067d42d 100644
--- a/app/channel.go
+++ b/app/channel.go
@@ -151,7 +151,7 @@ func (a *App) CreateChannel(channel *model.Channel, addMember bool) (*model.Chan
 			cm := &model.ChannelMember{
 				ChannelId:   sc.Id,
 				UserId:      channel.CreatorId,
-				Roles:       model.ROLE_CHANNEL_USER.Id + " " + model.ROLE_CHANNEL_ADMIN.Id,
+				Roles:       model.CHANNEL_USER_ROLE_ID + " " + model.CHANNEL_ADMIN_ROLE_ID,
 				NotifyProps: model.GetDefaultChannelNotifyProps(),
 			}
 
@@ -296,7 +296,7 @@ func (a *App) createGroupChannel(userIds []string, creatorId string) (*model.Cha
 				UserId:      user.Id,
 				ChannelId:   group.Id,
 				NotifyProps: model.GetDefaultChannelNotifyProps(),
-				Roles:       model.ROLE_CHANNEL_USER.Id,
+				Roles:       model.CHANNEL_USER_ROLE_ID,
 			}
 
 			if result := <-a.Srv.Store.Channel().SaveMember(cm); result.Err != nil {
@@ -514,7 +514,7 @@ func (a *App) addUserToChannel(user *model.User, channel *model.Channel, teamMem
 		ChannelId:   channel.Id,
 		UserId:      user.Id,
 		NotifyProps: model.GetDefaultChannelNotifyProps(),
-		Roles:       model.ROLE_CHANNEL_USER.Id,
+		Roles:       model.CHANNEL_USER_ROLE_ID,
 	}
 	if result := <-a.Srv.Store.Channel().SaveMember(newMember); result.Err != nil {
 		l4g.Error("Failed to add member user_id=%v channel_id=%v err=%v", user.Id, channel.Id, result.Err)
diff --git a/app/command_channel_header_test.go b/app/command_channel_header_test.go
index 5fdde122b..2a6151fed 100644
--- a/app/command_channel_header_test.go
+++ b/app/command_channel_header_test.go
@@ -15,7 +15,7 @@ func TestHeaderProviderDoCommand(t *testing.T) {
 	args := &model.CommandArgs{
 		T:         func(s string, args ...interface{}) string { return s },
 		ChannelId: th.BasicChannel.Id,
-		Session:   model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.ROLE_TEAM_USER.Id}}},
+		Session:   model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.TEAM_USER_ROLE_ID}}},
 	}
 
 	for msg, expected := range map[string]string{
diff --git a/app/command_channel_rename_test.go b/app/command_channel_rename_test.go
index 00b9eab0a..9c86b18e0 100644
--- a/app/command_channel_rename_test.go
+++ b/app/command_channel_rename_test.go
@@ -15,7 +15,7 @@ func TestRenameProviderDoCommand(t *testing.T) {
 	args := &model.CommandArgs{
 		T:         func(s string, args ...interface{}) string { return s },
 		ChannelId: th.BasicChannel.Id,
-		Session:   model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.ROLE_TEAM_USER.Id}}},
+		Session:   model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.TEAM_USER_ROLE_ID}}},
 	}
 
 	// Blank text is a success
diff --git a/app/import.go b/app/import.go
index 08decb676..850e9c43d 100644
--- a/app/import.go
+++ b/app/import.go
@@ -572,8 +572,8 @@ func (a *App) ImportUser(data *UserImportData, dryRun bool) *model.AppError {
 		}
 	} else if len(user.Roles) == 0 {
 		// Set SYSTEM_USER roles on newly created users by default.
-		if user.Roles != model.ROLE_SYSTEM_USER.Id {
-			roles = model.ROLE_SYSTEM_USER.Id
+		if user.Roles != model.SYSTEM_USER_ROLE_ID {
+			roles = model.SYSTEM_USER_ROLE_ID
 			hasUserRolesChanged = true
 		}
 	}
@@ -769,7 +769,7 @@ func (a *App) ImportUserTeams(user *model.User, data *[]UserTeamImportData) *mod
 
 		var roles string
 		if tdata.Roles == nil {
-			roles = model.ROLE_TEAM_USER.Id
+			roles = model.TEAM_USER_ROLE_ID
 		} else {
 			roles = *tdata.Roles
 		}
@@ -809,7 +809,7 @@ func (a *App) ImportUserChannels(user *model.User, team *model.Team, teamMember
 
 		var roles string
 		if cdata.Roles == nil {
-			roles = model.ROLE_CHANNEL_USER.Id
+			roles = model.CHANNEL_USER_ROLE_ID
 		} else {
 			roles = *cdata.Roles
 		}
@@ -1455,7 +1455,7 @@ func (a *App) OldImportPost(post *model.Post) {
 func (a *App) OldImportUser(team *model.Team, user *model.User) *model.User {
 	user.MakeNonNil()
 
-	user.Roles = model.ROLE_SYSTEM_USER.Id
+	user.Roles = model.SYSTEM_USER_ROLE_ID
 
 	if result := <-a.Srv.Store.User().Save(user); result.Err != nil {
 		l4g.Error(utils.T("api.import.import_user.saving.error"), result.Err)
diff --git a/app/oauth_test.go b/app/oauth_test.go
index d5fbe8f5e..b964b377d 100644
--- a/app/oauth_test.go
+++ b/app/oauth_test.go
@@ -21,7 +21,7 @@ func TestOAuthRevokeAccessToken(t *testing.T) {
 	session.CreateAt = model.GetMillis()
 	session.UserId = model.NewId()
 	session.Token = model.NewId()
-	session.Roles = model.ROLE_SYSTEM_USER.Id
+	session.Roles = model.SYSTEM_USER_ROLE_ID
 	session.SetExpireInDays(1)
 
 	session, _ = th.App.CreateSession(session)
@@ -71,7 +71,7 @@ func TestOAuthDeleteApp(t *testing.T) {
 	session.CreateAt = model.GetMillis()
 	session.UserId = model.NewId()
 	session.Token = model.NewId()
-	session.Roles = model.ROLE_SYSTEM_USER.Id
+	session.Roles = model.SYSTEM_USER_ROLE_ID
 	session.IsOAuth = true
 	session.SetExpireInDays(1)
 
diff --git a/app/post.go b/app/post.go
index 844b660a9..1bada0095 100644
--- a/app/post.go
+++ b/app/post.go
@@ -122,7 +122,7 @@ func (a *App) CreatePost(post *model.Post, channel *model.Channel, triggerWebhoo
 	if utils.IsLicensed() && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly &&
 		!post.IsSystemMessage() &&
 		channel.Name == model.DEFAULT_CHANNEL &&
-		!CheckIfRolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
+		!a.CheckIfRolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) {
 		return nil, model.NewAppError("createPost", "api.post.create_post.town_square_read_only", nil, "", http.StatusForbidden)
 	}
 
diff --git a/app/role.go b/app/role.go
new file mode 100644
index 000000000..5f39dd623
--- /dev/null
+++ b/app/role.go
@@ -0,0 +1,19 @@
+// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"github.com/mattermost/mattermost-server/model"
+	"github.com/mattermost/mattermost-server/utils"
+)
+
+func (a *App) Role(id string) *model.Role {
+	return a.roles[id]
+}
+
+// Updates the roles based on the app config and the global license check. You may need to invoke
+// this when license changes are made.
+func (a *App) SetDefaultRolesBasedOnConfig() {
+	a.roles = utils.DefaultRolesBasedOnConfig(a.Config())
+}
diff --git a/app/team.go b/app/team.go
index c2d06513e..00808b200 100644
--- a/app/team.go
+++ b/app/team.go
@@ -281,11 +281,11 @@ func (a *App) joinUserToTeam(team *model.Team, user *model.User) (*model.TeamMem
 	tm := &model.TeamMember{
 		TeamId: team.Id,
 		UserId: user.Id,
-		Roles:  model.ROLE_TEAM_USER.Id,
+		Roles:  model.TEAM_USER_ROLE_ID,
 	}
 
 	if team.Email == user.Email {
-		tm.Roles = model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id
+		tm.Roles = model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID
 	}
 
 	if etmr := <-a.Srv.Store.Team().GetMember(team.Id, user.Id); etmr.Err == nil {
@@ -323,10 +323,10 @@ func (a *App) JoinUserToTeam(team *model.Team, user *model.User, userRequestorId
 		return uua.Err
 	}
 
-	channelRole := model.ROLE_CHANNEL_USER.Id
+	channelRole := model.CHANNEL_USER_ROLE_ID
 
 	if team.Email == user.Email {
-		channelRole = model.ROLE_CHANNEL_USER.Id + " " + model.ROLE_CHANNEL_ADMIN.Id
+		channelRole = model.CHANNEL_USER_ROLE_ID + " " + model.CHANNEL_ADMIN_ROLE_ID
 	}
 
 	// Soft error if there is an issue joining the default channels
@@ -869,17 +869,17 @@ func (a *App) GetTeamIdFromQuery(query url.Values) (string, *model.AppError) {
 	return "", nil
 }
 
-func SanitizeTeam(session model.Session, team *model.Team) *model.Team {
-	if !SessionHasPermissionToTeam(session, team.Id, model.PERMISSION_MANAGE_TEAM) {
+func (a *App) SanitizeTeam(session model.Session, team *model.Team) *model.Team {
+	if !a.SessionHasPermissionToTeam(session, team.Id, model.PERMISSION_MANAGE_TEAM) {
 		team.Sanitize()
 	}
 
 	return team
 }
 
-func SanitizeTeams(session model.Session, teams []*model.Team) []*model.Team {
+func (a *App) SanitizeTeams(session model.Session, teams []*model.Team) []*model.Team {
 	for _, team := range teams {
-		SanitizeTeam(session, team)
+		a.SanitizeTeam(session, team)
 	}
 
 	return teams
diff --git a/app/team_test.go b/app/team_test.go
index 61ae03f74..10f33f50b 100644
--- a/app/team_test.go
+++ b/app/team_test.go
@@ -198,17 +198,17 @@ func TestSanitizeTeam(t *testing.T) {
 	t.Run("not a user of the team", func(t *testing.T) {
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: model.NewId(),
-					Roles:  model.ROLE_TEAM_USER.Id,
+					Roles:  model.TEAM_USER_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeam(session, copyTeam())
+		sanitized := th.App.SanitizeTeam(session, copyTeam())
 		if sanitized.Email != "" && sanitized.AllowedDomains != "" {
 			t.Fatal("should've sanitized team")
 		}
@@ -217,17 +217,17 @@ func TestSanitizeTeam(t *testing.T) {
 	t.Run("user of the team", func(t *testing.T) {
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: team.Id,
-					Roles:  model.ROLE_TEAM_USER.Id,
+					Roles:  model.TEAM_USER_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeam(session, copyTeam())
+		sanitized := th.App.SanitizeTeam(session, copyTeam())
 		if sanitized.Email != "" && sanitized.AllowedDomains != "" {
 			t.Fatal("should've sanitized team")
 		}
@@ -236,17 +236,17 @@ func TestSanitizeTeam(t *testing.T) {
 	t.Run("team admin", func(t *testing.T) {
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: team.Id,
-					Roles:  model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+					Roles:  model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeam(session, copyTeam())
+		sanitized := th.App.SanitizeTeam(session, copyTeam())
 		if sanitized.Email == "" && sanitized.AllowedDomains == "" {
 			t.Fatal("shouldn't have sanitized team")
 		}
@@ -255,17 +255,17 @@ func TestSanitizeTeam(t *testing.T) {
 	t.Run("team admin of another team", func(t *testing.T) {
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: model.NewId(),
-					Roles:  model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+					Roles:  model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeam(session, copyTeam())
+		sanitized := th.App.SanitizeTeam(session, copyTeam())
 		if sanitized.Email != "" && sanitized.AllowedDomains != "" {
 			t.Fatal("should've sanitized team")
 		}
@@ -274,17 +274,17 @@ func TestSanitizeTeam(t *testing.T) {
 	t.Run("system admin, not a user of team", func(t *testing.T) {
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: model.NewId(),
-					Roles:  model.ROLE_TEAM_USER.Id,
+					Roles:  model.TEAM_USER_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeam(session, copyTeam())
+		sanitized := th.App.SanitizeTeam(session, copyTeam())
 		if sanitized.Email == "" && sanitized.AllowedDomains == "" {
 			t.Fatal("shouldn't have sanitized team")
 		}
@@ -293,17 +293,17 @@ func TestSanitizeTeam(t *testing.T) {
 	t.Run("system admin, user of team", func(t *testing.T) {
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: team.Id,
-					Roles:  model.ROLE_TEAM_USER.Id,
+					Roles:  model.TEAM_USER_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeam(session, copyTeam())
+		sanitized := th.App.SanitizeTeam(session, copyTeam())
 		if sanitized.Email == "" && sanitized.AllowedDomains == "" {
 			t.Fatal("shouldn't have sanitized team")
 		}
@@ -330,22 +330,22 @@ func TestSanitizeTeams(t *testing.T) {
 
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: teams[0].Id,
-					Roles:  model.ROLE_TEAM_USER.Id,
+					Roles:  model.TEAM_USER_ROLE_ID,
 				},
 				{
 					UserId: userId,
 					TeamId: teams[1].Id,
-					Roles:  model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id,
+					Roles:  model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeams(session, teams)
+		sanitized := th.App.SanitizeTeams(session, teams)
 
 		if sanitized[0].Email != "" && sanitized[0].AllowedDomains != "" {
 			t.Fatal("should've sanitized first team")
@@ -372,17 +372,17 @@ func TestSanitizeTeams(t *testing.T) {
 
 		userId := model.NewId()
 		session := model.Session{
-			Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id,
+			Roles: model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID,
 			TeamMembers: []*model.TeamMember{
 				{
 					UserId: userId,
 					TeamId: teams[0].Id,
-					Roles:  model.ROLE_TEAM_USER.Id,
+					Roles:  model.TEAM_USER_ROLE_ID,
 				},
 			},
 		}
 
-		sanitized := SanitizeTeams(session, teams)
+		sanitized := th.App.SanitizeTeams(session, teams)
 
 		if sanitized[0].Email == "" && sanitized[0].AllowedDomains == "" {
 			t.Fatal("shouldn't have sanitized first team")
diff --git a/app/user.go b/app/user.go
index a17521d9f..b94c2a9fb 100644
--- a/app/user.go
+++ b/app/user.go
@@ -179,7 +179,7 @@ func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) {
 		return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest)
 	}
 
-	user.Roles = model.ROLE_SYSTEM_USER.Id
+	user.Roles = model.SYSTEM_USER_ROLE_ID
 
 	// Below is a special case where the first user in the entire
 	// system is granted the system_admin role
@@ -188,7 +188,7 @@ func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) {
 	} else {
 		count := result.Data.(int64)
 		if count <= 0 {
-			user.Roles = model.ROLE_SYSTEM_ADMIN.Id + " " + model.ROLE_SYSTEM_USER.Id
+			user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID
 		}
 	}
 
@@ -1235,7 +1235,7 @@ func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent
 
 func (a *App) PermanentDeleteUser(user *model.User) *model.AppError {
 	l4g.Warn(utils.T("api.user.permanent_delete_user.attempting.warn"), user.Email, user.Id)
-	if user.IsInRole(model.ROLE_SYSTEM_ADMIN.Id) {
+	if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) {
 		l4g.Warn(utils.T("api.user.permanent_delete_user.system_admin.warn"), user.Email)
 	}
 
diff --git a/app/webhook_test.go b/app/webhook_test.go
index 9fef6fde3..13771a97f 100644
--- a/app/webhook_test.go
+++ b/app/webhook_test.go
@@ -11,7 +11,6 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/mattermost/mattermost-server/model"
-	"github.com/mattermost/mattermost-server/utils"
 )
 
 func TestCreateWebhookPost(t *testing.T) {
@@ -19,12 +18,8 @@ func TestCreateWebhookPost(t *testing.T) {
 	defer th.TearDown()
 
 	enableIncomingHooks := th.App.Config().ServiceSettings.EnableIncomingWebhooks
-	defer func() {
-		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks })
-		utils.SetDefaultRolesBasedOnConfig()
-	}()
+	defer th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks })
 	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
-	utils.SetDefaultRolesBasedOnConfig()
 
 	hook, err := th.App.CreateIncomingWebhookForChannel(th.BasicUser.Id, th.BasicChannel, &model.IncomingWebhook{ChannelId: th.BasicChannel.Id})
 	if err != nil {
author	Chris <ccbrown112@gmail.com>	2017-11-21 13:08:32 -0600
committer	Christopher Speller <crspeller@gmail.com>	2017-11-21 11:08:32 -0800
commit	816a30397da6ceff836d8723233dc5cdbda70871 (patch)
tree	d9075e04c6570296cea924b97088839f49d6ce9d /app
parent	01e652ed481ed0ef0a8d8c021751655c1a58dd2a (diff)
download	chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.gz chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.bz2 chat-816a30397da6ceff836d8723233dc5cdbda70871.zip