MM-10757: Default roles from scheme should be keyed by name not ID. (#8894)

* MM-10757: Default roles from scheme should be keyed by name not ID.

* Update permissions import/export.

4 files changed, 56 insertions, 24 deletions

diff --git a/store/sqlstore/scheme_supplier.go b/store/sqlstore/scheme_supplier.go
index f272040a6..326fb45e6 100644
--- a/store/sqlstore/scheme_supplier.go
+++ b/store/sqlstore/scheme_supplier.go
@@ -109,7 +109,7 @@ func (s *SqlSupplier) createScheme(ctx context.Context, scheme *model.Scheme, tr
 			result.Err = saveRoleResult.Err
 			return result
 		} else {
-			scheme.DefaultTeamAdminRole = saveRoleResult.Data.(*model.Role).Id
+			scheme.DefaultTeamAdminRole = saveRoleResult.Data.(*model.Role).Name
 		}
 
 		// Team User Role
@@ -124,7 +124,7 @@ func (s *SqlSupplier) createScheme(ctx context.Context, scheme *model.Scheme, tr
 			result.Err = saveRoleResult.Err
 			return result
 		} else {
-			scheme.DefaultTeamUserRole = saveRoleResult.Data.(*model.Role).Id
+			scheme.DefaultTeamUserRole = saveRoleResult.Data.(*model.Role).Name
 		}
 	}
 	if scheme.Scope == model.SCHEME_SCOPE_TEAM || scheme.Scope == model.SCHEME_SCOPE_CHANNEL {
@@ -140,7 +140,7 @@ func (s *SqlSupplier) createScheme(ctx context.Context, scheme *model.Scheme, tr
 			result.Err = saveRoleResult.Err
 			return result
 		} else {
-			scheme.DefaultChannelAdminRole = saveRoleResult.Data.(*model.Role).Id
+			scheme.DefaultChannelAdminRole = saveRoleResult.Data.(*model.Role).Name
 		}
 
 		// Channel User Role
@@ -155,7 +155,7 @@ func (s *SqlSupplier) createScheme(ctx context.Context, scheme *model.Scheme, tr
 			result.Err = saveRoleResult.Err
 			return result
 		} else {
-			scheme.DefaultChannelUserRole = saveRoleResult.Data.(*model.Role).Id
+			scheme.DefaultChannelUserRole = saveRoleResult.Data.(*model.Role).Name
 		}
 	}
 
@@ -231,16 +231,16 @@ func (s *SqlSupplier) SchemeDelete(ctx context.Context, schemeId string, hints .
 	}
 
 	// Delete the roles belonging to the scheme.
-	roleIds := []string{scheme.DefaultChannelUserRole, scheme.DefaultChannelAdminRole}
+	roleNames := []string{scheme.DefaultChannelUserRole, scheme.DefaultChannelAdminRole}
 	if scheme.Scope == model.SCHEME_SCOPE_TEAM {
-		roleIds = append(roleIds, scheme.DefaultTeamUserRole, scheme.DefaultTeamAdminRole)
+		roleNames = append(roleNames, scheme.DefaultTeamUserRole, scheme.DefaultTeamAdminRole)
 	}
 
 	var inQueryList []string
 	queryArgs := make(map[string]interface{})
-	for i, roleId := range roleIds {
-		inQueryList = append(inQueryList, fmt.Sprintf(":RoleId%v", i))
-		queryArgs[fmt.Sprintf("RoleId%v", i)] = roleId
+	for i, roleId := range roleNames {
+		inQueryList = append(inQueryList, fmt.Sprintf(":RoleName%v", i))
+		queryArgs[fmt.Sprintf("RoleName%v", i)] = roleId
 	}
 	inQuery := strings.Join(inQueryList, ", ")
 
@@ -248,7 +248,7 @@ func (s *SqlSupplier) SchemeDelete(ctx context.Context, schemeId string, hints .
 	queryArgs["UpdateAt"] = time
 	queryArgs["DeleteAt"] = time
 
-	if _, err := s.GetMaster().Exec("UPDATE Roles SET UpdateAt = :UpdateAt, DeleteAt = :DeleteAt WHERE Id IN ("+inQuery+")", queryArgs); err != nil {
+	if _, err := s.GetMaster().Exec("UPDATE Roles SET UpdateAt = :UpdateAt, DeleteAt = :DeleteAt WHERE Name IN ("+inQuery+")", queryArgs); err != nil {
 		result.Err = model.NewAppError("SqlSchemeStore.Delete", "store.sql_scheme.delete.role_update.app_error", nil, "Id="+schemeId+", "+err.Error(), http.StatusInternalServerError)
 		return result
 	}
diff --git a/store/sqlstore/team_store.go b/store/sqlstore/team_store.go
index f8d76bba1..fe4c09175 100644
--- a/store/sqlstore/team_store.go
+++ b/store/sqlstore/team_store.go
@@ -440,8 +440,8 @@ func (s SqlTeamStore) AnalyticsTeamCount() store.StoreChannel {
 var TEAM_MEMBERS_WITH_SCHEME_SELECT_QUERY = `
 	SELECT
 		TeamMembers.*,
-		TeamScheme.DefaultChannelUserRole TeamSchemeDefaultUserRole,
-		TeamScheme.DefaultChannelAdminRole TeamSchemeDefaultAdminRole
+		TeamScheme.DefaultTeamUserRole TeamSchemeDefaultUserRole,
+		TeamScheme.DefaultTeamAdminRole TeamSchemeDefaultAdminRole
 	FROM 
 		TeamMembers
 	LEFT JOIN
diff --git a/store/storetest/scheme_store.go b/store/storetest/scheme_store.go
index 39920c109..eb4e8efa0 100644
--- a/store/storetest/scheme_store.go
+++ b/store/storetest/scheme_store.go
@@ -87,25 +87,25 @@ func testSchemeStoreSave(t *testing.T, ss store.Store) {
 	assert.Len(t, d1.DefaultChannelUserRole, 26)
 
 	// Check the default roles were created correctly.
-	roleRes1 := <-ss.Role().Get(d1.DefaultTeamAdminRole)
+	roleRes1 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole)
 	assert.Nil(t, roleRes1.Err)
 	role1 := roleRes1.Data.(*model.Role)
 	assert.Equal(t, role1.Permissions, []string{"edit_others_posts", "delete_others_posts"})
 	assert.True(t, role1.SchemeManaged)
 
-	roleRes2 := <-ss.Role().Get(d1.DefaultTeamUserRole)
+	roleRes2 := <-ss.Role().GetByName(d1.DefaultTeamUserRole)
 	assert.Nil(t, roleRes2.Err)
 	role2 := roleRes2.Data.(*model.Role)
 	assert.Equal(t, role2.Permissions, []string{"view_team", "add_user_to_team"})
 	assert.True(t, role2.SchemeManaged)
 
-	roleRes3 := <-ss.Role().Get(d1.DefaultChannelAdminRole)
+	roleRes3 := <-ss.Role().GetByName(d1.DefaultChannelAdminRole)
 	assert.Nil(t, roleRes3.Err)
 	role3 := roleRes3.Data.(*model.Role)
 	assert.Equal(t, role3.Permissions, []string{"manage_public_channel_members", "manage_private_channel_members"})
 	assert.True(t, role3.SchemeManaged)
 
-	roleRes4 := <-ss.Role().Get(d1.DefaultChannelUserRole)
+	roleRes4 := <-ss.Role().GetByName(d1.DefaultChannelUserRole)
 	assert.Nil(t, roleRes4.Err)
 	role4 := roleRes4.Data.(*model.Role)
 	assert.Equal(t, role4.Permissions, []string{"read_channel", "create_post"})
@@ -274,25 +274,25 @@ func testSchemeStoreDelete(t *testing.T, ss store.Store) {
 	assert.Len(t, d1.DefaultChannelUserRole, 26)
 
 	// Check the default roles were created correctly.
-	roleRes1 := <-ss.Role().Get(d1.DefaultTeamAdminRole)
+	roleRes1 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole)
 	assert.Nil(t, roleRes1.Err)
 	role1 := roleRes1.Data.(*model.Role)
 	assert.Equal(t, role1.Permissions, []string{"edit_others_posts", "delete_others_posts"})
 	assert.True(t, role1.SchemeManaged)
 
-	roleRes2 := <-ss.Role().Get(d1.DefaultTeamUserRole)
+	roleRes2 := <-ss.Role().GetByName(d1.DefaultTeamUserRole)
 	assert.Nil(t, roleRes2.Err)
 	role2 := roleRes2.Data.(*model.Role)
 	assert.Equal(t, role2.Permissions, []string{"view_team", "add_user_to_team"})
 	assert.True(t, role2.SchemeManaged)
 
-	roleRes3 := <-ss.Role().Get(d1.DefaultChannelAdminRole)
+	roleRes3 := <-ss.Role().GetByName(d1.DefaultChannelAdminRole)
 	assert.Nil(t, roleRes3.Err)
 	role3 := roleRes3.Data.(*model.Role)
 	assert.Equal(t, role3.Permissions, []string{"manage_public_channel_members", "manage_private_channel_members"})
 	assert.True(t, role3.SchemeManaged)
 
-	roleRes4 := <-ss.Role().Get(d1.DefaultChannelUserRole)
+	roleRes4 := <-ss.Role().GetByName(d1.DefaultChannelUserRole)
 	assert.Nil(t, roleRes4.Err)
 	role4 := roleRes4.Data.(*model.Role)
 	assert.Equal(t, role4.Permissions, []string{"read_channel", "create_post"})
@@ -307,22 +307,22 @@ func testSchemeStoreDelete(t *testing.T, ss store.Store) {
 	assert.NotZero(t, d2.DeleteAt)
 
 	// Check that the roles are deleted too.
-	roleRes5 := <-ss.Role().Get(d1.DefaultTeamAdminRole)
+	roleRes5 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole)
 	assert.Nil(t, roleRes5.Err)
 	role5 := roleRes5.Data.(*model.Role)
 	assert.NotZero(t, role5.DeleteAt)
 
-	roleRes6 := <-ss.Role().Get(d1.DefaultTeamUserRole)
+	roleRes6 := <-ss.Role().GetByName(d1.DefaultTeamUserRole)
 	assert.Nil(t, roleRes6.Err)
 	role6 := roleRes6.Data.(*model.Role)
 	assert.NotZero(t, role6.DeleteAt)
 
-	roleRes7 := <-ss.Role().Get(d1.DefaultChannelAdminRole)
+	roleRes7 := <-ss.Role().GetByName(d1.DefaultChannelAdminRole)
 	assert.Nil(t, roleRes7.Err)
 	role7 := roleRes7.Data.(*model.Role)
 	assert.NotZero(t, role7.DeleteAt)
 
-	roleRes8 := <-ss.Role().Get(d1.DefaultChannelUserRole)
+	roleRes8 := <-ss.Role().GetByName(d1.DefaultChannelUserRole)
 	assert.Nil(t, roleRes8.Err)
 	role8 := roleRes8.Data.(*model.Role)
 	assert.NotZero(t, role8.DeleteAt)
diff --git a/store/storetest/team_store.go b/store/storetest/team_store.go
index b209b48c4..346b55c18 100644
--- a/store/storetest/team_store.go
+++ b/store/storetest/team_store.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/mattermost/mattermost-server/model"
 	"github.com/mattermost/mattermost-server/store"
+	"github.com/stretchr/testify/require"
 )
 
 func TestTeamStore(t *testing.T, ss store.Store) {
@@ -823,6 +824,37 @@ func testGetTeamMember(t *testing.T, ss store.Store) {
 	if r := <-ss.Team().GetMember("", m1.UserId); r.Err == nil {
 		t.Fatal("empty team id - should have failed")
 	}
+
+	// Test with a custom team scheme.
+	s2 := &model.Scheme{
+		Name:        model.NewId(),
+		DisplayName: model.NewId(),
+		Description: model.NewId(),
+		Scope:       model.SCHEME_SCOPE_TEAM,
+	}
+	s2 = (<-ss.Scheme().Save(s2)).Data.(*model.Scheme)
+	t.Log(s2)
+
+	t2 := store.Must(ss.Team().Save(&model.Team{
+		DisplayName: "DisplayName",
+		Name:        "z-z-z" + model.NewId() + "b",
+		Type:        model.TEAM_OPEN,
+		SchemeId:    &s2.Id,
+	})).(*model.Team)
+
+	defer func() {
+		<-ss.Team().PermanentDelete(t2.Id)
+	}()
+
+	m2 := &model.TeamMember{TeamId: t2.Id, UserId: model.NewId(), SchemeUser: true}
+	store.Must(ss.Team().SaveMember(m2, -1))
+
+	r2 := <-ss.Team().GetMember(m2.TeamId, m2.UserId)
+	require.Nil(t, r2.Err)
+	m3 := r2.Data.(*model.TeamMember)
+	t.Log(m3)
+
+	assert.Equal(t, s2.DefaultTeamUserRole, m3.Roles)
 }
 
 func testGetTeamMembersByIds(t *testing.T, ss store.Store) {