diff options
author | George Goldberg <george@gberg.me> | 2017-03-26 14:37:39 +0100 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2017-03-26 09:37:39 -0400 |
commit | 720ee81113ac7a7dd062271c3d6cdf58ce8e044a (patch) | |
tree | fd286f5d405b577086abc5d6203dbfe71f2c2435 /utils/authorization.go | |
parent | 230556f0f7bde3b6ffa2c6cbd3ca7404fcf3023e (diff) | |
download | chat-720ee81113ac7a7dd062271c3d6cdf58ce8e044a.tar.gz chat-720ee81113ac7a7dd062271c3d6cdf58ce8e044a.tar.bz2 chat-720ee81113ac7a7dd062271c3d6cdf58ce8e044a.zip |
PLT-6063: AddUserToTeam permission depends on policy. (#5869)
Uses same policy setting as InviteUserToTeam.
Diffstat (limited to 'utils/authorization.go')
-rw-r--r-- | utils/authorization.go | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 2c7f35164..086caa565 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -195,17 +195,26 @@ func SetDefaultRolesBasedOnConfig() { ) } - // If team admins are given permission - if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN { - model.ROLE_TEAM_ADMIN.Permissions = append( - model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_INVITE_USER.Id, - ) - // If it's not restricted to system admin or team admin, then give all users permission - } else if *Cfg.TeamSettings.RestrictTeamInvite != model.PERMISSIONS_SYSTEM_ADMIN { - model.ROLE_SYSTEM_USER.Permissions = append( - model.ROLE_SYSTEM_USER.Permissions, + // Grant permissions for inviting and adding users to a team. + if IsLicensed { + if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN { + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_INVITE_USER.Id, + model.PERMISSION_ADD_USER_TO_TEAM.Id, + ) + } else if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL { + model.ROLE_SYSTEM_USER.Permissions = append( + model.ROLE_SYSTEM_USER.Permissions, + model.PERMISSION_INVITE_USER.Id, + model.PERMISSION_ADD_USER_TO_TEAM.Id, + ) + } + } else { + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, model.PERMISSION_INVITE_USER.Id, + model.PERMISSION_ADD_USER_TO_TEAM.Id, ) } |