Role refactor (#7867)

* role refactor * add missing file * fix web test
author: Chris <ccbrown112@gmail.com> 2017-11-21 13:08:32 -0600
committer: Christopher Speller <crspeller@gmail.com> 2017-11-21 11:08:32 -0800
commit: 816a30397da6ceff836d8723233dc5cdbda70871 (patch)
tree: d9075e04c6570296cea924b97088839f49d6ce9d /utils/authorization.go
parent: 01e652ed481ed0ef0a8d8c021751655c1a58dd2a (diff)
download: chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.gz
chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.bz2
chat-816a30397da6ceff836d8723233dc5cdbda70871.zip
1 files changed, 107 insertions, 101 deletions
diff --git a/utils/authorization.go b/utils/authorization.go
index 37ca2c7ff..39a0d606c 100644
--- a/utils/authorization.go
+++ b/utils/authorization.go
@@ -7,271 +7,277 @@ import (
 	"github.com/mattermost/mattermost-server/model"
 )
 
-func SetDefaultRolesBasedOnConfig() {
-	// Reset the roles to default to make this logic easier
-	model.InitalizeRoles()
+func DefaultRolesBasedOnConfig(cfg *model.Config) map[string]*model.Role {
+	roles := make(map[string]*model.Role)
+	for id, role := range model.DefaultRoles {
+		copy := &model.Role{}
+		*copy = *role
+		roles[id] = copy
+	}
 
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPublicChannelCreation {
+		switch *cfg.TeamSettings.RestrictPublicChannelCreation {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_TEAM_USER.Permissions = append(
-				model.ROLE_TEAM_USER.Permissions,
+			roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+				roles[model.TEAM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
 		)
 	}
 
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPublicChannelManagement {
+		switch *cfg.TeamSettings.RestrictPublicChannelManagement {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_TEAM_USER.Permissions = append(
-				model.ROLE_TEAM_USER.Permissions,
+			roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+				roles[model.TEAM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 			)
 		case model.PERMISSIONS_CHANNEL_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 			)
-			model.ROLE_CHANNEL_ADMIN.Permissions = append(
-				model.ROLE_CHANNEL_ADMIN.Permissions,
+			roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 		)
 	}
 
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPublicChannelDeletion {
+		switch *cfg.TeamSettings.RestrictPublicChannelDeletion {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_TEAM_USER.Permissions = append(
-				model.ROLE_TEAM_USER.Permissions,
+			roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+				roles[model.TEAM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 			)
 		case model.PERMISSIONS_CHANNEL_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 			)
-			model.ROLE_CHANNEL_ADMIN.Permissions = append(
-				model.ROLE_CHANNEL_ADMIN.Permissions,
+			roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 		)
 	}
 
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPrivateChannelCreation {
+		switch *cfg.TeamSettings.RestrictPrivateChannelCreation {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_TEAM_USER.Permissions = append(
-				model.ROLE_TEAM_USER.Permissions,
+			roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+				roles[model.TEAM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 	}
 
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPrivateChannelManagement {
+		switch *cfg.TeamSettings.RestrictPrivateChannelManagement {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_TEAM_USER.Permissions = append(
-				model.ROLE_TEAM_USER.Permissions,
+			roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+				roles[model.TEAM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 			)
 		case model.PERMISSIONS_CHANNEL_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 			)
-			model.ROLE_CHANNEL_ADMIN.Permissions = append(
-				model.ROLE_CHANNEL_ADMIN.Permissions,
+			roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 		)
 	}
 
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion {
+		switch *cfg.TeamSettings.RestrictPrivateChannelDeletion {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_TEAM_USER.Permissions = append(
-				model.ROLE_TEAM_USER.Permissions,
+			roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+				roles[model.TEAM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
 			)
 		case model.PERMISSIONS_CHANNEL_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
 			)
-			model.ROLE_CHANNEL_ADMIN.Permissions = append(
-				model.ROLE_CHANNEL_ADMIN.Permissions,
+			roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
 		)
 	}
 
 	// Restrict permissions for Private Channel Manage Members
 	if IsLicensed() {
-		switch *Cfg.TeamSettings.RestrictPrivateChannelManageMembers {
+		switch *cfg.TeamSettings.RestrictPrivateChannelManageMembers {
 		case model.PERMISSIONS_ALL:
-			model.ROLE_CHANNEL_USER.Permissions = append(
-				model.ROLE_CHANNEL_USER.Permissions,
+			roles[model.CHANNEL_USER_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_USER_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
 			)
 		case model.PERMISSIONS_CHANNEL_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
 			)
-			model.ROLE_CHANNEL_ADMIN.Permissions = append(
-				model.ROLE_CHANNEL_ADMIN.Permissions,
+			roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
 			)
 		case model.PERMISSIONS_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
 			)
 		}
 	} else {
-		model.ROLE_CHANNEL_USER.Permissions = append(
-			model.ROLE_CHANNEL_USER.Permissions,
+		roles[model.CHANNEL_USER_ROLE_ID].Permissions = append(
+			roles[model.CHANNEL_USER_ROLE_ID].Permissions,
 			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
 		)
 	}
 
-	if !*Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+	if !*cfg.ServiceSettings.EnableOnlyAdminIntegrations {
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_MANAGE_WEBHOOKS.Id,
 			model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
 		)
-		model.ROLE_SYSTEM_USER.Permissions = append(
-			model.ROLE_SYSTEM_USER.Permissions,
+		roles[model.SYSTEM_USER_ROLE_ID].Permissions = append(
+			roles[model.SYSTEM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_MANAGE_OAUTH.Id,
 		)
 	}
 
 	// Grant permissions for inviting and adding users to a team.
 	if IsLicensed() {
-		if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN {
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+		if *cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN {
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_INVITE_USER.Id,
 				model.PERMISSION_ADD_USER_TO_TEAM.Id,
 			)
-		} else if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL {
-			model.ROLE_SYSTEM_USER.Permissions = append(
-				model.ROLE_SYSTEM_USER.Permissions,
+		} else if *cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL {
+			roles[model.SYSTEM_USER_ROLE_ID].Permissions = append(
+				roles[model.SYSTEM_USER_ROLE_ID].Permissions,
 				model.PERMISSION_INVITE_USER.Id,
 				model.PERMISSION_ADD_USER_TO_TEAM.Id,
 			)
 		}
 	} else {
-		model.ROLE_TEAM_USER.Permissions = append(
-			model.ROLE_TEAM_USER.Permissions,
+		roles[model.TEAM_USER_ROLE_ID].Permissions = append(
+			roles[model.TEAM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_INVITE_USER.Id,
 			model.PERMISSION_ADD_USER_TO_TEAM.Id,
 		)
 	}
 
 	if IsLicensed() {
-		switch *Cfg.ServiceSettings.RestrictPostDelete {
+		switch *cfg.ServiceSettings.RestrictPostDelete {
 		case model.PERMISSIONS_DELETE_POST_ALL:
-			model.ROLE_CHANNEL_USER.Permissions = append(
-				model.ROLE_CHANNEL_USER.Permissions,
+			roles[model.CHANNEL_USER_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_USER_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_POST.Id,
 			)
-			model.ROLE_CHANNEL_ADMIN.Permissions = append(
-				model.ROLE_CHANNEL_ADMIN.Permissions,
+			roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_POST.Id,
 				model.PERMISSION_DELETE_OTHERS_POSTS.Id,
 			)
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_POST.Id,
 				model.PERMISSION_DELETE_OTHERS_POSTS.Id,
 			)
 		case model.PERMISSIONS_DELETE_POST_TEAM_ADMIN:
-			model.ROLE_TEAM_ADMIN.Permissions = append(
-				model.ROLE_TEAM_ADMIN.Permissions,
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+				roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 				model.PERMISSION_DELETE_POST.Id,
 				model.PERMISSION_DELETE_OTHERS_POSTS.Id,
 			)
 		}
 	} else {
-		model.ROLE_CHANNEL_USER.Permissions = append(
-			model.ROLE_CHANNEL_USER.Permissions,
+		roles[model.CHANNEL_USER_ROLE_ID].Permissions = append(
+			roles[model.CHANNEL_USER_ROLE_ID].Permissions,
 			model.PERMISSION_DELETE_POST.Id,
 		)
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
+		roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append(
+			roles[model.TEAM_ADMIN_ROLE_ID].Permissions,
 			model.PERMISSION_DELETE_POST.Id,
 			model.PERMISSION_DELETE_OTHERS_POSTS.Id,
 		)
 	}
 
-	if Cfg.TeamSettings.EnableTeamCreation {
-		model.ROLE_SYSTEM_USER.Permissions = append(
-			model.ROLE_SYSTEM_USER.Permissions,
+	if cfg.TeamSettings.EnableTeamCreation {
+		roles[model.SYSTEM_USER_ROLE_ID].Permissions = append(
+			roles[model.SYSTEM_USER_ROLE_ID].Permissions,
 			model.PERMISSION_CREATE_TEAM.Id,
 		)
 	}
+
+	return roles
 }
author	Chris <ccbrown112@gmail.com>	2017-11-21 13:08:32 -0600
committer	Christopher Speller <crspeller@gmail.com>	2017-11-21 11:08:32 -0800
commit	816a30397da6ceff836d8723233dc5cdbda70871 (patch)
tree	d9075e04c6570296cea924b97088839f49d6ce9d /utils/authorization.go
parent	01e652ed481ed0ef0a8d8c021751655c1a58dd2a (diff)
download	chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.gz chat-816a30397da6ceff836d8723233dc5cdbda70871.tar.bz2 chat-816a30397da6ceff836d8723233dc5cdbda70871.zip