diff options
| author | George Goldberg <george@gberg.me> | 2016-12-21 19:18:41 +0000 |
|---|---|---|
| committer | Corey Hulen <corey@hulen.com> | 2016-12-21 11:18:41 -0800 |
| commit | dce4205699bed68046f9dc6ed371ad959d93ee59 (patch) | |
| tree | 7bd2d857ee9786ec59b782c52ffc5f59c0853728 /utils/authorization.go | |
| parent | f0f53260984a210f44458d86ed5ac9e3afb3f363 (diff) | |
| download | chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.gz chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.bz2 chat-dce4205699bed68046f9dc6ed371ad959d93ee59.zip | |
PLT-4990 - Server: Split out channel permissions to Create/Manage/Delete (#4864)
* Server side changes.
* Fix unit tests and default config.
Diffstat (limited to 'utils/authorization.go')
| -rw-r--r-- | utils/authorization.go | 66 |
1 files changed, 56 insertions, 10 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 23a7673fe..75f92062d 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -9,46 +9,92 @@ func SetDefaultRolesBasedOnConfig() { // Reset the roles to default to make this logic easier model.InitalizeRoles() + switch *Cfg.TeamSettings.RestrictPublicChannelCreation { + case model.PERMISSIONS_ALL: + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + } + switch *Cfg.TeamSettings.RestrictPublicChannelManagement { case model.PERMISSIONS_ALL: - model.ROLE_CHANNEL_USER.Permissions = append( - model.ROLE_CHANNEL_USER.Permissions, + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, ) + break + } + + switch *Cfg.TeamSettings.RestrictPublicChannelDeletion { + case model.PERMISSIONS_ALL: model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, ) break case model.PERMISSIONS_TEAM_ADMIN: model.ROLE_TEAM_ADMIN.Permissions = append( model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + } + + switch *Cfg.TeamSettings.RestrictPrivateChannelCreation { + case model.PERMISSIONS_ALL: + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break } switch *Cfg.TeamSettings.RestrictPrivateChannelManagement { case model.PERMISSIONS_ALL: - model.ROLE_CHANNEL_USER.Permissions = append( - model.ROLE_CHANNEL_USER.Permissions, + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, ) + break + } + + switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion { + case model.PERMISSIONS_ALL: model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, - model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break case model.PERMISSIONS_TEAM_ADMIN: model.ROLE_TEAM_ADMIN.Permissions = append( model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, - model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break } |