diff options
| author | George Goldberg <george@gberg.me> | 2018-02-06 15:34:08 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-06 15:34:08 +0000 |
| commit | e1cd64613591cf5a990442a69ebf188258bd0cb5 (patch) | |
| tree | ad9f247a2c75b0bc03de93dbbfc038afb6b69545 /utils/authorization.go | |
| parent | 1c7f25773a77ceb9e84feabe3907e7f93f6870e4 (diff) | |
| download | chat-e1cd64613591cf5a990442a69ebf188258bd0cb5.tar.gz chat-e1cd64613591cf5a990442a69ebf188258bd0cb5.tar.bz2 chat-e1cd64613591cf5a990442a69ebf188258bd0cb5.zip | |
XYZ-37: Advanced Permissions Phase 1 Backend. (#8159)
* XYZ-13: Update Permission and Role structs to new design.
* XYZ-10: Role store.
* XYZ-9/XYZ-44: Roles API endpoints and WebSocket message.
* XYZ-8: Switch server permissions checks to store backed roles.
* XYZ-58: Proper validation of roles where required.
* XYZ-11/XYZ-55: Migration to store backed roles from policy config.
* XYZ-37: Update unit tests to work with database roles.
* XYZ-56: Remove the "guest" role.
* Changes to SetDefaultRolesFromConfig.
* Short-circuit the store if nothing has changed.
* Address first round of review comments.
* Address second round of review comments.
Diffstat (limited to 'utils/authorization.go')
| -rw-r--r-- | utils/authorization.go | 18 |
1 files changed, 3 insertions, 15 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 39a0d606c..b18ece141 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -7,14 +7,7 @@ import ( "github.com/mattermost/mattermost-server/model" ) -func DefaultRolesBasedOnConfig(cfg *model.Config) map[string]*model.Role { - roles := make(map[string]*model.Role) - for id, role := range model.DefaultRoles { - copy := &model.Role{} - *copy = *role - roles[id] = copy - } - +func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Config) map[string]*model.Role { if IsLicensed() { switch *cfg.TeamSettings.RestrictPublicChannelCreation { case model.PERMISSIONS_ALL: @@ -222,8 +215,8 @@ func DefaultRolesBasedOnConfig(cfg *model.Config) map[string]*model.Role { model.PERMISSION_ADD_USER_TO_TEAM.Id, ) } else if *cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL { - roles[model.SYSTEM_USER_ROLE_ID].Permissions = append( - roles[model.SYSTEM_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_ADD_USER_TO_TEAM.Id, ) @@ -243,11 +236,6 @@ func DefaultRolesBasedOnConfig(cfg *model.Config) map[string]*model.Role { roles[model.CHANNEL_USER_ROLE_ID].Permissions, model.PERMISSION_DELETE_POST.Id, ) - roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append( - roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions, - model.PERMISSION_DELETE_POST.Id, - model.PERMISSION_DELETE_OTHERS_POSTS.Id, - ) roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append( roles[model.TEAM_ADMIN_ROLE_ID].Permissions, model.PERMISSION_DELETE_POST.Id, |