diff options
| author | George Goldberg <george@gberg.me> | 2018-03-27 22:36:55 +0100 |
|---|---|---|
| committer | George Goldberg <george@gberg.me> | 2018-03-27 22:36:55 +0100 |
| commit | 71c9dff7662868770f66ab876ad66b354133c2c1 (patch) | |
| tree | e2d5d8c5ad203b42af868ee18399c42a9ab08385 /utils/authorization.go | |
| parent | 2af4c7e6496d4c5192fedf5001817f6f1eb3664b (diff) | |
| parent | e13e64711f7a7e8ceadb8cbc6af72c4022c95b36 (diff) | |
| download | chat-71c9dff7662868770f66ab876ad66b354133c2c1.tar.gz chat-71c9dff7662868770f66ab876ad66b354133c2c1.tar.bz2 chat-71c9dff7662868770f66ab876ad66b354133c2c1.zip | |
Merge branch 'advanced-permissions-phase-1'
Diffstat (limited to 'utils/authorization.go')
| -rw-r--r-- | utils/authorization.go | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 42815b807..16f33bc1a 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -7,14 +7,7 @@ import ( "github.com/mattermost/mattermost-server/model" ) -func DefaultRolesBasedOnConfig(cfg *model.Config, isLicensed bool) map[string]*model.Role { - roles := make(map[string]*model.Role) - for id, role := range model.DefaultRoles { - copy := &model.Role{} - *copy = *role - roles[id] = copy - } - +func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Config, isLicensed bool) map[string]*model.Role { if isLicensed { switch *cfg.TeamSettings.RestrictPublicChannelCreation { case model.PERMISSIONS_ALL: @@ -222,8 +215,8 @@ func DefaultRolesBasedOnConfig(cfg *model.Config, isLicensed bool) map[string]*m model.PERMISSION_ADD_USER_TO_TEAM.Id, ) } else if *cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL { - roles[model.SYSTEM_USER_ROLE_ID].Permissions = append( - roles[model.SYSTEM_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_ADD_USER_TO_TEAM.Id, ) @@ -243,11 +236,6 @@ func DefaultRolesBasedOnConfig(cfg *model.Config, isLicensed bool) map[string]*m roles[model.CHANNEL_USER_ROLE_ID].Permissions, model.PERMISSION_DELETE_POST.Id, ) - roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions = append( - roles[model.CHANNEL_ADMIN_ROLE_ID].Permissions, - model.PERMISSION_DELETE_POST.Id, - model.PERMISSION_DELETE_OTHERS_POSTS.Id, - ) roles[model.TEAM_ADMIN_ROLE_ID].Permissions = append( roles[model.TEAM_ADMIN_ROLE_ID].Permissions, model.PERMISSION_DELETE_POST.Id, @@ -272,12 +260,35 @@ func DefaultRolesBasedOnConfig(cfg *model.Config, isLicensed bool) map[string]*m ) } - if cfg.TeamSettings.EnableTeamCreation { + if *cfg.TeamSettings.EnableTeamCreation { roles[model.SYSTEM_USER_ROLE_ID].Permissions = append( roles[model.SYSTEM_USER_ROLE_ID].Permissions, model.PERMISSION_CREATE_TEAM.Id, ) } + if isLicensed { + switch *cfg.ServiceSettings.AllowEditPost { + case model.ALLOW_EDIT_POST_ALWAYS, model.ALLOW_EDIT_POST_TIME_LIMIT: + roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( + roles[model.CHANNEL_USER_ROLE_ID].Permissions, + model.PERMISSION_EDIT_POST.Id, + ) + roles[model.SYSTEM_ADMIN_ROLE_ID].Permissions = append( + roles[model.SYSTEM_ADMIN_ROLE_ID].Permissions, + model.PERMISSION_EDIT_POST.Id, + ) + } + } else { + roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( + roles[model.CHANNEL_USER_ROLE_ID].Permissions, + model.PERMISSION_EDIT_POST.Id, + ) + roles[model.SYSTEM_ADMIN_ROLE_ID].Permissions = append( + roles[model.SYSTEM_ADMIN_ROLE_ID].Permissions, + model.PERMISSION_EDIT_POST.Id, + ) + } + return roles } |