XYZ-51: Unit tests for and changes to SetRolePermissionsFromConfig. (#8160)

* XYZ-10: Role store.

* XYZ-37: Update unit tests to work with database roles.

* XYZ-51: Tests 'SetRolePermissionsFromConfig' against JSON from policy page.

* XYZ-51: Adds permissions in non-licensed cases also.

* XYZ-51: Removes some permissions from team_user role.

* XYZ-51: Merge fix for change to default permissions from PR 8208.

* XYZ-51: Removes unused function.

1 files changed, 125 insertions, 0 deletions

diff --git a/utils/authorization_test.go b/utils/authorization_test.go
new file mode 100644
index 000000000..9e5b570bb
--- /dev/null
+++ b/utils/authorization_test.go
@@ -0,0 +1,125 @@
+// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package utils
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/mattermost/mattermost-server/model"
+)
+
+type RoleState struct {
+	RoleName   string `json:"roleName"`
+	Permission string `json:"permission"`
+	ShouldHave bool   `json:"shouldHave"`
+}
+
+func mockConfig() *model.Config {
+	config := model.Config{}
+	config.SetDefaults()
+	return &config
+}
+
+func mapping() (map[string]map[string][]RoleState, error) {
+
+	policiesRolesMapping := make(map[string]map[string][]RoleState)
+
+	raw, err := ioutil.ReadFile("./policies-roles-mapping.json")
+	if err != nil {
+		return policiesRolesMapping, err
+	}
+
+	var f map[string]interface{}
+	err = json.Unmarshal(raw, &f)
+	if err != nil {
+		return policiesRolesMapping, err
+	}
+
+	for policyName, value := range f {
+
+		capitalizedName := fmt.Sprintf("%v%v", strings.ToUpper(policyName[:1]), policyName[1:])
+		policiesRolesMapping[capitalizedName] = make(map[string][]RoleState)
+
+		for policyValue, roleStatesMappings := range value.(map[string]interface{}) {
+
+			var roleStates []RoleState
+			for _, roleStateMapping := range roleStatesMappings.([]interface{}) {
+
+				roleStateMappingJSON, _ := json.Marshal(roleStateMapping)
+				var roleState RoleState
+				_ = json.Unmarshal(roleStateMappingJSON, &roleState)
+
+				roleStates = append(roleStates, roleState)
+
+			}
+
+			policiesRolesMapping[capitalizedName][policyValue] = roleStates
+
+		}
+
+	}
+
+	return policiesRolesMapping, nil
+}
+
+func TestSetRolePermissionsFromConfig(t *testing.T) {
+
+	mapping, err := mapping()
+	if err != nil {
+		require.NoError(t, err)
+	}
+
+	for policyName, v := range mapping {
+		for policyValue, rolesMappings := range v {
+
+			config := mockConfig()
+			updateConfig(config, policyName, policyValue)
+			roles := model.MakeDefaultRoles()
+			SetRolePermissionsFromConfig(roles, config, true)
+
+			for _, roleMappingItem := range rolesMappings {
+				role := roles[roleMappingItem.RoleName]
+
+				permission := roleMappingItem.Permission
+				hasPermission := roleHasPermission(role, permission)
+
+				if (roleMappingItem.ShouldHave && !hasPermission) || (!roleMappingItem.ShouldHave && hasPermission) {
+					wording := "not to"
+					if roleMappingItem.ShouldHave {
+						wording = "to"
+					}
+					t.Errorf("Expected '%v' %v have '%v' permission when '%v' is set to '%v'.", role.Name, wording, permission, policyName, policyValue)
+				}
+
+			}
+
+		}
+	}
+}
+
+func updateConfig(config *model.Config, key string, value string) {
+	v := reflect.ValueOf(config.ServiceSettings)
+	field := v.FieldByName(key)
+	if !field.IsValid() {
+		v = reflect.ValueOf(config.TeamSettings)
+		field = v.FieldByName(key)
+	}
+	field.Elem().SetString(value)
+}
+
+func roleHasPermission(role *model.Role, permission string) bool {
+	for _, p := range role.Permissions {
+		if p == permission {
+			return true
+		}
+	}
+	return false
+}