PLT-4990 - Server: Split out channel permissions to Create/Manage/Delete (#4864)

* Server side changes. * Fix unit tests and default config.
author: George Goldberg <george@gberg.me> 2016-12-21 19:18:41 +0000
committer: Corey Hulen <corey@hulen.com> 2016-12-21 11:18:41 -0800
commit: dce4205699bed68046f9dc6ed371ad959d93ee59 (patch)
tree: 7bd2d857ee9786ec59b782c52ffc5f59c0853728 /utils
parent: f0f53260984a210f44458d86ed5ac9e3afb3f363 (diff)
download: chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.gz
chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.bz2
chat-dce4205699bed68046f9dc6ed371ad959d93ee59.zip
2 files changed, 60 insertions, 10 deletions
diff --git a/utils/authorization.go b/utils/authorization.go
index 23a7673fe..75f92062d 100644
--- a/utils/authorization.go
+++ b/utils/authorization.go
@@ -9,46 +9,92 @@ func SetDefaultRolesBasedOnConfig() {
 	// Reset the roles to default to make this logic easier
 	model.InitalizeRoles()
 
+	switch *Cfg.TeamSettings.RestrictPublicChannelCreation {
+	case model.PERMISSIONS_ALL:
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+		)
+		break
+	}
+
 	switch *Cfg.TeamSettings.RestrictPublicChannelManagement {
 	case model.PERMISSIONS_ALL:
-		model.ROLE_CHANNEL_USER.Permissions = append(
-			model.ROLE_CHANNEL_USER.Permissions,
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
 			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 		)
+		break
+	}
+
+	switch *Cfg.TeamSettings.RestrictPublicChannelDeletion {
+	case model.PERMISSIONS_ALL:
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
 		)
 		break
 	case model.PERMISSIONS_TEAM_ADMIN:
 		model.ROLE_TEAM_ADMIN.Permissions = append(
 			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+		)
+		break
+	}
+
+	switch *Cfg.TeamSettings.RestrictPrivateChannelCreation {
+	case model.PERMISSIONS_ALL:
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 		break
 	}
 
 	switch *Cfg.TeamSettings.RestrictPrivateChannelManagement {
 	case model.PERMISSIONS_ALL:
-		model.ROLE_CHANNEL_USER.Permissions = append(
-			model.ROLE_CHANNEL_USER.Permissions,
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
 			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 		)
+		break
+	}
+
+	switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion {
+	case model.PERMISSIONS_ALL:
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 		break
 	case model.PERMISSIONS_TEAM_ADMIN:
 		model.ROLE_TEAM_ADMIN.Permissions = append(
 			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 		break
 	}
diff --git a/utils/config.go b/utils/config.go
index c06223e6c..ab149d55f 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -238,8 +238,12 @@ func getClientConfig(c *model.Config) map[string]string {
 	props["EnableOpenServer"] = strconv.FormatBool(*c.TeamSettings.EnableOpenServer)
 	props["RestrictDirectMessage"] = *c.TeamSettings.RestrictDirectMessage
 	props["RestrictTeamInvite"] = *c.TeamSettings.RestrictTeamInvite
+	props["RestrictPublicChannelCreation"] = *c.TeamSettings.RestrictPublicChannelCreation
+	props["RestrictPrivateChannelCreation"] = *c.TeamSettings.RestrictPrivateChannelCreation
 	props["RestrictPublicChannelManagement"] = *c.TeamSettings.RestrictPublicChannelManagement
 	props["RestrictPrivateChannelManagement"] = *c.TeamSettings.RestrictPrivateChannelManagement
+	props["RestrictPublicChannelDeletion"] = *c.TeamSettings.RestrictPublicChannelDeletion
+	props["RestrictPrivateChannelDeletion"] = *c.TeamSettings.RestrictPrivateChannelDeletion
 
 	props["EnableOAuthServiceProvider"] = strconv.FormatBool(c.ServiceSettings.EnableOAuthServiceProvider)
 	props["SegmentDeveloperKey"] = c.ServiceSettings.SegmentDeveloperKey
author	George Goldberg <george@gberg.me>	2016-12-21 19:18:41 +0000
committer	Corey Hulen <corey@hulen.com>	2016-12-21 11:18:41 -0800
commit	dce4205699bed68046f9dc6ed371ad959d93ee59 (patch)
tree	7bd2d857ee9786ec59b782c52ffc5f59c0853728 /utils
parent	f0f53260984a210f44458d86ed5ac9e3afb3f363 (diff)
download	chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.gz chat-dce4205699bed68046f9dc6ed371ad959d93ee59.tar.bz2 chat-dce4205699bed68046f9dc6ed371ad959d93ee59.zip