diff options
| author | George Goldberg <george@gberg.me> | 2017-04-03 18:13:28 +0100 |
|---|---|---|
| committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-03 13:13:28 -0400 |
| commit | e49f5928c55ba57c39efa11c568c66342b962aae (patch) | |
| tree | c3199ea07e1c17aebdd77d53ad1397b469a0f963 /utils | |
| parent | 232a99f0c7b9364cb4386264f9ff7f97549a4378 (diff) | |
| download | chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.gz chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.bz2 chat-e49f5928c55ba57c39efa11c568c66342b962aae.zip | |
PLT-6139 (Server): Private Channel member managing (#5941)
Adds an EE policy feature to allow restricting system-wide which level of
Admins can manage the membership of private channels.
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/authorization.go | 33 | ||||
| -rw-r--r-- | utils/config.go | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 086caa565..8078f4023 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -183,6 +183,39 @@ func SetDefaultRolesBasedOnConfig() { ) } + // Restrict permissions for Private Channel Manage Members + if IsLicensed { + switch *Cfg.TeamSettings.RestrictPrivateChannelManageMembers { + case model.PERMISSIONS_ALL: + model.ROLE_CHANNEL_USER.Permissions = append( + model.ROLE_CHANNEL_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + case model.PERMISSIONS_CHANNEL_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + model.ROLE_CHANNEL_ADMIN.Permissions = append( + model.ROLE_CHANNEL_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + } + } else { + model.ROLE_CHANNEL_USER.Permissions = append( + model.ROLE_CHANNEL_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + } + if !*Cfg.ServiceSettings.EnableOnlyAdminIntegrations { model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, diff --git a/utils/config.go b/utils/config.go index 6f18a48fa..dcc8dd9c0 100644 --- a/utils/config.go +++ b/utils/config.go @@ -288,6 +288,7 @@ func getClientConfig(c *model.Config) map[string]string { props["RestrictPrivateChannelManagement"] = *c.TeamSettings.RestrictPrivateChannelManagement props["RestrictPublicChannelDeletion"] = *c.TeamSettings.RestrictPublicChannelDeletion props["RestrictPrivateChannelDeletion"] = *c.TeamSettings.RestrictPrivateChannelDeletion + props["RestrictPrivateChannelManageMembers"] = *c.TeamSettings.RestrictPrivateChannelManageMembers props["EnableOAuthServiceProvider"] = strconv.FormatBool(c.ServiceSettings.EnableOAuthServiceProvider) props["GoogleDeveloperKey"] = c.ServiceSettings.GoogleDeveloperKey |