12 files changed, 284 insertions, 116 deletions
diff --git a/api/channel_test.go b/api/channel_test.go
index 08136bc35..bace5df5c 100644
--- a/api/channel_test.go
+++ b/api/channel_test.go
@@ -170,6 +170,20 @@ func TestCreateChannel(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+
+	channel4 := model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
+	channel5 := model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
+	if _, err := Client.CreateChannel(&channel4); err != nil {
+		t.Fatal("should have succeeded")
+	}
+	if _, err := Client.CreateChannel(&channel5); err != nil {
+		t.Fatal("should have succeeded")
+	}
+
 	*utils.Cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_ALL
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_ALL
 	utils.SetDefaultRolesBasedOnConfig()
@@ -374,16 +388,19 @@ func TestUpdateChannel(t *testing.T) {
 
 	*utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_CHANNEL_ADMIN
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_CHANNEL_ADMIN
+	utils.IsLicensed = true
+	utils.License = &model.License{Features: &model.Features{}}
+	utils.License.Features.SetDefaults()
 	utils.SetDefaultRolesBasedOnConfig()
 	MakeUserChannelUser(th.BasicUser, channel2)
 	MakeUserChannelUser(th.BasicUser, channel3)
 	store.ClearChannelCaches()
 
 	if _, err := Client.UpdateChannel(channel2); err == nil {
-		t.Fatal("should have errored not team admin")
+		t.Fatal("should have errored not channel admin")
 	}
 	if _, err := Client.UpdateChannel(channel3); err == nil {
-		t.Fatal("should have errored not team admin")
+		t.Fatal("should have errored not channel admin")
 	}
 
 	UpdateUserToTeamAdmin(th.BasicUser, team)
@@ -410,6 +427,9 @@ func TestUpdateChannel(t *testing.T) {
 
 	*utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN
+	utils.IsLicensed = true
+	utils.License = &model.License{Features: &model.Features{}}
+	utils.License.Features.SetDefaults()
 	utils.SetDefaultRolesBasedOnConfig()
 
 	if _, err := Client.UpdateChannel(channel2); err == nil {
@@ -433,6 +453,9 @@ func TestUpdateChannel(t *testing.T) {
 
 	*utils.Cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_SYSTEM_ADMIN
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_SYSTEM_ADMIN
+	utils.IsLicensed = true
+	utils.License = &model.License{Features: &model.Features{}}
+	utils.License.Features.SetDefaults()
 	utils.SetDefaultRolesBasedOnConfig()
 
 	if _, err := Client.UpdateChannel(channel2); err == nil {
@@ -450,6 +473,18 @@ func TestUpdateChannel(t *testing.T) {
 	if _, err := Client.UpdateChannel(channel3); err != nil {
 		t.Fatal(err)
 	}
+
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+
+	if _, err := Client.UpdateChannel(channel2); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := Client.UpdateChannel(channel3); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func TestUpdateChannelDisplayName(t *testing.T) {
@@ -660,6 +695,18 @@ func TestUpdateChannelHeader(t *testing.T) {
 	if _, err := SystemAdminClient.UpdateChannelHeader(data3); err != nil {
 		t.Fatal(err)
 	}
+
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+
+	if _, err := SystemAdminClient.UpdateChannelHeader(data2); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := SystemAdminClient.UpdateChannelHeader(data3); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func TestUpdateChannelPurpose(t *testing.T) {
@@ -830,6 +877,17 @@ func TestUpdateChannelPurpose(t *testing.T) {
 	if _, err := SystemAdminClient.UpdateChannelPurpose(data3); err != nil {
 		t.Fatal(err)
 	}
+
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+	if _, err := SystemAdminClient.UpdateChannelHeader(data2); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := SystemAdminClient.UpdateChannelHeader(data3); err != nil {
+		t.Fatal(err)
+	}
 }
 
 func TestGetChannel(t *testing.T) {
@@ -1304,6 +1362,9 @@ func TestDeleteChannel(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	utils.IsLicensed = true
+	utils.License = &model.License{Features: &model.Features{}}
+	utils.License.Features.SetDefaults()
 	*utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_CHANNEL_ADMIN
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_CHANNEL_ADMIN
 	utils.SetDefaultRolesBasedOnConfig()
@@ -1357,6 +1418,9 @@ func TestDeleteChannel(t *testing.T) {
 	UpdateUserToNonTeamAdmin(th.BasicUser, team)
 	app.InvalidateAllCaches()
 
+	utils.IsLicensed = true
+	utils.License = &model.License{Features: &model.Features{}}
+	utils.License.Features.SetDefaults()
 	*utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_TEAM_ADMIN
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_TEAM_ADMIN
 	utils.SetDefaultRolesBasedOnConfig()
@@ -1389,6 +1453,9 @@ func TestDeleteChannel(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	utils.IsLicensed = true
+	utils.License = &model.License{Features: &model.Features{}}
+	utils.License.Features.SetDefaults()
 	*utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_SYSTEM_ADMIN
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_SYSTEM_ADMIN
 	utils.SetDefaultRolesBasedOnConfig()
@@ -1423,6 +1490,25 @@ func TestDeleteChannel(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+
+	channel2 = th.CreateChannel(Client, team)
+	channel3 = th.CreatePrivateChannel(Client, team)
+	Client.Must(Client.AddChannelMember(channel2.Id, th.BasicUser.Id))
+	Client.Must(Client.AddChannelMember(channel3.Id, th.BasicUser.Id))
+
+	Client.Login(th.BasicUser.Email, th.BasicUser.Password)
+
+	if _, err := Client.DeleteChannel(channel2.Id); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := Client.DeleteChannel(channel3.Id); err != nil {
+		t.Fatal(err)
+	}
+
 	*utils.Cfg.TeamSettings.RestrictPublicChannelDeletion = model.PERMISSIONS_ALL
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelDeletion = model.PERMISSIONS_ALL
 	utils.SetDefaultRolesBasedOnConfig()
diff --git a/api/context.go b/api/context.go
index 9a707c968..1b251eb53 100644
--- a/api/context.go
+++ b/api/context.go
@@ -154,7 +154,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId)
-	w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.CfgHash))
+	w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.CfgHash, utils.IsLicensed))
 	if einterfaces.GetClusterInterface() != nil {
 		w.Header().Set(model.HEADER_CLUSTER_ID, einterfaces.GetClusterInterface().GetClusterId())
 	}
diff --git a/api/post_test.go b/api/post_test.go
index 5546e7165..6558aeb5b 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -993,6 +993,19 @@ func TestDeletePosts(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+
+	time.Sleep(10 * time.Millisecond)
+	post7 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+	post7 = Client.Must(Client.CreatePost(post7)).Data.(*model.Post)
+
+	if _, err := Client.DeletePost(channel1.Id, post7.Id); err != nil {
+		t.Fatal(err)
+	}
+
 	SystemAdminClient.Must(SystemAdminClient.DeletePost(channel1.Id, post6a.Id))
 
 }
diff --git a/api4/channel_test.go b/api4/channel_test.go
index e8e79cebd..987678ee0 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -92,10 +92,10 @@ func TestCreateChannel(t *testing.T) {
 	}()
 	*utils.Cfg.TeamSettings.RestrictPublicChannelCreation = model.PERMISSIONS_ALL
 	*utils.Cfg.TeamSettings.RestrictPrivateChannelCreation = model.PERMISSIONS_ALL
-	utils.SetDefaultRolesBasedOnConfig()
 	utils.IsLicensed = true
 	utils.License = &model.License{Features: &model.Features{}}
 	utils.License.Features.SetDefaults()
+	utils.SetDefaultRolesBasedOnConfig()
 
 	channel.Name = GenerateTestChannelName()
 	_, resp = Client.CreateChannel(channel)
@@ -161,6 +161,19 @@ func TestCreateChannel(t *testing.T) {
 	_, resp = th.SystemAdminClient.CreateChannel(private)
 	CheckNoError(t, resp)
 
+	// Check that if unlicensed the policy restriction is not enforced.
+	utils.IsLicensed = false
+	utils.License = nil
+	utils.SetDefaultRolesBasedOnConfig()
+
+	channel.Name = GenerateTestChannelName()
+	_, resp = Client.CreateChannel(channel)
+	CheckNoError(t, resp)
+
+	private.Name = GenerateTestChannelName()
+	_, resp = Client.CreateChannel(private)
+	CheckNoError(t, resp)
+
 	if r, err := Client.DoApiPost("/channels", "garbage"); err == nil {
 		t.Fatal("should have errored")
 	} else {
diff --git a/api4/context.go b/api4/context.go
index 9fb1361bc..8f663431d 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -133,7 +133,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId)
-	w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.CfgHash))
+	w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.CfgHash, utils.IsLicensed))
 	if einterfaces.GetClusterInterface() != nil {
 		w.Header().Set(model.HEADER_CLUSTER_ID, einterfaces.GetClusterInterface().GetClusterId())
 	}
diff --git a/api4/user_test.go b/api4/user_test.go
index 53dbd53e8..6a42d19d2 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -177,9 +177,6 @@ func TestGetUserByUsername(t *testing.T) {
 	_, resp = Client.GetUserByUsername(GenerateTestUsername(), "")
 	CheckNotFoundStatus(t, resp)
 
-	_, resp = Client.GetUserByUsername(model.NewRandomString(1), "")
-	CheckBadRequestStatus(t, resp)
-
 	// Check against privacy config settings
 	emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress
 	namePrivacy := utils.Cfg.PrivacySettings.ShowFullName
diff --git a/app/license.go b/app/license.go
index 87b2d1b05..1efaf85d5 100644
--- a/app/license.go
+++ b/app/license.go
@@ -76,6 +76,8 @@ func SaveLicense(licenseBytes []byte) (*model.License, *model.AppError) {
 		return nil, model.NewLocAppError("addLicense", model.INVALID_LICENSE_ERROR, nil, "")
 	}
 
+	ReloadConfig()
+
 	InvalidateAllCaches()
 
 	return license, nil
@@ -93,6 +95,8 @@ func RemoveLicense() *model.AppError {
 		return result.Err
 	}
 
+	ReloadConfig()
+
 	InvalidateAllCaches()
 
 	return nil
diff --git a/app/web_conn.go b/app/web_conn.go
index 012236513..da6330f5c 100644
--- a/app/web_conn.go
+++ b/app/web_conn.go
@@ -178,7 +178,7 @@ func (webCon *WebConn) IsAuthenticated() bool {
 
 func (webCon *WebConn) SendHello() {
 	msg := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_HELLO, "", "", webCon.UserId, nil)
-	msg.Add("server_version", fmt.Sprintf("%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.CfgHash))
+	msg.Add("server_version", fmt.Sprintf("%v.%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.CfgHash, utils.IsLicensed))
 	msg.DoPreComputeJson()
 	webCon.Send <- msg
 }
diff --git a/model/user.go b/model/user.go
index c7e2b6352..5cefdf1b1 100644
--- a/model/user.go
+++ b/model/user.go
@@ -37,7 +37,7 @@ const (
 	USER_LAST_NAME_MAX_RUNES  = 64
 	USER_AUTH_DATA_MAX_LENGTH = 128
 	USER_NAME_MAX_LENGTH      = 64
-	USER_NAME_MIN_LENGTH      = 3
+	USER_NAME_MIN_LENGTH      = 1
 )
 
 type User struct {
diff --git a/model/user_test.go b/model/user_test.go
index 542d15e5d..47ec38dbf 100644
--- a/model/user_test.go
+++ b/model/user_test.go
@@ -189,7 +189,8 @@ var usernames = []struct {
 	expected bool
 }{
 	{"spin-punch", true},
-	{"sp", false},
+	{"sp", true},
+	{"s", true},
 	{"1spin-punch", false},
 	{"-spin-punch", false},
 	{".spin-punch", false},
diff --git a/utils/authorization.go b/utils/authorization.go
index 9a45878a2..2c7f35164 100644
--- a/utils/authorization.go
+++ b/utils/authorization.go
@@ -11,134 +11,176 @@ func SetDefaultRolesBasedOnConfig() {
 	// Reset the roles to default to make this logic easier
 	model.InitalizeRoles()
 
-	switch *Cfg.TeamSettings.RestrictPublicChannelCreation {
-	case model.PERMISSIONS_ALL:
+	if IsLicensed {
+		switch *Cfg.TeamSettings.RestrictPublicChannelCreation {
+		case model.PERMISSIONS_ALL:
+			model.ROLE_TEAM_USER.Permissions = append(
+				model.ROLE_TEAM_USER.Permissions,
+				model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+			)
+			break
+		case model.PERMISSIONS_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
 		)
-		break
-	case model.PERMISSIONS_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
-		)
-		break
 	}
 
-	switch *Cfg.TeamSettings.RestrictPublicChannelManagement {
-	case model.PERMISSIONS_ALL:
+	if IsLicensed {
+		switch *Cfg.TeamSettings.RestrictPublicChannelManagement {
+		case model.PERMISSIONS_ALL:
+			model.ROLE_TEAM_USER.Permissions = append(
+				model.ROLE_TEAM_USER.Permissions,
+				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+			)
+			break
+		case model.PERMISSIONS_CHANNEL_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+			)
+			model.ROLE_CHANNEL_ADMIN.Permissions = append(
+				model.ROLE_CHANNEL_ADMIN.Permissions,
+				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+			)
+			break
+		case model.PERMISSIONS_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 		)
-		break
-	case model.PERMISSIONS_CHANNEL_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
-		)
-		model.ROLE_CHANNEL_ADMIN.Permissions = append(
-			model.ROLE_CHANNEL_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
-		)
-		break
-	case model.PERMISSIONS_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
-		)
-		break
 	}
 
-	switch *Cfg.TeamSettings.RestrictPublicChannelDeletion {
-	case model.PERMISSIONS_ALL:
+	if IsLicensed {
+		switch *Cfg.TeamSettings.RestrictPublicChannelDeletion {
+		case model.PERMISSIONS_ALL:
+			model.ROLE_TEAM_USER.Permissions = append(
+				model.ROLE_TEAM_USER.Permissions,
+				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
+			)
+			break
+		case model.PERMISSIONS_CHANNEL_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
+			)
+			model.ROLE_CHANNEL_ADMIN.Permissions = append(
+				model.ROLE_CHANNEL_ADMIN.Permissions,
+				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
+			)
+			break
+		case model.PERMISSIONS_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 		)
-		break
-	case model.PERMISSIONS_CHANNEL_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-		)
-		model.ROLE_CHANNEL_ADMIN.Permissions = append(
-			model.ROLE_CHANNEL_ADMIN.Permissions,
-			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-		)
-		break
-	case model.PERMISSIONS_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-		)
-		break
 	}
 
-	switch *Cfg.TeamSettings.RestrictPrivateChannelCreation {
-	case model.PERMISSIONS_ALL:
+	if IsLicensed {
+		switch *Cfg.TeamSettings.RestrictPrivateChannelCreation {
+		case model.PERMISSIONS_ALL:
+			model.ROLE_TEAM_USER.Permissions = append(
+				model.ROLE_TEAM_USER.Permissions,
+				model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
+			)
+			break
+		case model.PERMISSIONS_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
-		break
-	case model.PERMISSIONS_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
-		)
-		break
 	}
 
-	switch *Cfg.TeamSettings.RestrictPrivateChannelManagement {
-	case model.PERMISSIONS_ALL:
+	if IsLicensed {
+		switch *Cfg.TeamSettings.RestrictPrivateChannelManagement {
+		case model.PERMISSIONS_ALL:
+			model.ROLE_TEAM_USER.Permissions = append(
+				model.ROLE_TEAM_USER.Permissions,
+				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+			)
+			break
+		case model.PERMISSIONS_CHANNEL_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+			)
+			model.ROLE_CHANNEL_ADMIN.Permissions = append(
+				model.ROLE_CHANNEL_ADMIN.Permissions,
+				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+			)
+			break
+		case model.PERMISSIONS_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 		)
-		break
-	case model.PERMISSIONS_CHANNEL_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
-		)
-		model.ROLE_CHANNEL_ADMIN.Permissions = append(
-			model.ROLE_CHANNEL_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
-		)
-		break
-	case model.PERMISSIONS_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
-		)
-		break
 	}
 
-	switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion {
-	case model.PERMISSIONS_ALL:
+	if IsLicensed {
+		switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion {
+		case model.PERMISSIONS_ALL:
+			model.ROLE_TEAM_USER.Permissions = append(
+				model.ROLE_TEAM_USER.Permissions,
+				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
+			)
+			break
+		case model.PERMISSIONS_CHANNEL_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
+			)
+			model.ROLE_CHANNEL_ADMIN.Permissions = append(
+				model.ROLE_CHANNEL_ADMIN.Permissions,
+				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
+			)
+			break
+		case model.PERMISSIONS_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
 		)
-		break
-	case model.PERMISSIONS_CHANNEL_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-		)
-		model.ROLE_CHANNEL_ADMIN.Permissions = append(
-			model.ROLE_CHANNEL_ADMIN.Permissions,
-			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-		)
-		break
-	case model.PERMISSIONS_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-		)
-		break
 	}
 
 	if !*Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
@@ -167,8 +209,28 @@ func SetDefaultRolesBasedOnConfig() {
 		)
 	}
 
-	switch *Cfg.ServiceSettings.RestrictPostDelete {
-	case model.PERMISSIONS_DELETE_POST_ALL:
+	if IsLicensed {
+		switch *Cfg.ServiceSettings.RestrictPostDelete {
+		case model.PERMISSIONS_DELETE_POST_ALL:
+			model.ROLE_CHANNEL_USER.Permissions = append(
+				model.ROLE_CHANNEL_USER.Permissions,
+				model.PERMISSION_DELETE_POST.Id,
+			)
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_DELETE_POST.Id,
+				model.PERMISSION_DELETE_OTHERS_POSTS.Id,
+			)
+			break
+		case model.PERMISSIONS_DELETE_POST_TEAM_ADMIN:
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_DELETE_POST.Id,
+				model.PERMISSION_DELETE_OTHERS_POSTS.Id,
+			)
+			break
+		}
+	} else {
 		model.ROLE_CHANNEL_USER.Permissions = append(
 			model.ROLE_CHANNEL_USER.Permissions,
 			model.PERMISSION_DELETE_POST.Id,
@@ -178,14 +240,6 @@ func SetDefaultRolesBasedOnConfig() {
 			model.PERMISSION_DELETE_POST.Id,
 			model.PERMISSION_DELETE_OTHERS_POSTS.Id,
 		)
-		break
-	case model.PERMISSIONS_DELETE_POST_TEAM_ADMIN:
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_DELETE_POST.Id,
-			model.PERMISSION_DELETE_OTHERS_POSTS.Id,
-		)
-		break
 	}
 
 	if Cfg.TeamSettings.EnableTeamCreation {
diff --git a/webapp/components/root.jsx b/webapp/components/root.jsx
index 06a22f395..07c4415f5 100644
--- a/webapp/components/root.jsx
+++ b/webapp/components/root.jsx
@@ -31,7 +31,7 @@ export default class Root extends React.Component {
 
         // Ya....
         /*eslint-disable */
-        if (segmentKey != null && segmentKey !== '' && window.mm_config.DiagnosticsEnabled) {
+        if (segmentKey != null && segmentKey !== '' && window.mm_config.DiagnosticsEnabled === 'true') {
             !function(){var analytics=global.window.analytics=global.window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","group","track","ready","alias","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="3.0.1";
                 analytics.load(segmentKey);