diff options
-rw-r--r-- | app/diagnostics.go | 2 | ||||
-rw-r--r-- | model/config.go | 6 | ||||
-rw-r--r-- | utils/authorization.go | 2 | ||||
-rw-r--r-- | utils/authorization_test.go | 10 | ||||
-rw-r--r-- | utils/config.go | 2 | ||||
-rw-r--r-- | utils/policies-roles-mapping.json | 74 |
6 files changed, 65 insertions, 31 deletions
diff --git a/app/diagnostics.go b/app/diagnostics.go index 6d83d3a89..bbc72e63e 100644 --- a/app/diagnostics.go +++ b/app/diagnostics.go @@ -247,7 +247,7 @@ func (a *App) trackConfig() { a.SendDiagnostic(TRACK_CONFIG_TEAM, map[string]interface{}{ "enable_user_creation": cfg.TeamSettings.EnableUserCreation, - "enable_team_creation": cfg.TeamSettings.EnableTeamCreation, + "enable_team_creation": *cfg.TeamSettings.EnableTeamCreation, "restrict_team_invite": *cfg.TeamSettings.RestrictTeamInvite, "restrict_public_channel_creation": *cfg.TeamSettings.RestrictPublicChannelCreation, "restrict_private_channel_creation": *cfg.TeamSettings.RestrictPrivateChannelCreation, diff --git a/model/config.go b/model/config.go index 8fb11d403..f20a11ab8 100644 --- a/model/config.go +++ b/model/config.go @@ -962,7 +962,7 @@ func (s *ThemeSettings) SetDefaults() { type TeamSettings struct { SiteName string MaxUsersPerTeam *int - EnableTeamCreation bool + EnableTeamCreation *bool EnableUserCreation bool EnableOpenServer *bool RestrictCreationToDomains string @@ -1085,6 +1085,10 @@ func (s *TeamSettings) SetDefaults() { if s.ExperimentalPrimaryTeam == nil { s.ExperimentalPrimaryTeam = NewString("") } + + if s.EnableTeamCreation == nil { + s.EnableTeamCreation = NewBool(true) + } } type ClientRequirements struct { diff --git a/utils/authorization.go b/utils/authorization.go index e8556458a..bc71404ef 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -260,7 +260,7 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi ) } - if cfg.TeamSettings.EnableTeamCreation { + if *cfg.TeamSettings.EnableTeamCreation { roles[model.SYSTEM_USER_ROLE_ID].Permissions = append( roles[model.SYSTEM_USER_ROLE_ID].Permissions, model.PERMISSION_CREATE_TEAM.Id, diff --git a/utils/authorization_test.go b/utils/authorization_test.go index 9e5b570bb..8c78dcbda 100644 --- a/utils/authorization_test.go +++ b/utils/authorization_test.go @@ -8,6 +8,7 @@ import ( "fmt" "io/ioutil" "reflect" + "strconv" "strings" "testing" @@ -112,7 +113,14 @@ func updateConfig(config *model.Config, key string, value string) { v = reflect.ValueOf(config.TeamSettings) field = v.FieldByName(key) } - field.Elem().SetString(value) + + switch value { + case "true", "false": + b, _ := strconv.ParseBool(value) + field.Elem().SetBool(b) + default: + field.Elem().SetString(value) + } } func roleHasPermission(role *model.Role, permission string) bool { diff --git a/utils/config.go b/utils/config.go index 9e962eef4..be20e0367 100644 --- a/utils/config.go +++ b/utils/config.go @@ -354,7 +354,7 @@ func GenerateClientConfig(c *model.Config, diagnosticId string) map[string]strin props["SiteURL"] = strings.TrimRight(*c.ServiceSettings.SiteURL, "/") props["SiteName"] = c.TeamSettings.SiteName - props["EnableTeamCreation"] = strconv.FormatBool(c.TeamSettings.EnableTeamCreation) + props["EnableTeamCreation"] = strconv.FormatBool(*c.TeamSettings.EnableTeamCreation) props["EnableUserCreation"] = strconv.FormatBool(c.TeamSettings.EnableUserCreation) props["EnableOpenServer"] = strconv.FormatBool(*c.TeamSettings.EnableOpenServer) props["RestrictDirectMessage"] = *c.TeamSettings.RestrictDirectMessage diff --git a/utils/policies-roles-mapping.json b/utils/policies-roles-mapping.json index f083a854a..1b2acdfcb 100644 --- a/utils/policies-roles-mapping.json +++ b/utils/policies-roles-mapping.json @@ -432,16 +432,6 @@ "shouldHave": true }, { - "roleName": "channel_admin", - "permission": "delete_post", - "shouldHave": false - }, - { - "roleName": "channel_admin", - "permission": "delete_others_posts", - "shouldHave": false - }, - { "roleName": "team_admin", "permission": "delete_post", "shouldHave": true @@ -459,16 +449,6 @@ "shouldHave": false }, { - "roleName": "channel_admin", - "permission": "delete_post", - "shouldHave": false - }, - { - "roleName": "channel_admin", - "permission": "delete_others_posts", - "shouldHave": false - }, - { "roleName": "team_admin", "permission": "delete_post", "shouldHave": true @@ -486,25 +466,67 @@ "shouldHave": false }, { - "roleName": "channel_admin", + "roleName": "team_admin", "permission": "delete_post", "shouldHave": false }, { - "roleName": "channel_admin", + "roleName": "team_admin", "permission": "delete_others_posts", "shouldHave": false + } + ] + }, + "enableTeamCreation": { + "true": [ + { + "roleName": "system_user", + "permission": "create_team", + "shouldHave": true + } + ], + "false": [ + { + "roleName": "system_user", + "permission": "create_team", + "shouldHave": false + } + ] + }, + "enableOnlyAdminIntegrations": { + "true": [ + { + "roleName": "team_user", + "permission": "manage_webhooks", + "shouldHave": false }, { - "roleName": "team_admin", - "permission": "delete_post", + "roleName": "team_user", + "permission": "manage_slash_commands", "shouldHave": false }, { - "roleName": "team_admin", - "permission": "delete_others_posts", + "roleName": "system_user", + "permission": "manage_oauth", "shouldHave": false } + ], + "false": [ + { + "roleName": "team_user", + "permission": "manage_webhooks", + "shouldHave": true + }, + { + "roleName": "team_user", + "permission": "manage_slash_commands", + "shouldHave": true + }, + { + "roleName": "system_user", + "permission": "manage_oauth", + "shouldHave": true + } ] } }
\ No newline at end of file |