4 files changed, 180 insertions, 32 deletions

diff --git a/app/diagnostics.go b/app/diagnostics.go
index 7034fc1a3..63bc506c3 100644
--- a/app/diagnostics.go
+++ b/app/diagnostics.go
@@ -6,46 +6,51 @@ package app
 import (
 	"path/filepath"
 	"runtime"
+	"strings"
+
+	"github.com/segmentio/analytics-go"
 
 	"github.com/mattermost/mattermost-server/mlog"
 	"github.com/mattermost/mattermost-server/model"
-	"github.com/segmentio/analytics-go"
 )
 
 const (
 	SEGMENT_KEY = "fwb7VPbFeQ7SKp3wHm1RzFUuXZudqVok"
 
-	TRACK_CONFIG_SERVICE        = "config_service"
-	TRACK_CONFIG_TEAM           = "config_team"
-	TRACK_CONFIG_CLIENT_REQ     = "config_client_requirements"
-	TRACK_CONFIG_SQL            = "config_sql"
-	TRACK_CONFIG_LOG            = "config_log"
-	TRACK_CONFIG_FILE           = "config_file"
-	TRACK_CONFIG_RATE           = "config_rate"
-	TRACK_CONFIG_EXTENSION      = "config_extension"
-	TRACK_CONFIG_EMAIL          = "config_email"
-	TRACK_CONFIG_PRIVACY        = "config_privacy"
-	TRACK_CONFIG_THEME          = "config_theme"
-	TRACK_CONFIG_OAUTH          = "config_oauth"
-	TRACK_CONFIG_LDAP           = "config_ldap"
-	TRACK_CONFIG_COMPLIANCE     = "config_compliance"
-	TRACK_CONFIG_LOCALIZATION   = "config_localization"
-	TRACK_CONFIG_SAML           = "config_saml"
-	TRACK_CONFIG_PASSWORD       = "config_password"
-	TRACK_CONFIG_CLUSTER        = "config_cluster"
-	TRACK_CONFIG_METRICS        = "config_metrics"
-	TRACK_CONFIG_WEBRTC         = "config_webrtc"
-	TRACK_CONFIG_SUPPORT        = "config_support"
-	TRACK_CONFIG_NATIVEAPP      = "config_nativeapp"
-	TRACK_CONFIG_EXPERIMENTAL   = "config_experimental"
-	TRACK_CONFIG_ANALYTICS      = "config_analytics"
-	TRACK_CONFIG_ANNOUNCEMENT   = "config_announcement"
-	TRACK_CONFIG_ELASTICSEARCH  = "config_elasticsearch"
-	TRACK_CONFIG_PLUGIN         = "config_plugin"
-	TRACK_CONFIG_DATA_RETENTION = "config_data_retention"
-	TRACK_CONFIG_MESSAGE_EXPORT = "config_message_export"
-	TRACK_CONFIG_DISPLAY        = "config_display"
-	TRACK_CONFIG_TIMEZONE       = "config_timezone"
+	TRACK_CONFIG_SERVICE            = "config_service"
+	TRACK_CONFIG_TEAM               = "config_team"
+	TRACK_CONFIG_CLIENT_REQ         = "config_client_requirements"
+	TRACK_CONFIG_SQL                = "config_sql"
+	TRACK_CONFIG_LOG                = "config_log"
+	TRACK_CONFIG_FILE               = "config_file"
+	TRACK_CONFIG_RATE               = "config_rate"
+	TRACK_CONFIG_EXTENSION          = "config_extension"
+	TRACK_CONFIG_EMAIL              = "config_email"
+	TRACK_CONFIG_PRIVACY            = "config_privacy"
+	TRACK_CONFIG_THEME              = "config_theme"
+	TRACK_CONFIG_OAUTH              = "config_oauth"
+	TRACK_CONFIG_LDAP               = "config_ldap"
+	TRACK_CONFIG_COMPLIANCE         = "config_compliance"
+	TRACK_CONFIG_LOCALIZATION       = "config_localization"
+	TRACK_CONFIG_SAML               = "config_saml"
+	TRACK_CONFIG_PASSWORD           = "config_password"
+	TRACK_CONFIG_CLUSTER            = "config_cluster"
+	TRACK_CONFIG_METRICS            = "config_metrics"
+	TRACK_CONFIG_WEBRTC             = "config_webrtc"
+	TRACK_CONFIG_SUPPORT            = "config_support"
+	TRACK_CONFIG_NATIVEAPP          = "config_nativeapp"
+	TRACK_CONFIG_EXPERIMENTAL       = "config_experimental"
+	TRACK_CONFIG_ANALYTICS          = "config_analytics"
+	TRACK_CONFIG_ANNOUNCEMENT       = "config_announcement"
+	TRACK_CONFIG_ELASTICSEARCH      = "config_elasticsearch"
+	TRACK_CONFIG_PLUGIN             = "config_plugin"
+	TRACK_CONFIG_DATA_RETENTION     = "config_data_retention"
+	TRACK_CONFIG_MESSAGE_EXPORT     = "config_message_export"
+	TRACK_CONFIG_DISPLAY            = "config_display"
+	TRACK_CONFIG_TIMEZONE           = "config_timezone"
+	TRACK_PERMISSIONS_GENERAL       = "permissions_general"
+	TRACK_PERMISSIONS_SYSTEM_SCHEME = "permissions_system_scheme"
+	TRACK_PERMISSIONS_TEAM_SCHEMES  = "permissions_team_schemes"
 
 	TRACK_ACTIVITY = "activity"
 	TRACK_LICENSE  = "license"
@@ -63,6 +68,7 @@ func (a *App) SendDailyDiagnostics() {
 		a.trackLicense()
 		a.trackPlugins()
 		a.trackServer()
+		a.trackPermissions()
 	}
 }
 
@@ -650,3 +656,97 @@ func (a *App) trackServer() {
 
 	a.SendDiagnostic(TRACK_SERVER, data)
 }
+
+func (a *App) trackPermissions() {
+	phase1Complete := false
+	if ph1res := <-a.Srv.Store.System().GetByName(ADVANCED_PERMISSIONS_MIGRATION_KEY); ph1res.Err == nil {
+		phase1Complete = true
+	}
+
+	phase2Complete := false
+	if ph2res := <-a.Srv.Store.System().GetByName(model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2); ph2res.Err == nil {
+		phase2Complete = true
+	}
+
+	a.SendDiagnostic(TRACK_PERMISSIONS_GENERAL, map[string]interface{}{
+		"phase_1_migration_complete": phase1Complete,
+		"phase_2_migration_complete": phase2Complete,
+	})
+
+	systemAdminPermissions := ""
+	if role, err := a.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID); err == nil {
+		systemAdminPermissions = strings.Join(role.Permissions, " ")
+	}
+
+	systemUserPermissions := ""
+	if role, err := a.GetRoleByName(model.SYSTEM_USER_ROLE_ID); err == nil {
+		systemUserPermissions = strings.Join(role.Permissions, " ")
+	}
+
+	teamAdminPermissions := ""
+	if role, err := a.GetRoleByName(model.TEAM_ADMIN_ROLE_ID); err == nil {
+		teamAdminPermissions = strings.Join(role.Permissions, " ")
+	}
+
+	teamUserPermissions := ""
+	if role, err := a.GetRoleByName(model.TEAM_USER_ROLE_ID); err == nil {
+		teamUserPermissions = strings.Join(role.Permissions, " ")
+	}
+
+	channelAdminPermissions := ""
+	if role, err := a.GetRoleByName(model.CHANNEL_ADMIN_ROLE_ID); err == nil {
+		channelAdminPermissions = strings.Join(role.Permissions, " ")
+	}
+
+	channelUserPermissions := ""
+	if role, err := a.GetRoleByName(model.CHANNEL_USER_ROLE_ID); err == nil {
+		systemAdminPermissions = strings.Join(role.Permissions, " ")
+	}
+
+	a.SendDiagnostic(TRACK_PERMISSIONS_SYSTEM_SCHEME, map[string]interface{}{
+		"system_admin_permissions":  systemAdminPermissions,
+		"system_user_permissions":   systemUserPermissions,
+		"team_admin_permissions":    teamAdminPermissions,
+		"team_user_permissions":     teamUserPermissions,
+		"channel_admin_permissions": channelAdminPermissions,
+		"channel_user_permissions":  channelUserPermissions,
+	})
+
+	if schemes, err := a.GetSchemes(model.SCHEME_SCOPE_TEAM, 0, 100); err == nil {
+		for _, scheme := range schemes {
+			teamAdminPermissions := ""
+			if role, err := a.GetRoleByName(scheme.DefaultTeamAdminRole); err == nil {
+				teamAdminPermissions = strings.Join(role.Permissions, " ")
+			}
+
+			teamUserPermissions := ""
+			if role, err := a.GetRoleByName(scheme.DefaultTeamUserRole); err == nil {
+				teamUserPermissions = strings.Join(role.Permissions, " ")
+			}
+
+			channelAdminPermissions := ""
+			if role, err := a.GetRoleByName(scheme.DefaultChannelAdminRole); err == nil {
+				channelAdminPermissions = strings.Join(role.Permissions, " ")
+			}
+
+			channelUserPermissions := ""
+			if role, err := a.GetRoleByName(scheme.DefaultChannelUserRole); err == nil {
+				systemAdminPermissions = strings.Join(role.Permissions, " ")
+			}
+
+			var count int64 = 0
+			if res := <-a.Srv.Store.Team().AnalyticsGetTeamCountForScheme(scheme.Id); res.Err == nil {
+				count = res.Data.(int64)
+			}
+
+			a.SendDiagnostic(TRACK_PERMISSIONS_TEAM_SCHEMES, map[string]interface{}{
+				"scheme_id":                 scheme.Id,
+				"team_admin_permissions":    teamAdminPermissions,
+				"team_user_permissions":     teamUserPermissions,
+				"channel_admin_permissions": channelAdminPermissions,
+				"channel_user_permissions":  channelUserPermissions,
+				"team_count":                count,
+			})
+		}
+	}
+}
diff --git a/app/import.go b/app/import.go
index 078198dd4..496c6b7fc 100644
--- a/app/import.go
+++ b/app/import.go
@@ -100,6 +100,10 @@ func (a *App) BulkImport(fileReader io.Reader, dryRun bool, workers int) (*model
 		return model.NewAppError("BulkImport", "app.import.bulk_import.file_scan.error", nil, err.Error(), http.StatusInternalServerError), 0
 	}
 
+	if err := a.finalizeImport(dryRun); err != nil {
+		return err, 0
+	}
+
 	return nil, 0
 }
 
@@ -165,3 +169,14 @@ func (a *App) ImportLine(line LineImportData, dryRun bool) *model.AppError {
 		return model.NewAppError("BulkImport", "app.import.import_line.unknown_line_type.error", map[string]interface{}{"Type": line.Type}, "", http.StatusBadRequest)
 	}
 }
+
+func (a *App) finalizeImport(dryRun bool) *model.AppError {
+	if dryRun {
+		return nil
+	}
+	result := <-a.Srv.Store.Channel().ResetLastPostAt()
+	if result.Err != nil {
+		return result.Err
+	}
+	return nil
+}
diff --git a/app/plugin_api.go b/app/plugin_api.go
index c3ab8fab2..503feabee 100644
--- a/app/plugin_api.go
+++ b/app/plugin_api.go
@@ -258,6 +258,18 @@ func (api *PluginAPI) CreatePost(post *model.Post) (*model.Post, *model.AppError
 	return api.app.CreatePostMissingChannel(post, true)
 }
 
+func (api *PluginAPI) AddReaction(reaction *model.Reaction) (*model.Reaction, *model.AppError) {
+	return api.app.SaveReactionForPost(reaction)
+}
+
+func (api *PluginAPI) RemoveReaction(reaction *model.Reaction) *model.AppError {
+	return api.app.DeleteReactionForPost(reaction)
+}
+
+func (api *PluginAPI) GetReactions(postId string) ([]*model.Reaction, *model.AppError) {
+	return api.app.GetReactionsForPost(postId)
+}
+
 func (api *PluginAPI) SendEphemeralPost(userId string, post *model.Post) *model.Post {
 	return api.app.SendEphemeralPost(userId, post)
 }
@@ -279,6 +291,14 @@ func (api *PluginAPI) CopyFileInfos(userId string, fileIds []string) ([]string,
 	return api.app.CopyFileInfos(userId, fileIds)
 }
 
+func (api *PluginAPI) GetFileInfo(fileId string) (*model.FileInfo, *model.AppError) {
+	return api.app.GetFileInfo(fileId)
+}
+
+func (api *PluginAPI) ReadFile(path string) ([]byte, *model.AppError) {
+	return api.app.ReadFile(path)
+}
+
 func (api *PluginAPI) KVSet(key string, value []byte) *model.AppError {
 	return api.app.SetPluginKey(api.id, key, value)
 }
@@ -299,6 +319,18 @@ func (api *PluginAPI) PublishWebSocketEvent(event string, payload map[string]int
 	})
 }
 
+func (api *PluginAPI) HasPermissionTo(userId string, permission *model.Permission) bool {
+	return api.app.HasPermissionTo(userId, permission)
+}
+
+func (api *PluginAPI) HasPermissionToTeam(userId, teamId string, permission *model.Permission) bool {
+	return api.app.HasPermissionToTeam(userId, teamId, permission)
+}
+
+func (api *PluginAPI) HasPermissionToChannel(userId, channelId string, permission *model.Permission) bool {
+	return api.app.HasPermissionToChannel(userId, channelId, permission)
+}
+
 func (api *PluginAPI) LogDebug(msg string, keyValuePairs ...interface{}) {
 	api.logger.Debug(msg, keyValuePairs...)
 }
diff --git a/app/post.go b/app/post.go
index 0ce1bbe2d..0eed87280 100644
--- a/app/post.go
+++ b/app/post.go
@@ -869,6 +869,7 @@ func (a *App) DoPostAction(postId string, actionId string, userId string) *model
 
 	request := &model.PostActionIntegrationRequest{
 		UserId:  userId,
+		PostId:  postId,
 		Context: action.Integration.Context,
 	}