diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/app.go | 8 | ||||
-rw-r--r-- | app/authorization.go | 37 | ||||
-rw-r--r-- | app/authorization_test.go | 21 | ||||
-rw-r--r-- | app/channel.go | 6 | ||||
-rw-r--r-- | app/command_channel_header_test.go | 2 | ||||
-rw-r--r-- | app/command_channel_rename_test.go | 2 | ||||
-rw-r--r-- | app/import.go | 10 | ||||
-rw-r--r-- | app/oauth_test.go | 4 | ||||
-rw-r--r-- | app/post.go | 2 | ||||
-rw-r--r-- | app/role.go | 19 | ||||
-rw-r--r-- | app/team.go | 16 | ||||
-rw-r--r-- | app/team_test.go | 50 | ||||
-rw-r--r-- | app/user.go | 6 | ||||
-rw-r--r-- | app/webhook_test.go | 7 |
14 files changed, 100 insertions, 90 deletions
diff --git a/app/app.go b/app/app.go index 55fb43b30..ea79d8e81 100644 --- a/app/app.go +++ b/app/app.go @@ -55,6 +55,8 @@ type App struct { htmlTemplateWatcher *utils.HTMLTemplateWatcher sessionCache *utils.Cache + roles map[string]*model.Role + configListenerId string } var appCount = 0 @@ -86,6 +88,11 @@ func New(options ...Option) *App { utils.LoadGlobalConfig(app.configFile) utils.InitTranslations(utils.Cfg.LocalizationSettings) + app.configListenerId = utils.AddConfigListener(func(_, cfg *model.Config) { + app.SetDefaultRolesBasedOnConfig() + }) + app.SetDefaultRolesBasedOnConfig() + l4g.Info(utils.T("api.server.new_server.init.info")) app.initEnterprise() @@ -137,6 +144,7 @@ func (a *App) Shutdown() { a.htmlTemplateWatcher.Close() } + utils.RemoveConfigListener(a.configListenerId) l4g.Info(utils.T("api.server.stop_server.stopped.info")) } diff --git a/app/authorization.go b/app/authorization.go index ed485e597..3a64bb717 100644 --- a/app/authorization.go +++ b/app/authorization.go @@ -12,7 +12,7 @@ import ( ) func (a *App) SessionHasPermissionTo(session model.Session, permission *model.Permission) bool { - if !CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) { + if !a.CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) { a.ClearSessionCacheForUser(session.UserId) return false } @@ -21,21 +21,6 @@ func (a *App) SessionHasPermissionTo(session model.Session, permission *model.Pe } /// DO NOT USE: LEGACY -func SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool { - if teamId == "" { - return false - } - - teamMember := session.GetTeamByTeamId(teamId) - if teamMember != nil { - if CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) { - return true - } - } - - return CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) -} - func (a *App) SessionHasPermissionToTeam(session model.Session, teamId string, permission *model.Permission) bool { if teamId == "" { return false @@ -43,12 +28,12 @@ func (a *App) SessionHasPermissionToTeam(session model.Session, teamId string, p teamMember := session.GetTeamByTeamId(teamId) if teamMember != nil { - if CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) { + if a.CheckIfRolesGrantPermission(teamMember.GetRoles(), permission.Id) { return true } } - return a.SessionHasPermissionTo(session, permission) + return a.CheckIfRolesGrantPermission(session.GetUserRoles(), permission.Id) } func (a *App) SessionHasPermissionToChannel(session model.Session, channelId string, permission *model.Permission) bool { @@ -63,7 +48,7 @@ func (a *App) SessionHasPermissionToChannel(session model.Session, channelId str ids := cmcresult.Data.(map[string]string) if roles, ok := ids[channelId]; ok { channelRoles = strings.Fields(roles) - if CheckIfRolesGrantPermission(channelRoles, permission.Id) { + if a.CheckIfRolesGrantPermission(channelRoles, permission.Id) { return true } } @@ -84,7 +69,7 @@ func (a *App) SessionHasPermissionToChannelByPost(session model.Session, postId if result := <-a.Srv.Store.Channel().GetMemberForPost(postId, session.UserId); result.Err == nil { channelMember = result.Data.(*model.ChannelMember) - if CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) { + if a.CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) { return true } } @@ -134,7 +119,7 @@ func (a *App) HasPermissionTo(askingUserId string, permission *model.Permission) roles := user.GetRoles() - return CheckIfRolesGrantPermission(roles, permission.Id) + return a.CheckIfRolesGrantPermission(roles, permission.Id) } func (a *App) HasPermissionToTeam(askingUserId string, teamId string, permission *model.Permission) bool { @@ -149,7 +134,7 @@ func (a *App) HasPermissionToTeam(askingUserId string, teamId string, permission roles := teamMember.GetRoles() - if CheckIfRolesGrantPermission(roles, permission.Id) { + if a.CheckIfRolesGrantPermission(roles, permission.Id) { return true } @@ -164,7 +149,7 @@ func (a *App) HasPermissionToChannel(askingUserId string, channelId string, perm channelMember, err := a.GetChannelMember(channelId, askingUserId) if err == nil { roles := channelMember.GetRoles() - if CheckIfRolesGrantPermission(roles, permission.Id) { + if a.CheckIfRolesGrantPermission(roles, permission.Id) { return true } } @@ -183,7 +168,7 @@ func (a *App) HasPermissionToChannelByPost(askingUserId string, postId string, p if result := <-a.Srv.Store.Channel().GetMemberForPost(postId, askingUserId); result.Err == nil { channelMember = result.Data.(*model.ChannelMember) - if CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) { + if a.CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) { return true } } @@ -208,9 +193,9 @@ func (a *App) HasPermissionToUser(askingUserId string, userId string) bool { return false } -func CheckIfRolesGrantPermission(roles []string, permissionId string) bool { +func (a *App) CheckIfRolesGrantPermission(roles []string, permissionId string) bool { for _, roleId := range roles { - if role, ok := model.BuiltInRoles[roleId]; !ok { + if role := a.Role(roleId); role == nil { l4g.Debug("Bad role in system " + roleId) return false } else { diff --git a/app/authorization_test.go b/app/authorization_test.go index 375b279dc..a65fe8333 100644 --- a/app/authorization_test.go +++ b/app/authorization_test.go @@ -10,23 +10,26 @@ import ( ) func TestCheckIfRolesGrantPermission(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + cases := []struct { roles []string permissionId string shouldGrant bool }{ - {[]string{model.ROLE_SYSTEM_ADMIN.Id}, model.ROLE_SYSTEM_ADMIN.Permissions[0], true}, - {[]string{model.ROLE_SYSTEM_ADMIN.Id}, "non-existant-permission", false}, - {[]string{model.ROLE_CHANNEL_USER.Id}, model.ROLE_CHANNEL_USER.Permissions[0], true}, - {[]string{model.ROLE_CHANNEL_USER.Id}, model.PERMISSION_MANAGE_SYSTEM.Id, false}, - {[]string{model.ROLE_SYSTEM_ADMIN.Id, model.ROLE_CHANNEL_USER.Id}, model.PERMISSION_MANAGE_SYSTEM.Id, true}, - {[]string{model.ROLE_CHANNEL_USER.Id, model.ROLE_SYSTEM_ADMIN.Id}, model.PERMISSION_MANAGE_SYSTEM.Id, true}, - {[]string{model.ROLE_TEAM_USER.Id, model.ROLE_TEAM_ADMIN.Id}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true}, - {[]string{model.ROLE_TEAM_ADMIN.Id, model.ROLE_TEAM_USER.Id}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true}, + {[]string{model.SYSTEM_ADMIN_ROLE_ID}, th.App.Role(model.SYSTEM_ADMIN_ROLE_ID).Permissions[0], true}, + {[]string{model.SYSTEM_ADMIN_ROLE_ID}, "non-existant-permission", false}, + {[]string{model.CHANNEL_USER_ROLE_ID}, th.App.Role(model.CHANNEL_USER_ROLE_ID).Permissions[0], true}, + {[]string{model.CHANNEL_USER_ROLE_ID}, model.PERMISSION_MANAGE_SYSTEM.Id, false}, + {[]string{model.SYSTEM_ADMIN_ROLE_ID, model.CHANNEL_USER_ROLE_ID}, model.PERMISSION_MANAGE_SYSTEM.Id, true}, + {[]string{model.CHANNEL_USER_ROLE_ID, model.SYSTEM_ADMIN_ROLE_ID}, model.PERMISSION_MANAGE_SYSTEM.Id, true}, + {[]string{model.TEAM_USER_ROLE_ID, model.TEAM_ADMIN_ROLE_ID}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true}, + {[]string{model.TEAM_ADMIN_ROLE_ID, model.TEAM_USER_ROLE_ID}, model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, true}, } for testnum, testcase := range cases { - if CheckIfRolesGrantPermission(testcase.roles, testcase.permissionId) != testcase.shouldGrant { + if th.App.CheckIfRolesGrantPermission(testcase.roles, testcase.permissionId) != testcase.shouldGrant { t.Fatal("Failed test case ", testnum) } } diff --git a/app/channel.go b/app/channel.go index ea58795ea..50067d42d 100644 --- a/app/channel.go +++ b/app/channel.go @@ -151,7 +151,7 @@ func (a *App) CreateChannel(channel *model.Channel, addMember bool) (*model.Chan cm := &model.ChannelMember{ ChannelId: sc.Id, UserId: channel.CreatorId, - Roles: model.ROLE_CHANNEL_USER.Id + " " + model.ROLE_CHANNEL_ADMIN.Id, + Roles: model.CHANNEL_USER_ROLE_ID + " " + model.CHANNEL_ADMIN_ROLE_ID, NotifyProps: model.GetDefaultChannelNotifyProps(), } @@ -296,7 +296,7 @@ func (a *App) createGroupChannel(userIds []string, creatorId string) (*model.Cha UserId: user.Id, ChannelId: group.Id, NotifyProps: model.GetDefaultChannelNotifyProps(), - Roles: model.ROLE_CHANNEL_USER.Id, + Roles: model.CHANNEL_USER_ROLE_ID, } if result := <-a.Srv.Store.Channel().SaveMember(cm); result.Err != nil { @@ -514,7 +514,7 @@ func (a *App) addUserToChannel(user *model.User, channel *model.Channel, teamMem ChannelId: channel.Id, UserId: user.Id, NotifyProps: model.GetDefaultChannelNotifyProps(), - Roles: model.ROLE_CHANNEL_USER.Id, + Roles: model.CHANNEL_USER_ROLE_ID, } if result := <-a.Srv.Store.Channel().SaveMember(newMember); result.Err != nil { l4g.Error("Failed to add member user_id=%v channel_id=%v err=%v", user.Id, channel.Id, result.Err) diff --git a/app/command_channel_header_test.go b/app/command_channel_header_test.go index 5fdde122b..2a6151fed 100644 --- a/app/command_channel_header_test.go +++ b/app/command_channel_header_test.go @@ -15,7 +15,7 @@ func TestHeaderProviderDoCommand(t *testing.T) { args := &model.CommandArgs{ T: func(s string, args ...interface{}) string { return s }, ChannelId: th.BasicChannel.Id, - Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.ROLE_TEAM_USER.Id}}}, + Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.TEAM_USER_ROLE_ID}}}, } for msg, expected := range map[string]string{ diff --git a/app/command_channel_rename_test.go b/app/command_channel_rename_test.go index 00b9eab0a..9c86b18e0 100644 --- a/app/command_channel_rename_test.go +++ b/app/command_channel_rename_test.go @@ -15,7 +15,7 @@ func TestRenameProviderDoCommand(t *testing.T) { args := &model.CommandArgs{ T: func(s string, args ...interface{}) string { return s }, ChannelId: th.BasicChannel.Id, - Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.ROLE_TEAM_USER.Id}}}, + Session: model.Session{UserId: th.BasicUser.Id, TeamMembers: []*model.TeamMember{{TeamId: th.BasicTeam.Id, Roles: model.TEAM_USER_ROLE_ID}}}, } // Blank text is a success diff --git a/app/import.go b/app/import.go index 08decb676..850e9c43d 100644 --- a/app/import.go +++ b/app/import.go @@ -572,8 +572,8 @@ func (a *App) ImportUser(data *UserImportData, dryRun bool) *model.AppError { } } else if len(user.Roles) == 0 { // Set SYSTEM_USER roles on newly created users by default. - if user.Roles != model.ROLE_SYSTEM_USER.Id { - roles = model.ROLE_SYSTEM_USER.Id + if user.Roles != model.SYSTEM_USER_ROLE_ID { + roles = model.SYSTEM_USER_ROLE_ID hasUserRolesChanged = true } } @@ -769,7 +769,7 @@ func (a *App) ImportUserTeams(user *model.User, data *[]UserTeamImportData) *mod var roles string if tdata.Roles == nil { - roles = model.ROLE_TEAM_USER.Id + roles = model.TEAM_USER_ROLE_ID } else { roles = *tdata.Roles } @@ -809,7 +809,7 @@ func (a *App) ImportUserChannels(user *model.User, team *model.Team, teamMember var roles string if cdata.Roles == nil { - roles = model.ROLE_CHANNEL_USER.Id + roles = model.CHANNEL_USER_ROLE_ID } else { roles = *cdata.Roles } @@ -1455,7 +1455,7 @@ func (a *App) OldImportPost(post *model.Post) { func (a *App) OldImportUser(team *model.Team, user *model.User) *model.User { user.MakeNonNil() - user.Roles = model.ROLE_SYSTEM_USER.Id + user.Roles = model.SYSTEM_USER_ROLE_ID if result := <-a.Srv.Store.User().Save(user); result.Err != nil { l4g.Error(utils.T("api.import.import_user.saving.error"), result.Err) diff --git a/app/oauth_test.go b/app/oauth_test.go index d5fbe8f5e..b964b377d 100644 --- a/app/oauth_test.go +++ b/app/oauth_test.go @@ -21,7 +21,7 @@ func TestOAuthRevokeAccessToken(t *testing.T) { session.CreateAt = model.GetMillis() session.UserId = model.NewId() session.Token = model.NewId() - session.Roles = model.ROLE_SYSTEM_USER.Id + session.Roles = model.SYSTEM_USER_ROLE_ID session.SetExpireInDays(1) session, _ = th.App.CreateSession(session) @@ -71,7 +71,7 @@ func TestOAuthDeleteApp(t *testing.T) { session.CreateAt = model.GetMillis() session.UserId = model.NewId() session.Token = model.NewId() - session.Roles = model.ROLE_SYSTEM_USER.Id + session.Roles = model.SYSTEM_USER_ROLE_ID session.IsOAuth = true session.SetExpireInDays(1) diff --git a/app/post.go b/app/post.go index 844b660a9..1bada0095 100644 --- a/app/post.go +++ b/app/post.go @@ -122,7 +122,7 @@ func (a *App) CreatePost(post *model.Post, channel *model.Channel, triggerWebhoo if utils.IsLicensed() && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly && !post.IsSystemMessage() && channel.Name == model.DEFAULT_CHANNEL && - !CheckIfRolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) { + !a.CheckIfRolesGrantPermission(user.GetRoles(), model.PERMISSION_MANAGE_SYSTEM.Id) { return nil, model.NewAppError("createPost", "api.post.create_post.town_square_read_only", nil, "", http.StatusForbidden) } diff --git a/app/role.go b/app/role.go new file mode 100644 index 000000000..5f39dd623 --- /dev/null +++ b/app/role.go @@ -0,0 +1,19 @@ +// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/utils" +) + +func (a *App) Role(id string) *model.Role { + return a.roles[id] +} + +// Updates the roles based on the app config and the global license check. You may need to invoke +// this when license changes are made. +func (a *App) SetDefaultRolesBasedOnConfig() { + a.roles = utils.DefaultRolesBasedOnConfig(a.Config()) +} diff --git a/app/team.go b/app/team.go index c2d06513e..00808b200 100644 --- a/app/team.go +++ b/app/team.go @@ -281,11 +281,11 @@ func (a *App) joinUserToTeam(team *model.Team, user *model.User) (*model.TeamMem tm := &model.TeamMember{ TeamId: team.Id, UserId: user.Id, - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, } if team.Email == user.Email { - tm.Roles = model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id + tm.Roles = model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID } if etmr := <-a.Srv.Store.Team().GetMember(team.Id, user.Id); etmr.Err == nil { @@ -323,10 +323,10 @@ func (a *App) JoinUserToTeam(team *model.Team, user *model.User, userRequestorId return uua.Err } - channelRole := model.ROLE_CHANNEL_USER.Id + channelRole := model.CHANNEL_USER_ROLE_ID if team.Email == user.Email { - channelRole = model.ROLE_CHANNEL_USER.Id + " " + model.ROLE_CHANNEL_ADMIN.Id + channelRole = model.CHANNEL_USER_ROLE_ID + " " + model.CHANNEL_ADMIN_ROLE_ID } // Soft error if there is an issue joining the default channels @@ -869,17 +869,17 @@ func (a *App) GetTeamIdFromQuery(query url.Values) (string, *model.AppError) { return "", nil } -func SanitizeTeam(session model.Session, team *model.Team) *model.Team { - if !SessionHasPermissionToTeam(session, team.Id, model.PERMISSION_MANAGE_TEAM) { +func (a *App) SanitizeTeam(session model.Session, team *model.Team) *model.Team { + if !a.SessionHasPermissionToTeam(session, team.Id, model.PERMISSION_MANAGE_TEAM) { team.Sanitize() } return team } -func SanitizeTeams(session model.Session, teams []*model.Team) []*model.Team { +func (a *App) SanitizeTeams(session model.Session, teams []*model.Team) []*model.Team { for _, team := range teams { - SanitizeTeam(session, team) + a.SanitizeTeam(session, team) } return teams diff --git a/app/team_test.go b/app/team_test.go index 61ae03f74..10f33f50b 100644 --- a/app/team_test.go +++ b/app/team_test.go @@ -198,17 +198,17 @@ func TestSanitizeTeam(t *testing.T) { t.Run("not a user of the team", func(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id, + Roles: model.SYSTEM_USER_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: model.NewId(), - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, }, }, } - sanitized := SanitizeTeam(session, copyTeam()) + sanitized := th.App.SanitizeTeam(session, copyTeam()) if sanitized.Email != "" && sanitized.AllowedDomains != "" { t.Fatal("should've sanitized team") } @@ -217,17 +217,17 @@ func TestSanitizeTeam(t *testing.T) { t.Run("user of the team", func(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id, + Roles: model.SYSTEM_USER_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: team.Id, - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, }, }, } - sanitized := SanitizeTeam(session, copyTeam()) + sanitized := th.App.SanitizeTeam(session, copyTeam()) if sanitized.Email != "" && sanitized.AllowedDomains != "" { t.Fatal("should've sanitized team") } @@ -236,17 +236,17 @@ func TestSanitizeTeam(t *testing.T) { t.Run("team admin", func(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id, + Roles: model.SYSTEM_USER_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: team.Id, - Roles: model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id, + Roles: model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID, }, }, } - sanitized := SanitizeTeam(session, copyTeam()) + sanitized := th.App.SanitizeTeam(session, copyTeam()) if sanitized.Email == "" && sanitized.AllowedDomains == "" { t.Fatal("shouldn't have sanitized team") } @@ -255,17 +255,17 @@ func TestSanitizeTeam(t *testing.T) { t.Run("team admin of another team", func(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id, + Roles: model.SYSTEM_USER_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: model.NewId(), - Roles: model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id, + Roles: model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID, }, }, } - sanitized := SanitizeTeam(session, copyTeam()) + sanitized := th.App.SanitizeTeam(session, copyTeam()) if sanitized.Email != "" && sanitized.AllowedDomains != "" { t.Fatal("should've sanitized team") } @@ -274,17 +274,17 @@ func TestSanitizeTeam(t *testing.T) { t.Run("system admin, not a user of team", func(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id, + Roles: model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: model.NewId(), - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, }, }, } - sanitized := SanitizeTeam(session, copyTeam()) + sanitized := th.App.SanitizeTeam(session, copyTeam()) if sanitized.Email == "" && sanitized.AllowedDomains == "" { t.Fatal("shouldn't have sanitized team") } @@ -293,17 +293,17 @@ func TestSanitizeTeam(t *testing.T) { t.Run("system admin, user of team", func(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id, + Roles: model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: team.Id, - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, }, }, } - sanitized := SanitizeTeam(session, copyTeam()) + sanitized := th.App.SanitizeTeam(session, copyTeam()) if sanitized.Email == "" && sanitized.AllowedDomains == "" { t.Fatal("shouldn't have sanitized team") } @@ -330,22 +330,22 @@ func TestSanitizeTeams(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id, + Roles: model.SYSTEM_USER_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: teams[0].Id, - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, }, { UserId: userId, TeamId: teams[1].Id, - Roles: model.ROLE_TEAM_USER.Id + " " + model.ROLE_TEAM_ADMIN.Id, + Roles: model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID, }, }, } - sanitized := SanitizeTeams(session, teams) + sanitized := th.App.SanitizeTeams(session, teams) if sanitized[0].Email != "" && sanitized[0].AllowedDomains != "" { t.Fatal("should've sanitized first team") @@ -372,17 +372,17 @@ func TestSanitizeTeams(t *testing.T) { userId := model.NewId() session := model.Session{ - Roles: model.ROLE_SYSTEM_USER.Id + " " + model.ROLE_SYSTEM_ADMIN.Id, + Roles: model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID, TeamMembers: []*model.TeamMember{ { UserId: userId, TeamId: teams[0].Id, - Roles: model.ROLE_TEAM_USER.Id, + Roles: model.TEAM_USER_ROLE_ID, }, }, } - sanitized := SanitizeTeams(session, teams) + sanitized := th.App.SanitizeTeams(session, teams) if sanitized[0].Email == "" && sanitized[0].AllowedDomains == "" { t.Fatal("shouldn't have sanitized first team") diff --git a/app/user.go b/app/user.go index a17521d9f..b94c2a9fb 100644 --- a/app/user.go +++ b/app/user.go @@ -179,7 +179,7 @@ func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) { return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) } - user.Roles = model.ROLE_SYSTEM_USER.Id + user.Roles = model.SYSTEM_USER_ROLE_ID // Below is a special case where the first user in the entire // system is granted the system_admin role @@ -188,7 +188,7 @@ func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) { } else { count := result.Data.(int64) if count <= 0 { - user.Roles = model.ROLE_SYSTEM_ADMIN.Id + " " + model.ROLE_SYSTEM_USER.Id + user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID } } @@ -1235,7 +1235,7 @@ func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent func (a *App) PermanentDeleteUser(user *model.User) *model.AppError { l4g.Warn(utils.T("api.user.permanent_delete_user.attempting.warn"), user.Email, user.Id) - if user.IsInRole(model.ROLE_SYSTEM_ADMIN.Id) { + if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) { l4g.Warn(utils.T("api.user.permanent_delete_user.system_admin.warn"), user.Email) } diff --git a/app/webhook_test.go b/app/webhook_test.go index 9fef6fde3..13771a97f 100644 --- a/app/webhook_test.go +++ b/app/webhook_test.go @@ -11,7 +11,6 @@ import ( "github.com/stretchr/testify/require" "github.com/mattermost/mattermost-server/model" - "github.com/mattermost/mattermost-server/utils" ) func TestCreateWebhookPost(t *testing.T) { @@ -19,12 +18,8 @@ func TestCreateWebhookPost(t *testing.T) { defer th.TearDown() enableIncomingHooks := th.App.Config().ServiceSettings.EnableIncomingWebhooks - defer func() { - th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks }) - utils.SetDefaultRolesBasedOnConfig() - }() + defer th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks }) th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true }) - utils.SetDefaultRolesBasedOnConfig() hook, err := th.App.CreateIncomingWebhookForChannel(th.BasicUser.Id, th.BasicChannel, &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}) if err != nil { |