diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/app.go | 10 | ||||
-rw-r--r-- | app/authorization.go | 4 | ||||
-rw-r--r-- | app/channel.go | 97 | ||||
-rw-r--r-- | app/channel_test.go | 22 | ||||
-rw-r--r-- | app/scheme.go | 119 | ||||
-rw-r--r-- | app/team.go | 96 | ||||
-rw-r--r-- | app/team_test.go | 18 |
7 files changed, 336 insertions, 30 deletions
diff --git a/app/app.go b/app/app.go index 2cdf333c1..d4a663e32 100644 --- a/app/app.go +++ b/app/app.go @@ -20,6 +20,7 @@ import ( "github.com/mattermost/mattermost-server/einterfaces" ejobs "github.com/mattermost/mattermost-server/einterfaces/jobs" "github.com/mattermost/mattermost-server/jobs" + tjobs "github.com/mattermost/mattermost-server/jobs/interfaces" "github.com/mattermost/mattermost-server/mlog" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/plugin/pluginenv" @@ -319,6 +320,12 @@ func RegisterJobsLdapSyncInterface(f func(*App) ejobs.LdapSyncInterface) { jobsLdapSyncInterface = f } +var jobsMigrationsInterface func(*App) tjobs.MigrationsJobInterface + +func RegisterJobsMigrationsJobInterface(f func(*App) tjobs.MigrationsJobInterface) { + jobsMigrationsInterface = f +} + var ldapInterface func(*App) einterfaces.LdapInterface func RegisterLdapInterface(f func(*App) einterfaces.LdapInterface) { @@ -413,6 +420,9 @@ func (a *App) initJobs() { if jobsLdapSyncInterface != nil { a.Jobs.LdapSync = jobsLdapSyncInterface(a) } + if jobsMigrationsInterface != nil { + a.Jobs.Migrations = jobsMigrationsInterface(a) + } } func (a *App) DiagnosticId() string { diff --git a/app/authorization.go b/app/authorization.go index f281b3e65..57a38c199 100644 --- a/app/authorization.go +++ b/app/authorization.go @@ -200,6 +200,10 @@ func (a *App) RolesGrantPermission(roleNames []string, permissionId string) bool } for _, role := range roles { + if role.DeleteAt != 0 { + continue + } + permissions := role.Permissions for _, permission := range permissions { if permission == permissionId { diff --git a/app/channel.go b/app/channel.go index 26e3d771c..4b606ac27 100644 --- a/app/channel.go +++ b/app/channel.go @@ -32,7 +32,7 @@ func (a *App) CreateDefaultChannels(teamId string) ([]*model.Channel, *model.App return channels, nil } -func (a *App) JoinDefaultChannels(teamId string, user *model.User, channelRole string, userRequestorId string) *model.AppError { +func (a *App) JoinDefaultChannels(teamId string, user *model.User, shouldBeAdmin bool, userRequestorId string) *model.AppError { var err *model.AppError = nil var requestor *model.User @@ -52,7 +52,8 @@ func (a *App) JoinDefaultChannels(teamId string, user *model.User, channelRole s cm := &model.ChannelMember{ ChannelId: townSquare.Id, UserId: user.Id, - Roles: channelRole, + SchemeUser: true, + SchemeAdmin: shouldBeAdmin, NotifyProps: model.GetDefaultChannelNotifyProps(), } @@ -85,7 +86,8 @@ func (a *App) JoinDefaultChannels(teamId string, user *model.User, channelRole s cm := &model.ChannelMember{ ChannelId: offTopic.Id, UserId: user.Id, - Roles: channelRole, + SchemeUser: true, + SchemeAdmin: shouldBeAdmin, NotifyProps: model.GetDefaultChannelNotifyProps(), } @@ -166,7 +168,8 @@ func (a *App) CreateChannel(channel *model.Channel, addMember bool) (*model.Chan cm := &model.ChannelMember{ ChannelId: sc.Id, UserId: channel.CreatorId, - Roles: model.CHANNEL_USER_ROLE_ID + " " + model.CHANNEL_ADMIN_ROLE_ID, + SchemeUser: true, + SchemeAdmin: true, NotifyProps: model.GetDefaultChannelNotifyProps(), } @@ -322,7 +325,7 @@ func (a *App) createGroupChannel(userIds []string, creatorId string) (*model.Cha UserId: user.Id, ChannelId: group.Id, NotifyProps: model.GetDefaultChannelNotifyProps(), - Roles: model.CHANNEL_USER_ROLE_ID, + SchemeUser: true, } if result := <-a.Srv.Store.Channel().SaveMember(cm); result.Err != nil { @@ -351,6 +354,23 @@ func (a *App) UpdateChannel(channel *model.Channel) (*model.Channel, *model.AppE } } +func (a *App) UpdateChannelScheme(channel *model.Channel) (*model.Channel, *model.AppError) { + var oldChannel *model.Channel + var err *model.AppError + if oldChannel, err = a.GetChannel(channel.Id); err != nil { + return nil, err + } + + oldChannel.SchemeId = channel.SchemeId + + newChannel, err := a.UpdateChannel(oldChannel) + if err != nil { + return nil, err + } + + return newChannel, nil +} + func (a *App) UpdateChannelPrivacy(oldChannel *model.Channel, user *model.User) (*model.Channel, *model.AppError) { if channel, err := a.UpdateChannel(oldChannel); err != nil { return channel, err @@ -432,6 +452,39 @@ func (a *App) PatchChannel(channel *model.Channel, patch *model.ChannelPatch, us return channel, err } +func (a *App) GetSchemeRolesForChannel(channelId string) (string, string, *model.AppError) { + var channel *model.Channel + var err *model.AppError + + if channel, err = a.GetChannel(channelId); err != nil { + return "", "", err + } + + if channel.SchemeId != nil && len(*channel.SchemeId) != 0 { + if scheme, err := a.GetScheme(*channel.SchemeId); err != nil { + return "", "", err + } else { + return scheme.DefaultChannelUserRole, scheme.DefaultChannelAdminRole, nil + } + } + + var team *model.Team + + if team, err = a.GetTeam(channel.TeamId); err != nil { + return "", "", err + } + + if team.SchemeId != nil && len(*team.SchemeId) != 0 { + if scheme, err := a.GetScheme(*team.SchemeId); err != nil { + return "", "", err + } else { + return scheme.DefaultChannelUserRole, scheme.DefaultChannelAdminRole, nil + } + } + + return model.CHANNEL_USER_ROLE_ID, model.CHANNEL_ADMIN_ROLE_ID, nil +} + func (a *App) UpdateChannelMemberRoles(channelId string, userId string, newRoles string) (*model.ChannelMember, *model.AppError) { var member *model.ChannelMember var err *model.AppError @@ -439,14 +492,42 @@ func (a *App) UpdateChannelMemberRoles(channelId string, userId string, newRoles return nil, err } - if err := a.CheckRolesExist(strings.Fields(newRoles)); err != nil { + schemeUserRole, schemeAdminRole, err := a.GetSchemeRolesForChannel(channelId) + if err != nil { return nil, err } - member.Roles = newRoles + var newExplicitRoles []string + member.SchemeUser = false + member.SchemeAdmin = false + + for _, roleName := range strings.Fields(newRoles) { + if role, err := a.GetRoleByName(roleName); err != nil { + err.StatusCode = http.StatusBadRequest + return nil, err + } else if !role.SchemeManaged { + // The role is not scheme-managed, so it's OK to apply it to the explicit roles field. + newExplicitRoles = append(newExplicitRoles, roleName) + } else { + // The role is scheme-managed, so need to check if it is part of the scheme for this channel or not. + switch roleName { + case schemeAdminRole: + member.SchemeAdmin = true + case schemeUserRole: + member.SchemeUser = true + default: + // If not part of the scheme for this channel, then it is not allowed to apply it as an explicit role. + return nil, model.NewAppError("UpdateChannelMemberRoles", "api.channel.update_channel_member_roles.scheme_role.app_error", nil, "role_name="+roleName, http.StatusBadRequest) + } + } + } + + member.ExplicitRoles = strings.Join(newExplicitRoles, " ") if result := <-a.Srv.Store.Channel().UpdateMember(member); result.Err != nil { return nil, result.Err + } else { + member = result.Data.(*model.ChannelMember) } a.InvalidateCacheForUser(userId) @@ -591,7 +672,7 @@ func (a *App) addUserToChannel(user *model.User, channel *model.Channel, teamMem ChannelId: channel.Id, UserId: user.Id, NotifyProps: model.GetDefaultChannelNotifyProps(), - Roles: model.CHANNEL_USER_ROLE_ID, + SchemeUser: true, } if result := <-a.Srv.Store.Channel().SaveMember(newMember); result.Err != nil { mlog.Error(fmt.Sprintf("Failed to add member user_id=%v channel_id=%v err=%v", user.Id, channel.Id, result.Err), mlog.String("user_id", user.Id)) diff --git a/app/channel_test.go b/app/channel_test.go index a4e0806a6..336d9b25b 100644 --- a/app/channel_test.go +++ b/app/channel_test.go @@ -120,7 +120,7 @@ func TestJoinDefaultChannelsCreatesChannelMemberHistoryRecordTownSquare(t *testi // create a new user that joins the default channels user := th.CreateUser() - th.App.JoinDefaultChannels(th.BasicTeam.Id, user, model.CHANNEL_USER_ROLE_ID, "") + th.App.JoinDefaultChannels(th.BasicTeam.Id, user, false, "") // there should be a ChannelMemberHistory record for the user histories := store.Must(th.App.Srv.Store.ChannelMemberHistory().GetUsersInChannelDuring(model.GetMillis()-100, model.GetMillis()+100, townSquareChannelId)).([]*model.ChannelMemberHistoryResult) @@ -146,7 +146,7 @@ func TestJoinDefaultChannelsCreatesChannelMemberHistoryRecordOffTopic(t *testing // create a new user that joins the default channels user := th.CreateUser() - th.App.JoinDefaultChannels(th.BasicTeam.Id, user, model.CHANNEL_USER_ROLE_ID, "") + th.App.JoinDefaultChannels(th.BasicTeam.Id, user, false, "") // there should be a ChannelMemberHistory record for the user histories := store.Must(th.App.Srv.Store.ChannelMemberHistory().GetUsersInChannelDuring(model.GetMillis()-100, model.GetMillis()+100, offTopicChannelId)).([]*model.ChannelMemberHistoryResult) @@ -381,3 +381,21 @@ func TestAddChannelMemberNoUserRequestor(t *testing.T) { assert.Equal(t, user.Username, post.Props["username"]) } } + +func TestAppUpdateChannelScheme(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + + channel := th.BasicChannel + mockID := model.NewString("x") + channel.SchemeId = mockID + + updatedChannel, err := th.App.UpdateChannelScheme(channel) + if err != nil { + t.Fatal(err) + } + + if updatedChannel.SchemeId != mockID { + t.Fatal("Wrong Channel SchemeId") + } +} diff --git a/app/scheme.go b/app/scheme.go new file mode 100644 index 000000000..a8eb9ef46 --- /dev/null +++ b/app/scheme.go @@ -0,0 +1,119 @@ +// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "github.com/mattermost/mattermost-server/model" +) + +func (a *App) GetScheme(id string) (*model.Scheme, *model.AppError) { + if result := <-a.Srv.Store.Scheme().Get(id); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.Scheme), nil + } +} + +func (a *App) GetSchemesPage(scope string, page int, perPage int) ([]*model.Scheme, *model.AppError) { + return a.GetSchemes(scope, page*perPage, perPage) +} + +func (a *App) GetSchemes(scope string, offset int, limit int) ([]*model.Scheme, *model.AppError) { + if result := <-a.Srv.Store.Scheme().GetAllPage(scope, offset, limit); result.Err != nil { + return nil, result.Err + } else { + return result.Data.([]*model.Scheme), nil + } +} + +func (a *App) CreateScheme(scheme *model.Scheme) (*model.Scheme, *model.AppError) { + if err := a.IsPhase2MigrationCompleted(); err != nil { + return nil, err + } + + // Clear any user-provided values for trusted properties. + scheme.DefaultTeamAdminRole = "" + scheme.DefaultTeamUserRole = "" + scheme.DefaultChannelAdminRole = "" + scheme.DefaultChannelUserRole = "" + scheme.CreateAt = 0 + scheme.UpdateAt = 0 + scheme.DeleteAt = 0 + + if result := <-a.Srv.Store.Scheme().Save(scheme); result.Err != nil { + return nil, result.Err + } else { + return scheme, nil + } +} + +func (a *App) PatchScheme(scheme *model.Scheme, patch *model.SchemePatch) (*model.Scheme, *model.AppError) { + if err := a.IsPhase2MigrationCompleted(); err != nil { + return nil, err + } + + scheme.Patch(patch) + scheme, err := a.UpdateScheme(scheme) + if err != nil { + return nil, err + } + + return scheme, err +} + +func (a *App) UpdateScheme(scheme *model.Scheme) (*model.Scheme, *model.AppError) { + if err := a.IsPhase2MigrationCompleted(); err != nil { + return nil, err + } + + if result := <-a.Srv.Store.Scheme().Save(scheme); result.Err != nil { + return nil, result.Err + } else { + return scheme, nil + } +} + +func (a *App) DeleteScheme(schemeId string) (*model.Scheme, *model.AppError) { + if err := a.IsPhase2MigrationCompleted(); err != nil { + return nil, err + } + + if result := <-a.Srv.Store.Scheme().Delete(schemeId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.Scheme), nil + } +} + +func (a *App) GetTeamsForSchemePage(scheme *model.Scheme, page int, perPage int) ([]*model.Team, *model.AppError) { + return a.GetTeamsForScheme(scheme, page*perPage, perPage) +} + +func (a *App) GetTeamsForScheme(scheme *model.Scheme, offset int, limit int) ([]*model.Team, *model.AppError) { + if result := <-a.Srv.Store.Team().GetTeamsByScheme(scheme.Id, offset, limit); result.Err != nil { + return nil, result.Err + } else { + return result.Data.([]*model.Team), nil + } +} + +func (a *App) GetChannelsForSchemePage(scheme *model.Scheme, page int, perPage int) (model.ChannelList, *model.AppError) { + return a.GetChannelsForScheme(scheme, page*perPage, perPage) +} + +func (a *App) GetChannelsForScheme(scheme *model.Scheme, offset int, limit int) (model.ChannelList, *model.AppError) { + if result := <-a.Srv.Store.Channel().GetChannelsByScheme(scheme.Id, offset, limit); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(model.ChannelList), nil + } +} + +func (a *App) IsPhase2MigrationCompleted() *model.AppError { + if result := <-a.Srv.Store.System().GetByName(model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2); result.Err != nil { + return result.Err + } + + return nil +} diff --git a/app/team.go b/app/team.go index aca99dd1e..2833e2eed 100644 --- a/app/team.go +++ b/app/team.go @@ -114,6 +114,24 @@ func (a *App) UpdateTeam(team *model.Team) (*model.Team, *model.AppError) { return oldTeam, nil } +func (a *App) UpdateTeamScheme(team *model.Team) (*model.Team, *model.AppError) { + var oldTeam *model.Team + var err *model.AppError + if oldTeam, err = a.GetTeam(team.Id); err != nil { + return nil, err + } + + oldTeam.SchemeId = team.SchemeId + + if result := <-a.Srv.Store.Team().Update(oldTeam); result.Err != nil { + return nil, result.Err + } + + a.sendTeamEvent(oldTeam, model.WEBSOCKET_EVENT_UPDATE_TEAM) + + return oldTeam, nil +} + func (a *App) PatchTeam(teamId string, patch *model.TeamPatch) (*model.Team, *model.AppError) { team, err := a.GetTeam(teamId) if err != nil { @@ -142,17 +160,31 @@ func (a *App) sendTeamEvent(team *model.Team, event string) { a.Publish(message) } +func (a *App) GetSchemeRolesForTeam(teamId string) (string, string, *model.AppError) { + var team *model.Team + var err *model.AppError + + if team, err = a.GetTeam(teamId); err != nil { + return "", "", err + } + + if team.SchemeId != nil && len(*team.SchemeId) != 0 { + if scheme, err := a.GetScheme(*team.SchemeId); err != nil { + return "", "", err + } else { + return scheme.DefaultTeamUserRole, scheme.DefaultTeamAdminRole, nil + } + } + + return model.TEAM_USER_ROLE_ID, model.TEAM_ADMIN_ROLE_ID, nil +} + func (a *App) UpdateTeamMemberRoles(teamId string, userId string, newRoles string) (*model.TeamMember, *model.AppError) { var member *model.TeamMember - if result := <-a.Srv.Store.Team().GetTeamsForUser(userId); result.Err != nil { + if result := <-a.Srv.Store.Team().GetMember(teamId, userId); result.Err != nil { return nil, result.Err } else { - members := result.Data.([]*model.TeamMember) - for _, m := range members { - if m.TeamId == teamId { - member = m - } - } + member = result.Data.(*model.TeamMember) } if member == nil { @@ -160,14 +192,42 @@ func (a *App) UpdateTeamMemberRoles(teamId string, userId string, newRoles strin return nil, err } - if err := a.CheckRolesExist(strings.Fields(newRoles)); err != nil { + schemeUserRole, schemeAdminRole, err := a.GetSchemeRolesForTeam(teamId) + if err != nil { return nil, err } - member.Roles = newRoles + var newExplicitRoles []string + member.SchemeUser = false + member.SchemeAdmin = false + + for _, roleName := range strings.Fields(newRoles) { + if role, err := a.GetRoleByName(roleName); err != nil { + err.StatusCode = http.StatusBadRequest + return nil, err + } else if !role.SchemeManaged { + // The role is not scheme-managed, so it's OK to apply it to the explicit roles field. + newExplicitRoles = append(newExplicitRoles, roleName) + } else { + // The role is scheme-managed, so need to check if it is part of the scheme for this channel or not. + switch roleName { + case schemeAdminRole: + member.SchemeAdmin = true + case schemeUserRole: + member.SchemeUser = true + default: + // If not part of the scheme for this channel, then it is not allowed to apply it as an explicit role. + return nil, model.NewAppError("UpdateTeamMemberRoles", "api.channel.update_team_member_roles.scheme_role.app_error", nil, "role_name="+roleName, http.StatusBadRequest) + } + } + } + + member.ExplicitRoles = strings.Join(newExplicitRoles, " ") if result := <-a.Srv.Store.Team().UpdateMember(member); result.Err != nil { return nil, result.Err + } else { + member = result.Data.(*model.TeamMember) } a.ClearSessionCacheForUser(userId) @@ -293,13 +353,13 @@ func (a *App) AddUserToTeamByInviteId(inviteId string, userId string) (*model.Te // 3. a pointer to an AppError if something went wrong. func (a *App) joinUserToTeam(team *model.Team, user *model.User) (*model.TeamMember, bool, *model.AppError) { tm := &model.TeamMember{ - TeamId: team.Id, - UserId: user.Id, - Roles: model.TEAM_USER_ROLE_ID, + TeamId: team.Id, + UserId: user.Id, + SchemeUser: true, } if team.Email == user.Email { - tm.Roles = model.TEAM_USER_ROLE_ID + " " + model.TEAM_ADMIN_ROLE_ID + tm.SchemeAdmin = true } if etmr := <-a.Srv.Store.Team().GetMember(team.Id, user.Id); etmr.Err == nil { @@ -343,15 +403,11 @@ func (a *App) JoinUserToTeam(team *model.Team, user *model.User, userRequestorId return uua.Err } - channelRole := model.CHANNEL_USER_ROLE_ID - - if team.Email == user.Email { - channelRole = model.CHANNEL_USER_ROLE_ID + " " + model.CHANNEL_ADMIN_ROLE_ID - } + shouldBeAdmin := team.Email == user.Email // Soft error if there is an issue joining the default channels - if err := a.JoinDefaultChannels(team.Id, user, channelRole, userRequestorId); err != nil { - mlog.Error(fmt.Sprintf("Encountered an issue joining default channels user_id=%s, team_id=%s, err=%v", user.Id, team.Id, err), mlog.String("user_id", user.Id)) + if err := a.JoinDefaultChannels(team.Id, user, shouldBeAdmin, userRequestorId); err != nil { + mlog.Error(fmt.Sprintf("Encountered an issue joining default channels err=%v", err), mlog.String("user_id", user.Id), mlog.String("team_id", team.Id)) } a.ClearSessionCacheForUser(user.Id) diff --git a/app/team_test.go b/app/team_test.go index 7ebfb8166..6a47da58b 100644 --- a/app/team_test.go +++ b/app/team_test.go @@ -559,3 +559,21 @@ func TestJoinUserToTeam(t *testing.T) { } }) } + +func TestAppUpdateTeamScheme(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + + team := th.BasicTeam + mockID := model.NewString("x") + team.SchemeId = mockID + + updatedTeam, err := th.App.UpdateTeamScheme(th.BasicTeam) + if err != nil { + t.Fatal(err) + } + + if updatedTeam.SchemeId != mockID { + t.Fatal("Wrong Team SchemeId") + } +} |