8 files changed, 129 insertions, 3 deletions

diff --git a/model/authorization.go b/model/authorization.go
index 75aebf55c..56bb58913 100644
--- a/model/authorization.go
+++ b/model/authorization.go
@@ -27,6 +27,8 @@ var PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS *Permission
 var PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS *Permission
 var PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE *Permission
 var PERMISSION_MANAGE_ROLES *Permission
+var PERMISSION_MANAGE_TEAM_ROLES *Permission
+var PERMISSION_MANAGE_CHANNEL_ROLES *Permission
 var PERMISSION_CREATE_DIRECT_CHANNEL *Permission
 var PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES *Permission
 var PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES *Permission
@@ -46,7 +48,10 @@ var PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH *Permission
 var PERMISSION_CREATE_POST *Permission
 var PERMISSION_EDIT_POST *Permission
 var PERMISSION_EDIT_OTHERS_POSTS *Permission
+var PERMISSION_DELETE_POST *Permission
+var PERMISSION_DELETE_OTHERS_POSTS *Permission
 var PERMISSION_REMOVE_USER_FROM_TEAM *Permission
+var PERMISSION_CREATE_TEAM *Permission
 var PERMISSION_MANAGE_TEAM *Permission
 var PERMISSION_IMPORT_TEAM *Permission
 
@@ -123,6 +128,16 @@ func InitalizePermissions() {
 		"authentication.permissions.manage_roles.name",
 		"authentication.permissions.manage_roles.description",
 	}
+	PERMISSION_MANAGE_TEAM_ROLES = &Permission{
+		"manage_team_roles",
+		"authentication.permissions.manage_team_roles.name",
+		"authentication.permissions.manage_team_roles.description",
+	}
+	PERMISSION_MANAGE_CHANNEL_ROLES = &Permission{
+		"manage_channel_roles",
+		"authentication.permissions.manage_channel_roles.name",
+		"authentication.permissions.manage_channel_roles.description",
+	}
 	PERMISSION_MANAGE_SYSTEM = &Permission{
 		"manage_system",
 		"authentication.permissions.manage_system.name",
@@ -223,11 +238,26 @@ func InitalizePermissions() {
 		"authentication.permissions.edit_others_posts.name",
 		"authentication.permissions.edit_others_posts.description",
 	}
+	PERMISSION_DELETE_POST = &Permission{
+		"delete_post",
+		"authentication.permissions.delete_post.name",
+		"authentication.permissions.delete_post.description",
+	}
+	PERMISSION_DELETE_OTHERS_POSTS = &Permission{
+		"delete_others_posts",
+		"authentication.permissions.delete_others_posts.name",
+		"authentication.permissions.delete_others_posts.description",
+	}
 	PERMISSION_REMOVE_USER_FROM_TEAM = &Permission{
 		"remove_user_from_team",
 		"authentication.permissions.remove_user_from_team.name",
 		"authentication.permissions.remove_user_from_team.description",
 	}
+	PERMISSION_CREATE_TEAM = &Permission{
+		"create_team",
+		"authentication.permissions.create_team.name",
+		"authentication.permissions.create_team.description",
+	}
 	PERMISSION_MANAGE_TEAM = &Permission{
 		"manage_team",
 		"authentication.permissions.manage_team.name",
@@ -264,7 +294,9 @@ func InitalizeRoles() {
 		"channel_admin",
 		"authentication.roles.channel_admin.name",
 		"authentication.roles.channel_admin.description",
-		[]string{},
+		[]string{
+			PERMISSION_MANAGE_CHANNEL_ROLES.Id,
+		},
 	}
 	BuiltInRoles[ROLE_CHANNEL_ADMIN.Id] = ROLE_CHANNEL_ADMIN
 	ROLE_CHANNEL_GUEST = &Role{
@@ -295,7 +327,8 @@ func InitalizeRoles() {
 			PERMISSION_REMOVE_USER_FROM_TEAM.Id,
 			PERMISSION_MANAGE_TEAM.Id,
 			PERMISSION_IMPORT_TEAM.Id,
-			PERMISSION_MANAGE_ROLES.Id,
+			PERMISSION_MANAGE_TEAM_ROLES.Id,
+			PERMISSION_MANAGE_CHANNEL_ROLES.Id,
 			PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
 			PERMISSION_MANAGE_SLASH_COMMANDS.Id,
 			PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
@@ -329,6 +362,7 @@ func InitalizeRoles() {
 						[]string{
 							PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id,
 							PERMISSION_MANAGE_SYSTEM.Id,
+							PERMISSION_MANAGE_ROLES.Id,
 							PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 							PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
 							PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
@@ -340,6 +374,9 @@ func InitalizeRoles() {
 							PERMISSION_EDIT_OTHER_USERS.Id,
 							PERMISSION_MANAGE_OAUTH.Id,
 							PERMISSION_INVITE_USER.Id,
+							PERMISSION_DELETE_POST.Id,
+							PERMISSION_DELETE_OTHERS_POSTS.Id,
+							PERMISSION_CREATE_TEAM.Id,
 						},
 						ROLE_TEAM_USER.Permissions...,
 					),
diff --git a/model/client.go b/model/client.go
index 540bc747f..c75121e97 100644
--- a/model/client.go
+++ b/model/client.go
@@ -1471,6 +1471,21 @@ func (c *Client) GetPostById(postId string, etag string) (*PostList, *ResponseMe
 	}
 }
 
+// GetPermalink returns a post list, based on the provided channel and post ID.
+func (c *Client) GetPermalink(channelId string, postId string, etag string) (*PostList, *ResponseMetadata) {
+	if r, err := c.DoApiGet(c.GetTeamRoute()+fmt.Sprintf("/pltmp/%v", postId), "", etag); err != nil {
+		return nil, &ResponseMetadata{StatusCode: r.StatusCode, Error: err}
+	} else {
+		defer closeBody(r)
+		return PostListFromJson(r.Body),
+			&ResponseMetadata{
+				StatusCode: r.StatusCode,
+				RequestId:  r.Header.Get(HEADER_REQUEST_ID),
+				Etag:       r.Header.Get(HEADER_ETAG_SERVER),
+			}
+	}
+}
+
 func (c *Client) DeletePost(channelId string, postId string) (*Result, *AppError) {
 	if r, err := c.DoApiPost(c.GetChannelRoute(channelId)+fmt.Sprintf("/posts/%v/delete", postId), ""); err != nil {
 		return nil, err
@@ -2319,3 +2334,26 @@ func (c *Client) ListReactions(channelId string, postId string) ([]*Reaction, *A
 		return ReactionsFromJson(r.Body), nil
 	}
 }
+
+// Updates the user's roles in the channel by replacing them with the roles provided.
+func (c *Client) UpdateChannelRoles(channelId string, userId string, roles string) (map[string]string, *ResponseMetadata) {
+	data := make(map[string]string)
+	data["new_roles"] = roles
+	data["user_id"] = userId
+
+	if r, err := c.DoApiPost(c.GetChannelRoute(channelId)+"/update_member_roles", MapToJson(data)); err != nil {
+		metadata := ResponseMetadata{Error: err}
+		if r != nil {
+			metadata.StatusCode = r.StatusCode
+		}
+		return nil, &metadata
+	} else {
+		defer closeBody(r)
+		return MapFromJson(r.Body),
+			&ResponseMetadata{
+				StatusCode: r.StatusCode,
+				RequestId:  r.Header.Get(HEADER_REQUEST_ID),
+				Etag:       r.Header.Get(HEADER_ETAG_SERVER),
+			}
+	}
+}
diff --git a/model/config.go b/model/config.go
index 0134e1a34..13e795170 100644
--- a/model/config.go
+++ b/model/config.go
@@ -49,6 +49,14 @@ const (
 	RESTRICT_EMOJI_CREATION_ADMIN        = "admin"
 	RESTRICT_EMOJI_CREATION_SYSTEM_ADMIN = "system_admin"
 
+	PERMISSIONS_DELETE_POST_ALL          = "all"
+	PERMISSIONS_DELETE_POST_TEAM_ADMIN   = "team_admin"
+	PERMISSIONS_DELETE_POST_SYSTEM_ADMIN = "system_admin"
+
+	ALLOW_EDIT_POST_ALWAYS     = "always"
+	ALLOW_EDIT_POST_NEVER      = "never"
+	ALLOW_EDIT_POST_TIME_LIMIT = "time_limit"
+
 	EMAIL_BATCHING_BUFFER_SIZE = 256
 	EMAIL_BATCHING_INTERVAL    = 30
 
@@ -92,6 +100,9 @@ type ServiceSettings struct {
 	WebserverMode                     *string
 	EnableCustomEmoji                 *bool
 	RestrictCustomEmojiCreation       *string
+	RestrictPostDelete                *string
+	AllowEditPost                     *string
+	PostEditTimeLimit                 *int
 }
 
 type ClusterSettings struct {
@@ -827,6 +838,21 @@ func (o *Config) SetDefaults() {
 		*o.ServiceSettings.RestrictCustomEmojiCreation = RESTRICT_EMOJI_CREATION_ALL
 	}
 
+	if o.ServiceSettings.RestrictPostDelete == nil {
+		o.ServiceSettings.RestrictPostDelete = new(string)
+		*o.ServiceSettings.RestrictPostDelete = PERMISSIONS_DELETE_POST_ALL
+	}
+
+	if o.ServiceSettings.AllowEditPost == nil {
+		o.ServiceSettings.AllowEditPost = new(string)
+		*o.ServiceSettings.AllowEditPost = ALLOW_EDIT_POST_TIME_LIMIT
+	}
+
+	if o.ServiceSettings.PostEditTimeLimit == nil {
+		o.ServiceSettings.PostEditTimeLimit = new(int)
+		*o.ServiceSettings.PostEditTimeLimit = 300
+	}
+
 	if o.ClusterSettings.InterNodeListenAddress == nil {
 		o.ClusterSettings.InterNodeListenAddress = new(string)
 		*o.ClusterSettings.InterNodeListenAddress = ":8075"
diff --git a/model/file.go b/model/file.go
index c218c4246..20f6236de 100644
--- a/model/file.go
+++ b/model/file.go
@@ -8,6 +8,10 @@ import (
 	"io"
 )
 
+const (
+	MaxImageSize = 6048 * 4032 // 24 megapixels, roughly 36MB as a raw image
+)
+
 var (
 	IMAGE_EXTENSIONS = [5]string{".jpg", ".jpeg", ".gif", ".bmp", ".png"}
 	IMAGE_MIME_TYPES = map[string]string{".jpg": "image/jpeg", ".jpeg": "image/jpeg", ".gif": "image/gif", ".bmp": "image/bmp", ".png": "image/png", ".tiff": "image/tiff"}
diff --git a/model/post.go b/model/post.go
index 7097e031d..668c4db61 100644
--- a/model/post.go
+++ b/model/post.go
@@ -18,6 +18,7 @@ const (
 	POST_ADD_REMOVE            = "system_add_remove"
 	POST_HEADER_CHANGE         = "system_header_change"
 	POST_DISPLAYNAME_CHANGE    = "system_displayname_change"
+	POST_PURPOSE_CHANGE        = "system_purpose_change"
 	POST_CHANNEL_DELETED       = "system_channel_deleted"
 	POST_EPHEMERAL             = "system_ephemeral"
 	POST_FILEIDS_MAX_RUNES     = 150
@@ -31,6 +32,7 @@ type Post struct {
 	Id            string          `json:"id"`
 	CreateAt      int64           `json:"create_at"`
 	UpdateAt      int64           `json:"update_at"`
+	EditAt        int64           `json:"edit_at"`
 	DeleteAt      int64           `json:"delete_at"`
 	UserId        string          `json:"user_id"`
 	ChannelId     string          `json:"channel_id"`
@@ -119,7 +121,7 @@ func (o *Post) IsValid() *AppError {
 
 	// should be removed once more message types are supported
 	if !(o.Type == POST_DEFAULT || o.Type == POST_JOIN_LEAVE || o.Type == POST_ADD_REMOVE ||
-		o.Type == POST_SLACK_ATTACHMENT || o.Type == POST_HEADER_CHANGE ||
+		o.Type == POST_SLACK_ATTACHMENT || o.Type == POST_HEADER_CHANGE || o.Type == POST_PURPOSE_CHANGE ||
 		o.Type == POST_DISPLAYNAME_CHANGE || o.Type == POST_CHANNEL_DELETED) {
 		return NewLocAppError("Post.IsValid", "model.post.is_valid.type.app_error", nil, "id="+o.Type)
 	}
diff --git a/model/team.go b/model/team.go
index 3f05ce83a..195bac571 100644
--- a/model/team.go
+++ b/model/team.go
@@ -48,6 +48,14 @@ func InvitesFromJson(data io.Reader) *Invites {
 	}
 }
 
+func (o *Invites) ToEmailList() []string {
+	emailList := make([]string, len(o.Invites))
+	for _, invite := range o.Invites {
+		emailList = append(emailList, invite["email"])
+	}
+	return emailList
+}
+
 func (o *Invites) ToJson() string {
 	b, err := json.Marshal(o)
 	if err != nil {
diff --git a/model/user.go b/model/user.go
index 76c3772cb..876ba70e7 100644
--- a/model/user.go
+++ b/model/user.go
@@ -376,6 +376,13 @@ func IsInRole(userRoles string, inRole string) bool {
 	return false
 }
 
+func (u *User) IsSSOUser() bool {
+	if u.AuthService != "" && u.AuthService != USER_AUTH_SERVICE_EMAIL {
+		return true
+	}
+	return false
+}
+
 func (u *User) IsOAuthUser() bool {
 	if u.AuthService == USER_AUTH_SERVICE_GITLAB {
 		return true
diff --git a/model/websocket_client.go b/model/websocket_client.go
index 453ae49b7..c91855134 100644
--- a/model/websocket_client.go
+++ b/model/websocket_client.go
@@ -8,6 +8,10 @@ import (
 	"github.com/gorilla/websocket"
 )
 
+const (
+	SOCKET_MAX_MESSAGE_SIZE_KB = 8 * 1024 // 8KB
+)
+
 type WebSocketClient struct {
 	Url             string          // The location of the server like "ws://localhost:8065"
 	ApiUrl          string          // The api location of the server like "ws://localhost:8065/api/v3"