From 0e718a632a616bcfec4378f512182245b68f4fd8 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Mon, 19 Feb 2018 10:16:45 +0000 Subject: MM-9618: Don't change default role permissions for policy. (#8303) --- api/channel_test.go | 8 ++++---- api4/channel_test.go | 8 ++++---- app/app_test.go | 12 ++++++------ utils/authorization.go | 32 ++++++++++++++++---------------- utils/policies-roles-mapping.json | 34 +++++++++++++++++----------------- 5 files changed, 47 insertions(+), 47 deletions(-) diff --git a/api/channel_test.go b/api/channel_test.go index c68ace31e..37dde24bd 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -1108,8 +1108,8 @@ func TestDeleteChannel(t *testing.T) { th.RestoreDefaultRolePermissions(defaultRolePermissions) }() - th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) - th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) th.LoginSystemAdmin() th.LinkUserToTeam(th.BasicUser, team) @@ -1131,8 +1131,8 @@ func TestDeleteChannel(t *testing.T) { t.Fatal(err) } - th.RemovePermissionFromRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) - th.RemovePermissionFromRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) diff --git a/api4/channel_test.go b/api4/channel_test.go index d85c939b2..1b74ea880 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -829,8 +829,8 @@ func TestDeleteChannel(t *testing.T) { th.RestoreDefaultRolePermissions(defaultRolePermissions) }() - th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) - th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) Client = th.Client team = th.BasicTeam @@ -852,8 +852,8 @@ func TestDeleteChannel(t *testing.T) { CheckNoError(t, resp) // Restrict permissions to Channel Admins - th.RemovePermissionFromRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) - th.RemovePermissionFromRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_USER_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.TEAM_USER_ROLE_ID) + th.RemovePermissionFromRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID) th.AddPermissionToRole(model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.CHANNEL_ADMIN_ROLE_ID) diff --git a/app/app_test.go b/app/app_test.go index f31e0332c..3690d916f 100644 --- a/app/app_test.go +++ b/app/app_test.go @@ -111,10 +111,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, model.PERMISSION_USE_SLASH_COMMANDS.Id, - model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, - model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, - model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.PERMISSION_DELETE_POST.Id, model.PERMISSION_EDIT_POST.Id, @@ -128,7 +124,11 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_READ_PUBLIC_CHANNEL.Id, model.PERMISSION_VIEW_TEAM.Id, model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, + model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, + model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_ADD_USER_TO_TEAM.Id, }, @@ -270,8 +270,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, model.PERMISSION_USE_SLASH_COMMANDS.Id, - model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, model.PERMISSION_DELETE_POST.Id, model.PERMISSION_EDIT_POST.Id, @@ -285,7 +283,9 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_READ_PUBLIC_CHANNEL.Id, model.PERMISSION_VIEW_TEAM.Id, model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, + model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_ADD_USER_TO_TEAM.Id, }, diff --git a/utils/authorization.go b/utils/authorization.go index bc71404ef..16f33bc1a 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -31,8 +31,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi if isLicensed { switch *cfg.TeamSettings.RestrictPublicChannelManagement { case model.PERMISSIONS_ALL: - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, ) case model.PERMISSIONS_CHANNEL_ADMIN: @@ -51,8 +51,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi ) } } else { - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, ) } @@ -60,8 +60,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi if isLicensed { switch *cfg.TeamSettings.RestrictPublicChannelDeletion { case model.PERMISSIONS_ALL: - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, ) case model.PERMISSIONS_CHANNEL_ADMIN: @@ -80,8 +80,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi ) } } else { - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, ) } @@ -109,8 +109,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi if isLicensed { switch *cfg.TeamSettings.RestrictPrivateChannelManagement { case model.PERMISSIONS_ALL: - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, ) case model.PERMISSIONS_CHANNEL_ADMIN: @@ -129,8 +129,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi ) } } else { - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, ) } @@ -138,8 +138,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi if isLicensed { switch *cfg.TeamSettings.RestrictPrivateChannelDeletion { case model.PERMISSIONS_ALL: - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, ) case model.PERMISSIONS_CHANNEL_ADMIN: @@ -158,8 +158,8 @@ func SetRolePermissionsFromConfig(roles map[string]*model.Role, cfg *model.Confi ) } } else { - roles[model.CHANNEL_USER_ROLE_ID].Permissions = append( - roles[model.CHANNEL_USER_ROLE_ID].Permissions, + roles[model.TEAM_USER_ROLE_ID].Permissions = append( + roles[model.TEAM_USER_ROLE_ID].Permissions, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, ) } diff --git a/utils/policies-roles-mapping.json b/utils/policies-roles-mapping.json index 1b2acdfcb..6b09c6c72 100644 --- a/utils/policies-roles-mapping.json +++ b/utils/policies-roles-mapping.json @@ -101,14 +101,14 @@ "restrictPublicChannelManagement": { "all": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_public_channel_properties", "shouldHave": true } ], "channel_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_public_channel_properties", "shouldHave": false }, @@ -125,7 +125,7 @@ ], "team_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_public_channel_properties", "shouldHave": false }, @@ -142,7 +142,7 @@ ], "system_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_public_channel_properties", "shouldHave": false }, @@ -161,14 +161,14 @@ "restrictPublicChannelDeletion": { "all": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_public_channel", "shouldHave": true } ], "channel_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_public_channel", "shouldHave": false }, @@ -185,7 +185,7 @@ ], "team_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_public_channel", "shouldHave": false }, @@ -202,7 +202,7 @@ ], "system_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_public_channel", "shouldHave": false }, @@ -221,14 +221,14 @@ "restrictPrivateChannelManagement": { "all": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_private_channel_properties", "shouldHave": true } ], "channel_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_private_channel_properties", "shouldHave": false }, @@ -245,7 +245,7 @@ ], "team_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_private_channel_properties", "shouldHave": false }, @@ -262,7 +262,7 @@ ], "system_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "manage_private_channel_properties", "shouldHave": false }, @@ -341,14 +341,14 @@ "restrictPrivateChannelDeletion": { "all": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_private_channel", "shouldHave": true } ], "channel_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_private_channel", "shouldHave": false }, @@ -365,7 +365,7 @@ ], "team_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_private_channel", "shouldHave": false }, @@ -382,7 +382,7 @@ ], "system_admin": [ { - "roleName": "channel_user", + "roleName": "team_user", "permission": "delete_private_channel", "shouldHave": false }, @@ -529,4 +529,4 @@ } ] } -} \ No newline at end of file +} -- cgit v1.2.3-1-g7c22