From 847f30a13b9e784e54455e84069deeeba281874d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Mon, 24 Sep 2018 15:35:39 +0200 Subject: MM-11707: Change the default setting for EDIT_OTHERS_POSTS (#9447) * MM-11707: Removes edit_others_posts permission from the team_admin role in MakeDefaultRoles(). * MM-11707: Tests fix. * MM-11707: Update test store. * MM-11707: Allow to change the permission for edit the others posts on TE * Fixing tests --- api4/post_test.go | 10 ++++++++-- api4/role.go | 1 + app/app_test.go | 9 +++------ model/role.go | 2 +- store/storetest/scheme_store.go | 5 ++--- 5 files changed, 15 insertions(+), 12 deletions(-) diff --git a/api4/post_test.go b/api4/post_test.go index 8ccd88a42..3c9875975 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -587,6 +587,12 @@ func TestUpdatePost(t *testing.T) { Client.Logout() + th.LoginTeamAdmin() + _, resp = Client.UpdatePost(rpost.Id, rpost) + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = th.SystemAdminClient.UpdatePost(rpost.Id, rpost) CheckNoError(t, resp) } @@ -673,7 +679,7 @@ func TestPatchPost(t *testing.T) { th.LoginTeamAdmin() _, resp = Client.PatchPost(post.Id, patch) - CheckNoError(t, resp) + CheckForbiddenStatus(t, resp) _, resp = th.SystemAdminClient.PatchPost(post.Id, patch) CheckNoError(t, resp) @@ -1599,7 +1605,7 @@ func TestSearchPostsWithDateFlags(t *testing.T) { posts, _ = Client.SearchPosts(th.BasicTeam.Id, "before:2018-08-03 after:2018-08-01", false) if len(posts.Order) != 1 { t.Fatalf("wrong number of posts returned %v", len(posts.Order)) - } + } } func TestGetFileInfosForPost(t *testing.T) { diff --git a/api4/role.go b/api4/role.go index 4e367629b..384738c36 100644 --- a/api4/role.go +++ b/api4/role.go @@ -104,6 +104,7 @@ func patchRole(c *Context, w http.ResponseWriter, r *http.Request) { model.PERMISSION_MANAGE_OAUTH.Id, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, model.PERMISSION_MANAGE_EMOJIS.Id, + model.PERMISSION_EDIT_OTHERS_POSTS.Id, } changedPermissions := model.PermissionsChangedByPatch(oldRole, patch) diff --git a/app/app_test.go b/app/app_test.go index 1849f1b03..c071643c9 100644 --- a/app/app_test.go +++ b/app/app_test.go @@ -152,7 +152,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_CREATE_POST_PUBLIC.Id, }, "team_admin": []string{ - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, model.PERMISSION_MANAGE_TEAM.Id, model.PERMISSION_IMPORT_TEAM.Id, @@ -197,6 +196,7 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id, model.PERMISSION_EDIT_OTHER_USERS.Id, + model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_MANAGE_OAUTH.Id, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_DELETE_POST.Id, @@ -222,7 +222,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, model.PERMISSION_USE_SLASH_COMMANDS.Id, - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, model.PERMISSION_MANAGE_TEAM.Id, model.PERMISSION_IMPORT_TEAM.Id, @@ -315,7 +314,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_CREATE_POST_PUBLIC.Id, }, "team_admin": []string{ - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, model.PERMISSION_MANAGE_TEAM.Id, model.PERMISSION_IMPORT_TEAM.Id, @@ -362,6 +360,7 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id, model.PERMISSION_EDIT_OTHER_USERS.Id, + model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_MANAGE_OAUTH.Id, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_DELETE_POST.Id, @@ -387,7 +386,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, model.PERMISSION_USE_SLASH_COMMANDS.Id, - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, model.PERMISSION_MANAGE_TEAM.Id, model.PERMISSION_IMPORT_TEAM.Id, @@ -496,6 +494,7 @@ func TestDoEmojisPermissionsMigration(t *testing.T) { model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id, model.PERMISSION_EDIT_OTHER_USERS.Id, + model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_MANAGE_OAUTH.Id, model.PERMISSION_INVITE_USER.Id, model.PERMISSION_DELETE_POST.Id, @@ -521,7 +520,6 @@ func TestDoEmojisPermissionsMigration(t *testing.T) { model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, model.PERMISSION_USE_SLASH_COMMANDS.Id, - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, model.PERMISSION_MANAGE_TEAM.Id, model.PERMISSION_IMPORT_TEAM.Id, @@ -549,7 +547,6 @@ func TestDoEmojisPermissionsMigration(t *testing.T) { role2, err2 := th.App.GetRoleByName(model.TEAM_ADMIN_ROLE_ID) assert.Nil(t, err2) expected2 := []string{ - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, model.PERMISSION_MANAGE_TEAM.Id, model.PERMISSION_IMPORT_TEAM.Id, diff --git a/model/role.go b/model/role.go index 80ae1ae34..27b32ed69 100644 --- a/model/role.go +++ b/model/role.go @@ -243,7 +243,6 @@ func MakeDefaultRoles() map[string]*Role { DisplayName: "authentication.roles.team_admin.name", Description: "authentication.roles.team_admin.description", Permissions: []string{ - PERMISSION_EDIT_OTHERS_POSTS.Id, PERMISSION_REMOVE_USER_FROM_TEAM.Id, PERMISSION_MANAGE_TEAM.Id, PERMISSION_IMPORT_TEAM.Id, @@ -332,6 +331,7 @@ func MakeDefaultRoles() map[string]*Role { PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id, PERMISSION_EDIT_OTHER_USERS.Id, + PERMISSION_EDIT_OTHERS_POSTS.Id, PERMISSION_MANAGE_OAUTH.Id, PERMISSION_INVITE_USER.Id, PERMISSION_DELETE_POST.Id, diff --git a/store/storetest/scheme_store.go b/store/storetest/scheme_store.go index a9204fbe2..464af05bb 100644 --- a/store/storetest/scheme_store.go +++ b/store/storetest/scheme_store.go @@ -28,7 +28,6 @@ func createDefaultRoles(t *testing.T, ss store.Store) { Name: model.TEAM_ADMIN_ROLE_ID, DisplayName: model.TEAM_ADMIN_ROLE_ID, Permissions: []string{ - model.PERMISSION_EDIT_OTHERS_POSTS.Id, model.PERMISSION_DELETE_OTHERS_POSTS.Id, }, }) @@ -91,7 +90,7 @@ func testSchemeStoreSave(t *testing.T, ss store.Store) { roleRes1 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole) assert.Nil(t, roleRes1.Err) role1 := roleRes1.Data.(*model.Role) - assert.Equal(t, role1.Permissions, []string{"edit_others_posts", "delete_others_posts"}) + assert.Equal(t, role1.Permissions, []string{"delete_others_posts"}) assert.True(t, role1.SchemeManaged) roleRes2 := <-ss.Role().GetByName(d1.DefaultTeamUserRole) @@ -314,7 +313,7 @@ func testSchemeStoreDelete(t *testing.T, ss store.Store) { roleRes1 := <-ss.Role().GetByName(d1.DefaultTeamAdminRole) assert.Nil(t, roleRes1.Err) role1 := roleRes1.Data.(*model.Role) - assert.Equal(t, role1.Permissions, []string{"edit_others_posts", "delete_others_posts"}) + assert.Equal(t, role1.Permissions, []string{"delete_others_posts"}) assert.True(t, role1.SchemeManaged) roleRes2 := <-ss.Role().GetByName(d1.DefaultTeamUserRole) -- cgit v1.2.3-1-g7c22