From 8891fa2a5e9e08eb9fa99ec163c47a6e9761a816 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Mon, 19 Feb 2018 12:13:29 +0100 Subject: MM-8827: Add ADD_REACTION, REMOVE_REACTION and REMOVE_OTHERS_REACTIONS permissions (#8300) --- api/reaction.go | 8 +- api4/reaction.go | 12 +- api4/reaction_test.go | 464 +++++++++++++++++++++++++++++++------------------- app/app_test.go | 10 ++ model/permission.go | 24 +++ model/role.go | 3 + 6 files changed, 333 insertions(+), 188 deletions(-) diff --git a/api/reaction.go b/api/reaction.go index 991044cda..812c9f582 100644 --- a/api/reaction.go +++ b/api/reaction.go @@ -36,8 +36,8 @@ func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_ADD_REACTION) { + c.SetPermissionError(model.PERMISSION_ADD_REACTION) return } @@ -87,8 +87,8 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_REMOVE_REACTION) { + c.SetPermissionError(model.PERMISSION_REMOVE_REACTION) return } diff --git a/api4/reaction.go b/api4/reaction.go index af637bf91..337b49751 100644 --- a/api4/reaction.go +++ b/api4/reaction.go @@ -32,8 +32,8 @@ func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(c.Session, reaction.PostId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + if !c.App.SessionHasPermissionToChannelByPost(c.Session, reaction.PostId, model.PERMISSION_ADD_REACTION) { + c.SetPermissionError(model.PERMISSION_ADD_REACTION) return } @@ -82,13 +82,13 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) { - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + if !c.App.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_REMOVE_REACTION) { + c.SetPermissionError(model.PERMISSION_REMOVE_REACTION) return } - if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { - c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REMOVE_OTHERS_REACTIONS) { + c.SetPermissionError(model.PERMISSION_REMOVE_OTHERS_REACTIONS) return } diff --git a/api4/reaction_test.go b/api4/reaction_test.go index 93cd754c9..ac1a49671 100644 --- a/api4/reaction_test.go +++ b/api4/reaction_test.go @@ -19,116 +19,159 @@ func TestSaveReaction(t *testing.T) { userId := th.BasicUser.Id postId := th.BasicPost.Id + // Check the appropriate permissions are enforced. + defaultRolePermissions := th.SaveDefaultRolePermissions() + defer func() { + th.RestoreDefaultRolePermissions(defaultRolePermissions) + }() + reaction := &model.Reaction{ UserId: userId, PostId: postId, EmojiName: "smile", } - rr, resp := Client.SaveReaction(reaction) - CheckNoError(t, resp) + t.Run("successful-reaction", func(t *testing.T) { + rr, resp := Client.SaveReaction(reaction) + CheckNoError(t, resp) - if rr.UserId != reaction.UserId { - t.Fatal("UserId did not match") - } + if rr.UserId != reaction.UserId { + t.Fatal("UserId did not match") + } - if rr.PostId != reaction.PostId { - t.Fatal("PostId did not match") - } + if rr.PostId != reaction.PostId { + t.Fatal("PostId did not match") + } - if rr.EmojiName != reaction.EmojiName { - t.Fatal("EmojiName did not match") - } + if rr.EmojiName != reaction.EmojiName { + t.Fatal("EmojiName did not match") + } - if rr.CreateAt == 0 { - t.Fatal("CreateAt should exist") - } + if rr.CreateAt == 0 { + t.Fatal("CreateAt should exist") + } - if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 { - t.Fatal("didn't save reaction correctly") - } + if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 { + t.Fatal("didn't save reaction correctly") + } + }) - // saving a duplicate reaction - rr, resp = Client.SaveReaction(reaction) - CheckNoError(t, resp) + t.Run("duplicated-reaction", func(t *testing.T) { + _, resp := Client.SaveReaction(reaction) + CheckNoError(t, resp) - if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 { - t.Fatal("should have not save duplicated reaction") - } + if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 { + t.Fatal("should have not save duplicated reaction") + } + }) - reaction.EmojiName = "sad" + t.Run("save-second-reaction", func(t *testing.T) { + reaction.EmojiName = "sad" - rr, resp = Client.SaveReaction(reaction) - CheckNoError(t, resp) + rr, resp := Client.SaveReaction(reaction) + CheckNoError(t, resp) - if rr.EmojiName != reaction.EmojiName { - t.Fatal("EmojiName did not match") - } + if rr.EmojiName != reaction.EmojiName { + t.Fatal("EmojiName did not match") + } - if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 2 { - t.Fatal("should have save multiple reactions") - } + if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 2 { + t.Fatal("should have save multiple reactions") + } + }) - // saving special case - reaction.EmojiName = "+1" + t.Run("saving-special-case", func(t *testing.T) { + reaction.EmojiName = "+1" - rr, resp = Client.SaveReaction(reaction) - CheckNoError(t, resp) + rr, resp := Client.SaveReaction(reaction) + CheckNoError(t, resp) - if rr.EmojiName != reaction.EmojiName { - t.Fatal("EmojiName did not match") - } + if rr.EmojiName != reaction.EmojiName { + t.Fatal("EmojiName did not match") + } - if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 3 { - t.Fatal("should have save multiple reactions") - } + if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 3 { + t.Fatal("should have save multiple reactions") + } + }) + + t.Run("react-to-not-existing-post-id", func(t *testing.T) { + reaction.PostId = GenerateTestId() + + _, resp := Client.SaveReaction(reaction) + CheckForbiddenStatus(t, resp) + }) - reaction.PostId = GenerateTestId() + t.Run("react-to-not-valid-post-id", func(t *testing.T) { + reaction.PostId = "junk" - _, resp = Client.SaveReaction(reaction) - CheckForbiddenStatus(t, resp) + _, resp := Client.SaveReaction(reaction) + CheckBadRequestStatus(t, resp) + }) - reaction.PostId = "junk" + t.Run("react-as-not-existing-user-id", func(t *testing.T) { + reaction.PostId = postId + reaction.UserId = GenerateTestId() - _, resp = Client.SaveReaction(reaction) - CheckBadRequestStatus(t, resp) + _, resp := Client.SaveReaction(reaction) + CheckForbiddenStatus(t, resp) + }) - reaction.PostId = postId - reaction.UserId = GenerateTestId() + t.Run("react-as-not-valid-user-id", func(t *testing.T) { + reaction.UserId = "junk" - _, resp = Client.SaveReaction(reaction) - CheckForbiddenStatus(t, resp) + _, resp := Client.SaveReaction(reaction) + CheckBadRequestStatus(t, resp) + }) - reaction.UserId = "junk" + t.Run("react-as-empty-emoji-name", func(t *testing.T) { + reaction.UserId = userId + reaction.EmojiName = "" - _, resp = Client.SaveReaction(reaction) - CheckBadRequestStatus(t, resp) + _, resp := Client.SaveReaction(reaction) + CheckBadRequestStatus(t, resp) + }) - reaction.UserId = userId - reaction.EmojiName = "" + t.Run("react-as-not-valid-emoji-name", func(t *testing.T) { + reaction.EmojiName = strings.Repeat("a", 65) - _, resp = Client.SaveReaction(reaction) - CheckBadRequestStatus(t, resp) + _, resp := Client.SaveReaction(reaction) + CheckBadRequestStatus(t, resp) + }) - reaction.EmojiName = strings.Repeat("a", 65) + t.Run("react-as-other-user", func(t *testing.T) { + reaction.EmojiName = "smile" + otherUser := th.CreateUser() + Client.Logout() + Client.Login(otherUser.Email, otherUser.Password) - _, resp = Client.SaveReaction(reaction) - CheckBadRequestStatus(t, resp) + _, resp := Client.SaveReaction(reaction) + CheckForbiddenStatus(t, resp) + }) - reaction.EmojiName = "smile" - otherUser := th.CreateUser() - Client.Logout() - Client.Login(otherUser.Email, otherUser.Password) + t.Run("react-being-not-logged-in", func(t *testing.T) { + Client.Logout() + _, resp := Client.SaveReaction(reaction) + CheckUnauthorizedStatus(t, resp) + }) - _, resp = Client.SaveReaction(reaction) - CheckForbiddenStatus(t, resp) + t.Run("react-as-other-user-being-system-admin", func(t *testing.T) { + _, resp := th.SystemAdminClient.SaveReaction(reaction) + CheckForbiddenStatus(t, resp) + }) - Client.Logout() - _, resp = Client.SaveReaction(reaction) - CheckUnauthorizedStatus(t, resp) + t.Run("unable-to-create-reaction-without-permissions", func(t *testing.T) { + th.LoginBasic() - _, resp = th.SystemAdminClient.SaveReaction(reaction) - CheckForbiddenStatus(t, resp) + th.RemovePermissionFromRole(model.PERMISSION_ADD_REACTION.Id, model.CHANNEL_USER_ROLE_ID) + _, resp := Client.SaveReaction(reaction) + CheckForbiddenStatus(t, resp) + + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 3 { + t.Fatal("should have not created a reactions") + } + th.AddPermissionToRole(model.PERMISSION_ADD_REACTION.Id, model.CHANNEL_USER_ROLE_ID) + }) } func TestGetReactions(t *testing.T) { @@ -177,29 +220,39 @@ func TestGetReactions(t *testing.T) { } } - rr, resp := Client.GetReactions(postId) - CheckNoError(t, resp) + t.Run("get-reactions", func(t *testing.T) { + rr, resp := Client.GetReactions(postId) + CheckNoError(t, resp) - assert.Len(t, rr, 5) - for _, r := range reactions { - assert.Contains(t, reactions, r) - } + assert.Len(t, rr, 5) + for _, r := range reactions { + assert.Contains(t, reactions, r) + } + }) - rr, resp = Client.GetReactions("junk") - CheckBadRequestStatus(t, resp) + t.Run("get-reactions-of-invalid-post-id", func(t *testing.T) { + rr, resp := Client.GetReactions("junk") + CheckBadRequestStatus(t, resp) - assert.Empty(t, rr) + assert.Empty(t, rr) + }) - _, resp = Client.GetReactions(GenerateTestId()) - CheckForbiddenStatus(t, resp) + t.Run("get-reactions-of-not-existing-post-id", func(t *testing.T) { + _, resp := Client.GetReactions(GenerateTestId()) + CheckForbiddenStatus(t, resp) + }) - Client.Logout() + t.Run("get-reactions-as-anonymous-user", func(t *testing.T) { + Client.Logout() - _, resp = Client.GetReactions(postId) - CheckUnauthorizedStatus(t, resp) + _, resp := Client.GetReactions(postId) + CheckUnauthorizedStatus(t, resp) + }) - _, resp = th.SystemAdminClient.GetReactions(postId) - CheckNoError(t, resp) + t.Run("get-reactions-as-system-admin", func(t *testing.T) { + _, resp := th.SystemAdminClient.GetReactions(postId) + CheckNoError(t, resp) + }) } func TestDeleteReaction(t *testing.T) { @@ -216,131 +269,186 @@ func TestDeleteReaction(t *testing.T) { EmojiName: "smile", } - th.App.SaveReactionForPost(r1) - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 { - t.Fatal("didn't save reaction correctly") - } - - ok, resp := Client.DeleteReaction(r1) - CheckNoError(t, resp) - - if !ok { - t.Fatal("should have returned true") - } - - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 { - t.Fatal("should have deleted reaction") - } - - // deleting one reaction when a post has multiple reactions r2 := &model.Reaction{ UserId: userId, PostId: postId, EmojiName: "smile-", } - th.App.SaveReactionForPost(r1) - th.App.SaveReactionForPost(r2) - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { - t.Fatal("didn't save reactions correctly") - } - - _, resp = Client.DeleteReaction(r2) - CheckNoError(t, resp) - - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 { - t.Fatal("should have deleted 1 reaction only") - } - - // deleting one reaction of name +1 r3 := &model.Reaction{ UserId: userId, PostId: postId, EmojiName: "+1", } - th.App.SaveReactionForPost(r3) - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { - t.Fatal("didn't save reactions correctly") - } - - _, resp = Client.DeleteReaction(r3) - CheckNoError(t, resp) - - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 { - t.Fatal("should have deleted 1 reaction only") - } - - // deleting a reaction made by another user r4 := &model.Reaction{ UserId: user2Id, PostId: postId, EmojiName: "smile_", } - th.LoginBasic2() - th.App.SaveReactionForPost(r4) - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { - t.Fatal("didn't save reaction correctly") - } + // Check the appropriate permissions are enforced. + defaultRolePermissions := th.SaveDefaultRolePermissions() + defer func() { + th.RestoreDefaultRolePermissions(defaultRolePermissions) + }() - th.LoginBasic() + t.Run("delete-reaction", func(t *testing.T) { + th.App.SaveReactionForPost(r1) + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 { + t.Fatal("didn't save reaction correctly") + } - ok, resp = Client.DeleteReaction(r4) - CheckForbiddenStatus(t, resp) + ok, resp := Client.DeleteReaction(r1) + CheckNoError(t, resp) - if ok { - t.Fatal("should have returned false") - } + if !ok { + t.Fatal("should have returned true") + } - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { - t.Fatal("should have not deleted a reaction") - } + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 { + t.Fatal("should have deleted reaction") + } + }) - r1.PostId = GenerateTestId() - _, resp = Client.DeleteReaction(r1) - CheckForbiddenStatus(t, resp) + t.Run("delete-reaction-when-post-has-multiple-reactions", func(t *testing.T) { + th.App.SaveReactionForPost(r1) + th.App.SaveReactionForPost(r2) + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { + t.Fatal("didn't save reactions correctly") + } + + _, resp := Client.DeleteReaction(r2) + CheckNoError(t, resp) - r1.PostId = "junk" + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 { + t.Fatal("should have deleted 1 reaction only") + } + }) + + t.Run("delete-reaction-when-plus-one-reaction-name", func(t *testing.T) { + th.App.SaveReactionForPost(r3) + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { + t.Fatal("didn't save reactions correctly") + } - _, resp = Client.DeleteReaction(r1) - CheckBadRequestStatus(t, resp) + _, resp := Client.DeleteReaction(r3) + CheckNoError(t, resp) - r1.PostId = postId - r1.UserId = GenerateTestId() + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 { + t.Fatal("should have deleted 1 reaction only") + } + }) - _, resp = Client.DeleteReaction(r1) - CheckForbiddenStatus(t, resp) + t.Run("delete-reaction-made-by-another-user", func(t *testing.T) { + th.LoginBasic2() + th.App.SaveReactionForPost(r4) + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { + t.Fatal("didn't save reaction correctly") + } - r1.UserId = "junk" + th.LoginBasic() - _, resp = Client.DeleteReaction(r1) - CheckBadRequestStatus(t, resp) + ok, resp := Client.DeleteReaction(r4) + CheckForbiddenStatus(t, resp) - r1.UserId = userId - r1.EmojiName = "" + if ok { + t.Fatal("should have returned false") + } - _, resp = Client.DeleteReaction(r1) - CheckNotFoundStatus(t, resp) + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 { + t.Fatal("should have not deleted a reaction") + } + }) - r1.EmojiName = strings.Repeat("a", 65) + t.Run("delete-reaction-from-not-existing-post-id", func(t *testing.T) { + r1.PostId = GenerateTestId() + _, resp := Client.DeleteReaction(r1) + CheckForbiddenStatus(t, resp) + }) - _, resp = Client.DeleteReaction(r1) - CheckBadRequestStatus(t, resp) + t.Run("delete-reaction-from-not-valid-post-id", func(t *testing.T) { + r1.PostId = "junk" - Client.Logout() - r1.EmojiName = "smile" + _, resp := Client.DeleteReaction(r1) + CheckBadRequestStatus(t, resp) + }) - _, resp = Client.DeleteReaction(r1) - CheckUnauthorizedStatus(t, resp) + t.Run("delete-reaction-from-not-existing-user-id", func(t *testing.T) { + r1.PostId = postId + r1.UserId = GenerateTestId() - _, resp = th.SystemAdminClient.DeleteReaction(r1) - CheckNoError(t, resp) + _, resp := Client.DeleteReaction(r1) + CheckForbiddenStatus(t, resp) + }) - _, resp = th.SystemAdminClient.DeleteReaction(r4) - CheckNoError(t, resp) + t.Run("delete-reaction-from-not-valid-user-id", func(t *testing.T) { + r1.UserId = "junk" - if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 { - t.Fatal("should have deleted both reactions") - } + _, resp := Client.DeleteReaction(r1) + CheckBadRequestStatus(t, resp) + }) + + t.Run("delete-reaction-with-empty-name", func(t *testing.T) { + r1.UserId = userId + r1.EmojiName = "" + + _, resp := Client.DeleteReaction(r1) + CheckNotFoundStatus(t, resp) + }) + + t.Run("delete-reaction-with-not-existing-name", func(t *testing.T) { + r1.EmojiName = strings.Repeat("a", 65) + + _, resp := Client.DeleteReaction(r1) + CheckBadRequestStatus(t, resp) + }) + + t.Run("delete-reaction-as-anonymous-user", func(t *testing.T) { + Client.Logout() + r1.EmojiName = "smile" + + _, resp := Client.DeleteReaction(r1) + CheckUnauthorizedStatus(t, resp) + }) + + t.Run("delete-reaction-as-system-admin", func(t *testing.T) { + _, resp := th.SystemAdminClient.DeleteReaction(r1) + CheckNoError(t, resp) + + _, resp = th.SystemAdminClient.DeleteReaction(r4) + CheckNoError(t, resp) + + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 { + t.Fatal("should have deleted both reactions") + } + }) + + t.Run("unable-to-delete-reaction-without-permissions", func(t *testing.T) { + th.LoginBasic() + + th.RemovePermissionFromRole(model.PERMISSION_REMOVE_REACTION.Id, model.CHANNEL_USER_ROLE_ID) + th.App.SaveReactionForPost(r1) + + _, resp := Client.DeleteReaction(r1) + CheckForbiddenStatus(t, resp) + + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 { + t.Fatal("should have not deleted a reactions") + } + th.AddPermissionToRole(model.PERMISSION_REMOVE_REACTION.Id, model.CHANNEL_USER_ROLE_ID) + }) + + t.Run("unable-to-delete-others-reactions-without-permissions", func(t *testing.T) { + th.RemovePermissionFromRole(model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, model.SYSTEM_ADMIN_ROLE_ID) + th.App.SaveReactionForPost(r1) + + _, resp := th.SystemAdminClient.DeleteReaction(r1) + CheckForbiddenStatus(t, resp) + + if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 { + t.Fatal("should have not deleted a reactions") + } + th.AddPermissionToRole(model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, model.SYSTEM_ADMIN_ROLE_ID) + }) } diff --git a/app/app_test.go b/app/app_test.go index 3690d916f..c2841ec53 100644 --- a/app/app_test.go +++ b/app/app_test.go @@ -106,6 +106,8 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { expected1 := map[string][]string{ "channel_user": []string{ model.PERMISSION_READ_CHANNEL.Id, + model.PERMISSION_ADD_REACTION.Id, + model.PERMISSION_REMOVE_REACTION.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, model.PERMISSION_UPLOAD_FILE.Id, model.PERMISSION_GET_PUBLIC_LINK.Id, @@ -196,11 +198,14 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, + model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, model.PERMISSION_LIST_TEAM_CHANNELS.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, model.PERMISSION_READ_PUBLIC_CHANNEL.Id, model.PERMISSION_VIEW_TEAM.Id, model.PERMISSION_READ_CHANNEL.Id, + model.PERMISSION_ADD_REACTION.Id, + model.PERMISSION_REMOVE_REACTION.Id, model.PERMISSION_UPLOAD_FILE.Id, model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, @@ -265,6 +270,8 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { expected2 := map[string][]string{ "channel_user": []string{ model.PERMISSION_READ_CHANNEL.Id, + model.PERMISSION_ADD_REACTION.Id, + model.PERMISSION_REMOVE_REACTION.Id, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, model.PERMISSION_UPLOAD_FILE.Id, model.PERMISSION_GET_PUBLIC_LINK.Id, @@ -355,11 +362,14 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, + model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, model.PERMISSION_LIST_TEAM_CHANNELS.Id, model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, model.PERMISSION_READ_PUBLIC_CHANNEL.Id, model.PERMISSION_VIEW_TEAM.Id, model.PERMISSION_READ_CHANNEL.Id, + model.PERMISSION_ADD_REACTION.Id, + model.PERMISSION_REMOVE_REACTION.Id, model.PERMISSION_UPLOAD_FILE.Id, model.PERMISSION_GET_PUBLIC_LINK.Id, model.PERMISSION_CREATE_POST.Id, diff --git a/model/permission.go b/model/permission.go index 0dc09f49a..ddbf1030e 100644 --- a/model/permission.go +++ b/model/permission.go @@ -40,6 +40,9 @@ var PERMISSION_DELETE_PRIVATE_CHANNEL *Permission var PERMISSION_EDIT_OTHER_USERS *Permission var PERMISSION_READ_CHANNEL *Permission var PERMISSION_READ_PUBLIC_CHANNEL *Permission +var PERMISSION_ADD_REACTION *Permission +var PERMISSION_REMOVE_REACTION *Permission +var PERMISSION_REMOVE_OTHERS_REACTIONS *Permission var PERMISSION_PERMANENT_DELETE_USER *Permission var PERMISSION_UPLOAD_FILE *Permission var PERMISSION_GET_PUBLIC_LINK *Permission @@ -222,6 +225,24 @@ func initializePermissions() { "authentication.permissions.read_public_channel.description", PERMISSION_SCOPE_TEAM, } + PERMISSION_ADD_REACTION = &Permission{ + "add_reaction", + "authentication.permissions.add_reaction.name", + "authentication.permissions.add_reaction.description", + PERMISSION_SCOPE_CHANNEL, + } + PERMISSION_REMOVE_REACTION = &Permission{ + "remove_reaction", + "authentication.permissions.remove_reaction.name", + "authentication.permissions.remove_reaction.description", + PERMISSION_SCOPE_CHANNEL, + } + PERMISSION_REMOVE_OTHERS_REACTIONS = &Permission{ + "remove_others_reactions", + "authentication.permissions.remove_others_reactions.name", + "authentication.permissions.remove_others_reactions.description", + PERMISSION_SCOPE_CHANNEL, + } PERMISSION_PERMANENT_DELETE_USER = &Permission{ "permanent_delete_user", "authentication.permissions.permanent_delete_user.name", @@ -386,6 +407,9 @@ func initializePermissions() { PERMISSION_EDIT_OTHER_USERS, PERMISSION_READ_CHANNEL, PERMISSION_READ_PUBLIC_CHANNEL, + PERMISSION_ADD_REACTION, + PERMISSION_REMOVE_REACTION, + PERMISSION_REMOVE_OTHERS_REACTIONS, PERMISSION_PERMANENT_DELETE_USER, PERMISSION_UPLOAD_FILE, PERMISSION_GET_PUBLIC_LINK, diff --git a/model/role.go b/model/role.go index 5f7352f12..5c2cf8f5b 100644 --- a/model/role.go +++ b/model/role.go @@ -178,6 +178,8 @@ func MakeDefaultRoles() map[string]*Role { Description: "authentication.roles.channel_user.description", Permissions: []string{ PERMISSION_READ_CHANNEL.Id, + PERMISSION_ADD_REACTION.Id, + PERMISSION_REMOVE_REACTION.Id, PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, PERMISSION_UPLOAD_FILE.Id, PERMISSION_GET_PUBLIC_LINK.Id, @@ -331,6 +333,7 @@ func MakeDefaultRoles() map[string]*Role { PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, PERMISSION_READ_USER_ACCESS_TOKEN.Id, PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, + PERMISSION_REMOVE_OTHERS_REACTIONS.Id, }, roles[TEAM_USER_ROLE_ID].Permissions..., ), -- cgit v1.2.3-1-g7c22