From 51bd710ecdca6628461c9fa2679737073e4d5059 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Mon, 14 May 2018 15:59:04 +0100 Subject: MM-9728: Online migration for advanced permissions phase 2 (#8744) * MM-9728: Online migration for advanced permissions phase 2 * Add unit tests for new store functions. * Move migration specific code to own file. * Add migration state function test. * Style fixes. * Add i18n strings. * Fix mocks. * Add TestMain to migrations package tests. * Fix typo. * Fix review comments. * Fix up the "Check if migration is done" check to actually work. --- app/app.go | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'app/app.go') diff --git a/app/app.go b/app/app.go index 2cdf333c1..d4a663e32 100644 --- a/app/app.go +++ b/app/app.go @@ -20,6 +20,7 @@ import ( "github.com/mattermost/mattermost-server/einterfaces" ejobs "github.com/mattermost/mattermost-server/einterfaces/jobs" "github.com/mattermost/mattermost-server/jobs" + tjobs "github.com/mattermost/mattermost-server/jobs/interfaces" "github.com/mattermost/mattermost-server/mlog" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/plugin/pluginenv" @@ -319,6 +320,12 @@ func RegisterJobsLdapSyncInterface(f func(*App) ejobs.LdapSyncInterface) { jobsLdapSyncInterface = f } +var jobsMigrationsInterface func(*App) tjobs.MigrationsJobInterface + +func RegisterJobsMigrationsJobInterface(f func(*App) tjobs.MigrationsJobInterface) { + jobsMigrationsInterface = f +} + var ldapInterface func(*App) einterfaces.LdapInterface func RegisterLdapInterface(f func(*App) einterfaces.LdapInterface) { @@ -413,6 +420,9 @@ func (a *App) initJobs() { if jobsLdapSyncInterface != nil { a.Jobs.LdapSync = jobsLdapSyncInterface(a) } + if jobsMigrationsInterface != nil { + a.Jobs.Migrations = jobsMigrationsInterface(a) + } } func (a *App) DiagnosticId() string { -- cgit v1.2.3-1-g7c22 From eb78d273f39202046fa71555a5a19b0ec8a95cb3 Mon Sep 17 00:00:00 2001 From: Martin Kraft Date: Mon, 21 May 2018 06:10:26 -0400 Subject: Refactors migrations check. (#8814) --- app/app.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'app/app.go') diff --git a/app/app.go b/app/app.go index d4a663e32..16470d850 100644 --- a/app/app.go +++ b/app/app.go @@ -92,6 +92,8 @@ type App struct { clientConfig map[string]string clientConfigHash string diagnosticId string + + phase2PermissionsMigrationComplete bool } var appCount = 0 @@ -588,3 +590,14 @@ func (a *App) DoAdvancedPermissionsMigration() { mlog.Critical(fmt.Sprint(result.Err)) } } + +func (a *App) SetPhase2PermissionsMigrationStatus(isComplete bool) error { + if !isComplete { + res := <-a.Srv.Store.System().PermanentDeleteByName(model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2) + if res.Err != nil { + return res.Err + } + } + a.phase2PermissionsMigrationComplete = isComplete + return nil +} -- cgit v1.2.3-1-g7c22 From e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Tue, 29 May 2018 16:58:12 +0200 Subject: MM-8853: Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS permissions (#8860) * MM-8853: Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS permissions * MM-8853: Removing unnecesary emoji enterprise feature * Create emojis migration * Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS always to system admins * Simplifing permissions checks * Revert "Simplifing permissions checks" This reverts commit e2cafc1905fc9e20125dd9a1552d2d0c7340ae59. --- app/app.go | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 73 insertions(+), 10 deletions(-) (limited to 'app/app.go') diff --git a/app/app.go b/app/app.go index e5a496c6b..bda56ca1a 100644 --- a/app/app.go +++ b/app/app.go @@ -30,6 +30,7 @@ import ( ) const ADVANCED_PERMISSIONS_MIGRATION_KEY = "AdvancedPermissionsMigrationComplete" +const EMOJIS_PERMISSIONS_MIGRATION_KEY = "EmojisPermissionsMigrationComplete" type App struct { goroutineCount int32 @@ -57,7 +58,6 @@ type App struct { Compliance einterfaces.ComplianceInterface DataRetention einterfaces.DataRetentionInterface Elasticsearch einterfaces.ElasticsearchInterface - Emoji einterfaces.EmojiInterface Ldap einterfaces.LdapInterface MessageExport einterfaces.MessageExportInterface Metrics einterfaces.MetricsInterface @@ -288,12 +288,6 @@ func RegisterElasticsearchInterface(f func(*App) einterfaces.ElasticsearchInterf elasticsearchInterface = f } -var emojiInterface func(*App) einterfaces.EmojiInterface - -func RegisterEmojiInterface(f func(*App) einterfaces.EmojiInterface) { - emojiInterface = f -} - var jobsDataRetentionJobInterface func(*App) ejobs.DataRetentionJobInterface func RegisterJobsDataRetentionJobInterface(f func(*App) ejobs.DataRetentionJobInterface) { @@ -376,9 +370,6 @@ func (a *App) initEnterprise() { if elasticsearchInterface != nil { a.Elasticsearch = elasticsearchInterface(a) } - if emojiInterface != nil { - a.Emoji = emojiInterface(a) - } if ldapInterface != nil { a.Ldap = ldapInterface(a) a.AddConfigListener(func(_, cfg *model.Config) { @@ -603,3 +594,75 @@ func (a *App) SetPhase2PermissionsMigrationStatus(isComplete bool) error { a.phase2PermissionsMigrationComplete = isComplete return nil } + +func (a *App) DoEmojisPermissionsMigration() { + // If the migration is already marked as completed, don't do it again. + if result := <-a.Srv.Store.System().GetByName(EMOJIS_PERMISSIONS_MIGRATION_KEY); result.Err == nil { + return + } + + var role *model.Role = nil + var systemAdminRole *model.Role = nil + var err *model.AppError = nil + + mlog.Info("Migrating emojis config to database.") + switch *a.Config().ServiceSettings.RestrictCustomEmojiCreation { + case model.RESTRICT_EMOJI_CREATION_ALL: + role, err = a.GetRoleByName(model.SYSTEM_USER_ROLE_ID) + if err != nil { + mlog.Critical("Failed to migrate emojis creation permissions from mattermost config.") + mlog.Critical(err.Error()) + return + } + break + case model.RESTRICT_EMOJI_CREATION_ADMIN: + role, err = a.GetRoleByName(model.TEAM_ADMIN_ROLE_ID) + if err != nil { + mlog.Critical("Failed to migrate emojis creation permissions from mattermost config.") + mlog.Critical(err.Error()) + return + } + break + case model.RESTRICT_EMOJI_CREATION_SYSTEM_ADMIN: + role = nil + break + default: + mlog.Critical("Failed to migrate emojis creation permissions from mattermost config.") + mlog.Critical("Invalid restrict emoji creation setting") + return + } + + if role != nil { + role.Permissions = append(role.Permissions, model.PERMISSION_MANAGE_EMOJIS.Id) + if result := <-a.Srv.Store.Role().Save(role); result.Err != nil { + mlog.Critical("Failed to migrate emojis creation permissions from mattermost config.") + mlog.Critical(result.Err.Error()) + return + } + } + + systemAdminRole, err = a.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) + if err != nil { + mlog.Critical("Failed to migrate emojis creation permissions from mattermost config.") + mlog.Critical(err.Error()) + return + } + + systemAdminRole.Permissions = append(systemAdminRole.Permissions, model.PERMISSION_MANAGE_EMOJIS.Id) + systemAdminRole.Permissions = append(systemAdminRole.Permissions, model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id) + if result := <-a.Srv.Store.Role().Save(systemAdminRole); result.Err != nil { + mlog.Critical("Failed to migrate emojis creation permissions from mattermost config.") + mlog.Critical(result.Err.Error()) + return + } + + system := model.System{ + Name: EMOJIS_PERMISSIONS_MIGRATION_KEY, + Value: "true", + } + + if result := <-a.Srv.Store.System().Save(&system); result.Err != nil { + mlog.Critical("Failed to mark emojis permissions migration as completed.") + mlog.Critical(fmt.Sprint(result.Err)) + } +} -- cgit v1.2.3-1-g7c22