From 3bae67489f53ad6501d3632cfa8847b2d09ebaff Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 8 Jun 2018 17:04:17 +0200 Subject: Relese5.0 merge master 20180608 (#8933) * Add missing diagnostics (#8911) * Update diagnostics.go * Update diagnostics.go * Fix push notification styling backwards compatibility (#8913) * MM-10803: remove premature user sanitization on deactivation (#8926) * remove unused UpdateNonSSOUserActive * MM-10803: stop prematurely sanitizing users on deactivate This change was preceded by the removal of UpdateNonSSOUserActive to ensure there are no APIs relying on the sanitized return value. * MM-10803: test websocket events after UpdateUserActive * MM-10264: Adds system scheme to permissions import/export. (#8924) * MM-10264: Adds system scheme to permissions import/export. * MM-10264: Switches to more likely unique name. * MM-10264: Changed collision prevention string. * MM-10264: Rolls back created schemes in all error cases. * MM-10264: Test fix for more rollback cases. --- app/permissions.go | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 3 deletions(-) (limited to 'app/permissions.go') diff --git a/app/permissions.go b/app/permissions.go index 5b1b49de2..d86ceab5d 100644 --- a/app/permissions.go +++ b/app/permissions.go @@ -14,6 +14,7 @@ import ( ) const permissionsExportBatchSize = 100 +const systemSchemeName = "00000000-0000-0000-0000-000000000000" // Prevents collisions with user-created schemes. func (a *App) ResetPermissionsSystem() *model.AppError { // Reset all Teams to not have a scheme. @@ -101,6 +102,31 @@ func (a *App) ExportPermissions(w io.Writer) error { } + defaultRoleNames := []string{} + for _, dr := range model.MakeDefaultRoles() { + defaultRoleNames = append(defaultRoleNames, dr.Name) + } + + roles, appErr := a.GetRolesByNames(defaultRoleNames) + if appErr != nil { + return errors.New(appErr.Message) + } + + schemeExport, err := json.Marshal(&model.SchemeConveyor{ + Name: systemSchemeName, + Roles: roles, + }) + if err != nil { + return err + } + + schemeExport = append(schemeExport, []byte("\n")...) + + _, err = w.Write(schemeExport) + if err != nil { + return err + } + return nil } @@ -113,13 +139,33 @@ func (a *App) ImportPermissions(jsonl io.Reader) error { var schemeConveyor *model.SchemeConveyor err := json.Unmarshal(scanner.Bytes(), &schemeConveyor) if err != nil { + rollback(a, createdSchemeIDs) return err } + if schemeConveyor.Name == systemSchemeName { + for _, roleIn := range schemeConveyor.Roles { + dbRole, err := a.GetRoleByName(roleIn.Name) + if err != nil { + rollback(a, createdSchemeIDs) + return errors.New(err.Message) + } + _, err = a.PatchRole(dbRole, &model.RolePatch{ + Permissions: &roleIn.Permissions, + }) + if err != nil { + rollback(a, createdSchemeIDs) + return err + } + } + continue + } + // Create the new Scheme. The new Roles are created automatically. var appErr *model.AppError schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme()) if appErr != nil { + rollback(a, createdSchemeIDs) return errors.New(appErr.Message) } createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id) @@ -139,21 +185,26 @@ func (a *App) ImportPermissions(jsonl io.Reader) error { err = updateRole(a, schemeConveyor, roleNameTuple[0], roleNameTuple[1]) if err != nil { // Delete the new Schemes. The new Roles are deleted automatically. - for _, schemeID := range createdSchemeIDs { - a.DeleteScheme(schemeID) - } + rollback(a, createdSchemeIDs) return err } } } if err := scanner.Err(); err != nil { + rollback(a, createdSchemeIDs) return err } return nil } +func rollback(a *App, createdSchemeIDs []string) { + for _, schemeID := range createdSchemeIDs { + a.DeleteScheme(schemeID) + } +} + func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedName, defaultRoleName string) error { var err *model.AppError -- cgit v1.2.3-1-g7c22