From e0390632b3c941670671d968b8828bcefbf71581 Mon Sep 17 00:00:00 2001
From: Martin Kraft <mkraft@users.noreply.github.com>
Date: Thu, 17 May 2018 11:37:00 -0400
Subject: MM-10264: Adds CLI command to import and export permissions. (#8787)

* MM-10264: Adds CLI command to import and export permissions.

* MM-10264: Changes Scheme Name to DisplayName and adds Name slug field.

* MM-10264: Changes display name max size.

* MM-10264: Another merge fix.

* MM-10264: Changes for more Schemes methods checking for migration.

* MM-10264: More updates for Schemes migration checking.
---
 app/permissions.go | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 143 insertions(+)

(limited to 'app/permissions.go')

diff --git a/app/permissions.go b/app/permissions.go
index 75aa2ecf9..70b8cc689 100644
--- a/app/permissions.go
+++ b/app/permissions.go
@@ -4,9 +4,17 @@
 package app
 
 import (
+	"bufio"
+	"encoding/json"
+	"fmt"
+	"io"
+
 	"github.com/mattermost/mattermost-server/model"
+	"github.com/pkg/errors"
 )
 
+const permissionsExportBatchSize = 100
+
 func (a *App) ResetPermissionsSystem() *model.AppError {
 	// Reset all Teams to not have a scheme.
 	if result := <-a.Srv.Store.Team().ResetAllTeamSchemes(); result.Err != nil {
@@ -38,3 +46,138 @@ func (a *App) ResetPermissionsSystem() *model.AppError {
 
 	return nil
 }
+
+func (a *App) ExportPermissions(w io.Writer) error {
+
+	next := a.SchemesIterator(permissionsExportBatchSize)
+	var schemeBatch []*model.Scheme
+
+	for schemeBatch = next(); len(schemeBatch) > 0; schemeBatch = next() {
+
+		for _, scheme := range schemeBatch {
+
+			roleIDs := []string{
+				scheme.DefaultTeamAdminRole,
+				scheme.DefaultTeamUserRole,
+				scheme.DefaultChannelAdminRole,
+				scheme.DefaultChannelUserRole,
+			}
+
+			roles := []*model.Role{}
+			for _, roleID := range roleIDs {
+				if len(roleID) == 0 {
+					continue
+				}
+				role, err := a.GetRole(roleID)
+				if err != nil {
+					return err
+				}
+				roles = append(roles, role)
+			}
+
+			schemeExport, err := json.Marshal(&model.SchemeConveyor{
+				Name:         scheme.Name,
+				DisplayName:  scheme.DisplayName,
+				Description:  scheme.Description,
+				Scope:        scheme.Scope,
+				TeamAdmin:    scheme.DefaultTeamAdminRole,
+				TeamUser:     scheme.DefaultTeamUserRole,
+				ChannelAdmin: scheme.DefaultChannelAdminRole,
+				ChannelUser:  scheme.DefaultChannelUserRole,
+				Roles:        roles,
+			})
+			if err != nil {
+				return err
+			}
+
+			schemeExport = append(schemeExport, []byte("\n")...)
+
+			_, err = w.Write(schemeExport)
+			if err != nil {
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (a *App) ImportPermissions(jsonl io.Reader) error {
+	createdSchemeIDs := []string{}
+
+	scanner := bufio.NewScanner(jsonl)
+
+	for scanner.Scan() {
+		var schemeConveyor *model.SchemeConveyor
+		err := json.Unmarshal(scanner.Bytes(), &schemeConveyor)
+		if err != nil {
+			return err
+		}
+
+		// Create the new Scheme. The new Roles are created automatically.
+		var appErr *model.AppError
+		schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme())
+		if appErr != nil {
+			return errors.New(appErr.Message)
+		}
+		createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id)
+
+		schemeIn := schemeConveyor.Scheme()
+		roleIDTuples := [][]string{
+			{schemeCreated.DefaultTeamAdminRole, schemeIn.DefaultTeamAdminRole},
+			{schemeCreated.DefaultTeamUserRole, schemeIn.DefaultTeamUserRole},
+			{schemeCreated.DefaultChannelAdminRole, schemeIn.DefaultChannelAdminRole},
+			{schemeCreated.DefaultChannelUserRole, schemeIn.DefaultChannelUserRole},
+		}
+		for _, roleIDTuple := range roleIDTuples {
+			if len(roleIDTuple[0]) == 0 || len(roleIDTuple[1]) == 0 {
+				continue
+			}
+
+			err = updateRole(a, schemeConveyor, roleIDTuple[0], roleIDTuple[1])
+			if err != nil {
+				// Delete the new Schemes. The new Roles are deleted automatically.
+				for _, schemeID := range createdSchemeIDs {
+					a.DeleteScheme(schemeID)
+				}
+				return err
+			}
+		}
+	}
+
+	if err := scanner.Err(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedID, defaultRoleID string) error {
+	var err *model.AppError
+
+	roleCreated, err := a.GetRole(roleCreatedID)
+	if err != nil {
+		return errors.New(err.Message)
+	}
+
+	var roleIn *model.Role
+	for _, role := range sc.Roles {
+		if role.Id == defaultRoleID {
+			roleIn = role
+			break
+		}
+	}
+
+	roleCreated.Name = roleIn.Name
+	roleCreated.DisplayName = roleIn.DisplayName
+	roleCreated.Description = roleIn.Description
+	roleCreated.Permissions = roleIn.Permissions
+
+	_, err = a.UpdateRole(roleCreated)
+	if err != nil {
+		return errors.New(fmt.Sprintf("%v: %v\n", err.Message, err.DetailedError))
+	}
+
+	return nil
+}
-- 
cgit v1.2.3-1-g7c22