From b9b76b275ac4670dc400357795cd1a45e425eba1 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Thu, 17 May 2018 10:18:49 +0100 Subject: MM-10234: Make CLI roles command advanced-permissions aware. (#8771) * MM-10234: Make CLI roles command advanced-permissions aware. * Fix for loop scope. * Fix style. --- cmd/commands/roles.go | 48 +++++++++++++++++++++++++++++++++++++++++++--- cmd/commands/roles_test.go | 15 +++++++++++++-- 2 files changed, 58 insertions(+), 5 deletions(-) (limited to 'cmd') diff --git a/cmd/commands/roles.go b/cmd/commands/roles.go index 6d832d82a..72192c925 100644 --- a/cmd/commands/roles.go +++ b/cmd/commands/roles.go @@ -5,9 +5,12 @@ package commands import ( "errors" + "strings" - "github.com/mattermost/mattermost-server/cmd" "github.com/spf13/cobra" + + "github.com/mattermost/mattermost-server/cmd" + "github.com/mattermost/mattermost-server/model" ) var RolesCmd = &cobra.Command{ @@ -56,7 +59,27 @@ func makeSystemAdminCmdF(command *cobra.Command, args []string) error { return errors.New("Unable to find user '" + args[i] + "'") } - if _, err := a.UpdateUserRoles(user.Id, "system_admin system_user", true); err != nil { + systemAdmin := false + systemUser := false + + roles := strings.Fields(user.Roles) + for _, role := range roles { + switch role { + case model.SYSTEM_ADMIN_ROLE_ID: + systemAdmin = true + case model.SYSTEM_USER_ROLE_ID: + systemUser = true + } + } + + if !systemUser { + roles = append(roles, model.SYSTEM_USER_ROLE_ID) + } + if !systemAdmin { + roles = append(roles, model.SYSTEM_ADMIN_ROLE_ID) + } + + if _, err := a.UpdateUserRoles(user.Id, strings.Join(roles, " "), true); err != nil { return err } } @@ -81,7 +104,26 @@ func makeMemberCmdF(command *cobra.Command, args []string) error { return errors.New("Unable to find user '" + args[i] + "'") } - if _, err := a.UpdateUserRoles(user.Id, "system_user", true); err != nil { + systemUser := false + var newRoles []string + + roles := strings.Fields(user.Roles) + for _, role := range roles { + switch role { + case model.SYSTEM_ADMIN_ROLE_ID: + default: + if role == model.SYSTEM_USER_ROLE_ID { + systemUser = true + } + newRoles = append(newRoles, role) + } + } + + if !systemUser { + newRoles = append(roles, model.SYSTEM_USER_ROLE_ID) + } + + if _, err := a.UpdateUserRoles(user.Id, strings.Join(newRoles, " "), true); err != nil { return err } } diff --git a/cmd/commands/roles_test.go b/cmd/commands/roles_test.go index 1e0a46a4e..7179a9157 100644 --- a/cmd/commands/roles_test.go +++ b/cmd/commands/roles_test.go @@ -21,8 +21,19 @@ func TestAssignRole(t *testing.T) { t.Fatal() } else { user := result.Data.(*model.User) - if user.Roles != "system_admin system_user" { - t.Fatal() + if user.Roles != "system_user system_admin" { + t.Fatal("Got wrong roles:", user.Roles) + } + } + + cmd.CheckCommand(t, "roles", "member", th.BasicUser.Email) + + if result := <-th.App.Srv.Store.User().GetByEmail(th.BasicUser.Email); result.Err != nil { + t.Fatal() + } else { + user := result.Data.(*model.User) + if user.Roles != "system_user" { + t.Fatal("Got wrong roles:", user.Roles, user.Id) } } } -- cgit v1.2.3-1-g7c22 From e0390632b3c941670671d968b8828bcefbf71581 Mon Sep 17 00:00:00 2001 From: Martin Kraft Date: Thu, 17 May 2018 11:37:00 -0400 Subject: MM-10264: Adds CLI command to import and export permissions. (#8787) * MM-10264: Adds CLI command to import and export permissions. * MM-10264: Changes Scheme Name to DisplayName and adds Name slug field. * MM-10264: Changes display name max size. * MM-10264: Another merge fix. * MM-10264: Changes for more Schemes methods checking for migration. * MM-10264: More updates for Schemes migration checking. --- cmd/commands/permissions.go | 65 ++++++++++++++++++++++++++++++++++++++++ cmd/commands/permissions_test.go | 40 +++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 cmd/commands/permissions_test.go (limited to 'cmd') diff --git a/cmd/commands/permissions.go b/cmd/commands/permissions.go index 33c255a31..e8f862547 100644 --- a/cmd/commands/permissions.go +++ b/cmd/commands/permissions.go @@ -6,10 +6,12 @@ package commands import ( "errors" "fmt" + "os" "github.com/spf13/cobra" "github.com/mattermost/mattermost-server/cmd" + "github.com/mattermost/mattermost-server/utils" ) var PermissionsCmd = &cobra.Command{ @@ -25,11 +27,32 @@ var ResetPermissionsCmd = &cobra.Command{ RunE: resetPermissionsCmdF, } +var ExportPermissionsCmd = &cobra.Command{ + Use: "export", + Short: "Export permissions data", + Long: "Export Roles and Schemes to JSONL for use by Mattermost permissions import.", + Example: " permissions export > export.jsonl", + RunE: exportPermissionsCmdF, + PreRun: func(cmd *cobra.Command, args []string) { + os.Setenv("MM_LOGSETTINGS_CONSOLELEVEL", "error") + }, +} + +var ImportPermissionsCmd = &cobra.Command{ + Use: "import [file]", + Short: "Import permissions data", + Long: "Import Roles and Schemes JSONL data as created by the Mattermost permissions export.", + Example: " permissions import export.jsonl", + RunE: importPermissionsCmdF, +} + func init() { ResetPermissionsCmd.Flags().Bool("confirm", false, "Confirm you really want to reset the permissions system and a database backup has been performed.") PermissionsCmd.AddCommand( ResetPermissionsCmd, + ExportPermissionsCmd, + ImportPermissionsCmd, ) cmd.RootCmd.AddCommand(PermissionsCmd) } @@ -64,3 +87,45 @@ func resetPermissionsCmdF(command *cobra.Command, args []string) error { return nil } + +func exportPermissionsCmdF(command *cobra.Command, args []string) error { + a, err := cmd.InitDBCommandContextCobra(command) + if err != nil { + return err + } + defer a.Shutdown() + + if license := a.License(); license == nil { + return errors.New(utils.T("cli.license.critical")) + } + + if err = a.ExportPermissions(os.Stdout); err != nil { + return errors.New(err.Error()) + } + + return nil +} + +func importPermissionsCmdF(command *cobra.Command, args []string) error { + a, err := cmd.InitDBCommandContextCobra(command) + if err != nil { + return err + } + defer a.Shutdown() + + if license := a.License(); license == nil { + return errors.New(utils.T("cli.license.critical")) + } + + file, err := os.Open(args[0]) + if err != nil { + return err + } + defer file.Close() + + if err := a.ImportPermissions(file); err != nil { + return err + } + + return nil +} diff --git a/cmd/commands/permissions_test.go b/cmd/commands/permissions_test.go new file mode 100644 index 000000000..eeaa17109 --- /dev/null +++ b/cmd/commands/permissions_test.go @@ -0,0 +1,40 @@ +// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package commands + +import ( + "os" + "os/exec" + "strings" + "testing" + + "github.com/mattermost/mattermost-server/api4" + "github.com/mattermost/mattermost-server/utils" +) + +func TestPermissionsExport_rejectsUnlicensed(t *testing.T) { + permissionsLicenseRequiredTest(t, "export") +} + +func TestPermissionsImport_rejectsUnlicensed(t *testing.T) { + permissionsLicenseRequiredTest(t, "import") +} + +func permissionsLicenseRequiredTest(t *testing.T, subcommand string) { + th := api4.Setup().InitBasic() + defer th.TearDown() + + path, err := os.Executable() + if err != nil { + t.Fail() + } + args := []string{"-test.run", "ExecCommand", "--", "--disableconfigwatch", "permissions", subcommand} + output, err := exec.Command(path, args...).CombinedOutput() + + actual := string(output) + expected := utils.T("cli.license.critical") + if !strings.Contains(actual, expected) { + t.Errorf("Expected '%v' but got '%v'.", expected, actual) + } +} -- cgit v1.2.3-1-g7c22 From c6ba5c32d62f8c1fd0e0669a3df0c844ec794590 Mon Sep 17 00:00:00 2001 From: Martin Kraft Date: Fri, 18 May 2018 08:41:44 -0400 Subject: Merge fix. --- cmd/commands/permissions_test.go | 40 ----------------------------- cmd/mattermost/commands/permissions_test.go | 40 +++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 40 deletions(-) delete mode 100644 cmd/commands/permissions_test.go create mode 100644 cmd/mattermost/commands/permissions_test.go (limited to 'cmd') diff --git a/cmd/commands/permissions_test.go b/cmd/commands/permissions_test.go deleted file mode 100644 index eeaa17109..000000000 --- a/cmd/commands/permissions_test.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. -// See License.txt for license information. - -package commands - -import ( - "os" - "os/exec" - "strings" - "testing" - - "github.com/mattermost/mattermost-server/api4" - "github.com/mattermost/mattermost-server/utils" -) - -func TestPermissionsExport_rejectsUnlicensed(t *testing.T) { - permissionsLicenseRequiredTest(t, "export") -} - -func TestPermissionsImport_rejectsUnlicensed(t *testing.T) { - permissionsLicenseRequiredTest(t, "import") -} - -func permissionsLicenseRequiredTest(t *testing.T, subcommand string) { - th := api4.Setup().InitBasic() - defer th.TearDown() - - path, err := os.Executable() - if err != nil { - t.Fail() - } - args := []string{"-test.run", "ExecCommand", "--", "--disableconfigwatch", "permissions", subcommand} - output, err := exec.Command(path, args...).CombinedOutput() - - actual := string(output) - expected := utils.T("cli.license.critical") - if !strings.Contains(actual, expected) { - t.Errorf("Expected '%v' but got '%v'.", expected, actual) - } -} diff --git a/cmd/mattermost/commands/permissions_test.go b/cmd/mattermost/commands/permissions_test.go new file mode 100644 index 000000000..eeaa17109 --- /dev/null +++ b/cmd/mattermost/commands/permissions_test.go @@ -0,0 +1,40 @@ +// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package commands + +import ( + "os" + "os/exec" + "strings" + "testing" + + "github.com/mattermost/mattermost-server/api4" + "github.com/mattermost/mattermost-server/utils" +) + +func TestPermissionsExport_rejectsUnlicensed(t *testing.T) { + permissionsLicenseRequiredTest(t, "export") +} + +func TestPermissionsImport_rejectsUnlicensed(t *testing.T) { + permissionsLicenseRequiredTest(t, "import") +} + +func permissionsLicenseRequiredTest(t *testing.T, subcommand string) { + th := api4.Setup().InitBasic() + defer th.TearDown() + + path, err := os.Executable() + if err != nil { + t.Fail() + } + args := []string{"-test.run", "ExecCommand", "--", "--disableconfigwatch", "permissions", subcommand} + output, err := exec.Command(path, args...).CombinedOutput() + + actual := string(output) + expected := utils.T("cli.license.critical") + if !strings.Contains(actual, expected) { + t.Errorf("Expected '%v' but got '%v'.", expected, actual) + } +} -- cgit v1.2.3-1-g7c22 From e88fe4bb1dea4918284ee3c6e5aee5a8497ff2b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Tue, 29 May 2018 16:58:12 +0200 Subject: MM-8853: Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS permissions (#8860) * MM-8853: Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS permissions * MM-8853: Removing unnecesary emoji enterprise feature * Create emojis migration * Adding MANAGE_EMOJIS and MANAGE_OTHERS_EMOJIS always to system admins * Simplifing permissions checks * Revert "Simplifing permissions checks" This reverts commit e2cafc1905fc9e20125dd9a1552d2d0c7340ae59. --- cmd/mattermost/commands/init.go | 1 + cmd/mattermost/commands/server.go | 1 + 2 files changed, 2 insertions(+) (limited to 'cmd') diff --git a/cmd/mattermost/commands/init.go b/cmd/mattermost/commands/init.go index aea2b1230..ea7e8ec84 100644 --- a/cmd/mattermost/commands/init.go +++ b/cmd/mattermost/commands/init.go @@ -23,6 +23,7 @@ func InitDBCommandContextCobra(command *cobra.Command) (*app.App, error) { } a.DoAdvancedPermissionsMigration() + a.DoEmojisPermissionsMigration() return a, nil } diff --git a/cmd/mattermost/commands/server.go b/cmd/mattermost/commands/server.go index 299005b6a..67e2f69c5 100644 --- a/cmd/mattermost/commands/server.go +++ b/cmd/mattermost/commands/server.go @@ -92,6 +92,7 @@ func runServer(configFileLocation string, disableConfigWatch bool, usedPlatform } a.DoAdvancedPermissionsMigration() + a.DoEmojisPermissionsMigration() a.InitPlugins(*a.Config().PluginSettings.Directory, *a.Config().PluginSettings.ClientDirectory, nil) a.AddConfigListener(func(prevCfg, cfg *model.Config) { -- cgit v1.2.3-1-g7c22 From 994ccf475f96bcad668269fe25b0d22e975bc222 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Wed, 30 May 2018 11:21:36 +0100 Subject: Add note about clearing caches when permissions reset CLI done. (#8823) * Add note about clearing caches when permissions reset CLI done. * Adjust text. --- cmd/mattermost/commands/permissions.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'cmd') diff --git a/cmd/mattermost/commands/permissions.go b/cmd/mattermost/commands/permissions.go index e1bb34963..9d9962ce5 100644 --- a/cmd/mattermost/commands/permissions.go +++ b/cmd/mattermost/commands/permissions.go @@ -82,7 +82,9 @@ func resetPermissionsCmdF(command *cobra.Command, args []string) error { return errors.New(err.Error()) } - CommandPrettyPrintln("Permissions system successfully reset") + CommandPrettyPrintln("Permissions system successfully reset.") + CommandPrettyPrintln("Changes will take effect gradually as the server caches expire.") + CommandPrettyPrintln("For the changes to take effect immediately, go to the Mattermost System Console > General > Configuration and click \"Purge All Caches\".") return nil } -- cgit v1.2.3-1-g7c22