From e1cd64613591cf5a990442a69ebf188258bd0cb5 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Tue, 6 Feb 2018 15:34:08 +0000 Subject: XYZ-37: Advanced Permissions Phase 1 Backend. (#8159) * XYZ-13: Update Permission and Role structs to new design. * XYZ-10: Role store. * XYZ-9/XYZ-44: Roles API endpoints and WebSocket message. * XYZ-8: Switch server permissions checks to store backed roles. * XYZ-58: Proper validation of roles where required. * XYZ-11/XYZ-55: Migration to store backed roles from policy config. * XYZ-37: Update unit tests to work with database roles. * XYZ-56: Remove the "guest" role. * Changes to SetDefaultRolesFromConfig. * Short-circuit the store if nothing has changed. * Address first round of review comments. * Address second round of review comments. --- store/sqlstore/role_store_test.go | 14 ++++ store/sqlstore/role_supplier.go | 163 ++++++++++++++++++++++++++++++++++++++ store/sqlstore/store.go | 1 + store/sqlstore/supplier.go | 6 ++ 4 files changed, 184 insertions(+) create mode 100644 store/sqlstore/role_store_test.go create mode 100644 store/sqlstore/role_supplier.go (limited to 'store/sqlstore') diff --git a/store/sqlstore/role_store_test.go b/store/sqlstore/role_store_test.go new file mode 100644 index 000000000..e89930f71 --- /dev/null +++ b/store/sqlstore/role_store_test.go @@ -0,0 +1,14 @@ +// Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package sqlstore + +import ( + "testing" + + "github.com/mattermost/mattermost-server/store/storetest" +) + +func TestRoleStore(t *testing.T) { + StoreTest(t, storetest.TestRoleStore) +} diff --git a/store/sqlstore/role_supplier.go b/store/sqlstore/role_supplier.go new file mode 100644 index 000000000..41eed85e0 --- /dev/null +++ b/store/sqlstore/role_supplier.go @@ -0,0 +1,163 @@ +// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package sqlstore + +import ( + "context" + "database/sql" + "fmt" + "net/http" + "strings" + + "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/store" +) + +type Role struct { + Id string + Name string + DisplayName string + Description string + Permissions string + SchemeManaged bool +} + +func NewRoleFromModel(role *model.Role) *Role { + permissionsMap := make(map[string]bool) + permissions := "" + + for _, permission := range role.Permissions { + if !permissionsMap[permission] { + permissions += fmt.Sprintf(" %v", permission) + permissionsMap[permission] = true + } + } + + return &Role{ + Id: role.Id, + Name: role.Name, + DisplayName: role.DisplayName, + Description: role.Description, + Permissions: permissions, + SchemeManaged: role.SchemeManaged, + } +} + +func (role Role) ToModel() *model.Role { + return &model.Role{ + Id: role.Id, + Name: role.Name, + DisplayName: role.DisplayName, + Description: role.Description, + Permissions: strings.Fields(role.Permissions), + SchemeManaged: role.SchemeManaged, + } +} + +func initSqlSupplierRoles(sqlStore SqlStore) { + for _, db := range sqlStore.GetAllConns() { + table := db.AddTableWithName(Role{}, "Roles").SetKeys(false, "Id") + table.ColMap("Name").SetMaxSize(64).SetUnique(true) + table.ColMap("DisplayName").SetMaxSize(128) + table.ColMap("Description").SetMaxSize(1024) + table.ColMap("Permissions").SetMaxSize(4096) + } +} + +func (s *SqlSupplier) RoleSave(ctx context.Context, role *model.Role, hints ...store.LayeredStoreHint) *store.LayeredStoreSupplierResult { + result := store.NewSupplierResult() + + // Check the role is valid before proceeding. + if !role.IsValidWithoutId() { + result.Err = model.NewAppError("SqlRoleStore.Save", "store.sql_role.save.invalid_role.app_error", nil, "", http.StatusBadRequest) + return result + } + + dbRole := NewRoleFromModel(role) + if len(dbRole.Id) == 0 { + dbRole.Id = model.NewId() + if err := s.GetMaster().Insert(dbRole); err != nil { + result.Err = model.NewAppError("SqlRoleStore.Save", "store.sql_role.save.insert.app_error", nil, err.Error(), http.StatusInternalServerError) + } + } else { + if rowsChanged, err := s.GetMaster().Update(dbRole); err != nil { + result.Err = model.NewAppError("SqlRoleStore.Save", "store.sql_role.save.update.app_error", nil, err.Error(), http.StatusInternalServerError) + } else if rowsChanged != 1 { + result.Err = model.NewAppError("SqlRoleStore.Save", "store.sql_role.save.update.app_error", nil, "no record to update", http.StatusInternalServerError) + } + } + + result.Data = dbRole.ToModel() + + return result +} + +func (s *SqlSupplier) RoleGet(ctx context.Context, roleId string, hints ...store.LayeredStoreHint) *store.LayeredStoreSupplierResult { + result := store.NewSupplierResult() + + var dbRole Role + + if err := s.GetReplica().SelectOne(&dbRole, "SELECT * from Roles WHERE Id = :Id", map[string]interface{}{"Id": roleId}); err != nil { + if err == sql.ErrNoRows { + result.Err = model.NewAppError("SqlRoleStore.Get", "store.sql_role.get.app_error", nil, "Id="+roleId+", "+err.Error(), http.StatusNotFound) + } else { + result.Err = model.NewAppError("SqlRoleStore.Get", "store.sql_role.get.app_error", nil, err.Error(), http.StatusInternalServerError) + } + } + + result.Data = dbRole.ToModel() + + return result +} + +func (s *SqlSupplier) RoleGetByName(ctx context.Context, name string, hints ...store.LayeredStoreHint) *store.LayeredStoreSupplierResult { + result := store.NewSupplierResult() + + var dbRole Role + + if err := s.GetReplica().SelectOne(&dbRole, "SELECT * from Roles WHERE Name = :Name", map[string]interface{}{"Name": name}); err != nil { + if err == sql.ErrNoRows { + result.Err = model.NewAppError("SqlRoleStore.GetByName", "store.sql_role.get_by_name.app_error", nil, "name="+name+",err="+err.Error(), http.StatusNotFound) + } else { + result.Err = model.NewAppError("SqlRoleStore.GetByName", "store.sql_role.get_by_name.app_error", nil, "name="+name+",err="+err.Error(), http.StatusInternalServerError) + } + } + + result.Data = dbRole.ToModel() + + return result +} + +func (s *SqlSupplier) RoleGetByNames(ctx context.Context, names []string, hints ...store.LayeredStoreHint) *store.LayeredStoreSupplierResult { + result := store.NewSupplierResult() + + var dbRoles []*Role + + if len(names) == 0 { + result.Data = []*model.Role{} + return result + } + + var searchPlaceholders []string + var parameters = map[string]interface{}{} + for i, value := range names { + searchPlaceholders = append(searchPlaceholders, fmt.Sprintf(":Name%d", i)) + parameters[fmt.Sprintf("Name%d", i)] = value + } + + searchTerm := "Name IN (" + strings.Join(searchPlaceholders, ", ") + ")" + + if _, err := s.GetReplica().Select(&dbRoles, "SELECT * from Roles WHERE "+searchTerm, parameters); err != nil { + result.Err = model.NewAppError("SqlRoleStore.GetByNames", "store.sql_role.get_by_names.app_error", nil, err.Error(), http.StatusInternalServerError) + } + + var roles []*model.Role + for _, dbRole := range dbRoles { + roles = append(roles, dbRole.ToModel()) + } + + result.Data = roles + + return result +} diff --git a/store/sqlstore/store.go b/store/sqlstore/store.go index cfdd7a552..1c623f0b1 100644 --- a/store/sqlstore/store.go +++ b/store/sqlstore/store.go @@ -87,4 +87,5 @@ type SqlStore interface { Job() store.JobStore Plugin() store.PluginStore UserAccessToken() store.UserAccessTokenStore + Role() store.RoleStore } diff --git a/store/sqlstore/supplier.go b/store/sqlstore/supplier.go index 3b9528578..5e43ee0f0 100644 --- a/store/sqlstore/supplier.go +++ b/store/sqlstore/supplier.go @@ -86,6 +86,7 @@ type SqlSupplierOldStores struct { userAccessToken store.UserAccessTokenStore plugin store.PluginStore channelMemberHistory store.ChannelMemberHistoryStore + role store.RoleStore } type SqlSupplier struct { @@ -135,6 +136,7 @@ func NewSqlSupplier(settings model.SqlSettings, metrics einterfaces.MetricsInter supplier.oldStores.plugin = NewSqlPluginStore(supplier) initSqlSupplierReactions(supplier) + initSqlSupplierRoles(supplier) err := supplier.GetMaster().CreateTablesIfNotExists() if err != nil { @@ -811,6 +813,10 @@ func (ss *SqlSupplier) Plugin() store.PluginStore { return ss.oldStores.plugin } +func (ss *SqlSupplier) Role() store.RoleStore { + return ss.oldStores.role +} + func (ss *SqlSupplier) DropAllTables() { ss.master.TruncateTables() } -- cgit v1.2.3-1-g7c22