From 720ee81113ac7a7dd062271c3d6cdf58ce8e044a Mon Sep 17 00:00:00 2001
From: George Goldberg <george@gberg.me>
Date: Sun, 26 Mar 2017 14:37:39 +0100
Subject: PLT-6063: AddUserToTeam permission depends on policy. (#5869)

Uses same policy setting as InviteUserToTeam.
---
 utils/authorization.go | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

(limited to 'utils/authorization.go')

diff --git a/utils/authorization.go b/utils/authorization.go
index 2c7f35164..086caa565 100644
--- a/utils/authorization.go
+++ b/utils/authorization.go
@@ -195,17 +195,26 @@ func SetDefaultRolesBasedOnConfig() {
 		)
 	}
 
-	// If team admins are given permission
-	if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN {
-		model.ROLE_TEAM_ADMIN.Permissions = append(
-			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_INVITE_USER.Id,
-		)
-		// If it's not restricted to system admin or team admin, then give all users permission
-	} else if *Cfg.TeamSettings.RestrictTeamInvite != model.PERMISSIONS_SYSTEM_ADMIN {
-		model.ROLE_SYSTEM_USER.Permissions = append(
-			model.ROLE_SYSTEM_USER.Permissions,
+	// Grant permissions for inviting and adding users to a team.
+	if IsLicensed {
+		if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN {
+			model.ROLE_TEAM_ADMIN.Permissions = append(
+				model.ROLE_TEAM_ADMIN.Permissions,
+				model.PERMISSION_INVITE_USER.Id,
+				model.PERMISSION_ADD_USER_TO_TEAM.Id,
+			)
+		} else if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL {
+			model.ROLE_SYSTEM_USER.Permissions = append(
+				model.ROLE_SYSTEM_USER.Permissions,
+				model.PERMISSION_INVITE_USER.Id,
+				model.PERMISSION_ADD_USER_TO_TEAM.Id,
+			)
+		}
+	} else {
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_INVITE_USER.Id,
+			model.PERMISSION_ADD_USER_TO_TEAM.Id,
 		)
 	}
 
-- 
cgit v1.2.3-1-g7c22