From dce4205699bed68046f9dc6ed371ad959d93ee59 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Wed, 21 Dec 2016 19:18:41 +0000 Subject: PLT-4990 - Server: Split out channel permissions to Create/Manage/Delete (#4864) * Server side changes. * Fix unit tests and default config. --- utils/authorization.go | 66 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 56 insertions(+), 10 deletions(-) (limited to 'utils/authorization.go') diff --git a/utils/authorization.go b/utils/authorization.go index 23a7673fe..75f92062d 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -9,46 +9,92 @@ func SetDefaultRolesBasedOnConfig() { // Reset the roles to default to make this logic easier model.InitalizeRoles() + switch *Cfg.TeamSettings.RestrictPublicChannelCreation { + case model.PERMISSIONS_ALL: + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + } + switch *Cfg.TeamSettings.RestrictPublicChannelManagement { case model.PERMISSIONS_ALL: - model.ROLE_CHANNEL_USER.Permissions = append( - model.ROLE_CHANNEL_USER.Permissions, + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, ) + break + } + + switch *Cfg.TeamSettings.RestrictPublicChannelDeletion { + case model.PERMISSIONS_ALL: model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, ) break case model.PERMISSIONS_TEAM_ADMIN: model.ROLE_TEAM_ADMIN.Permissions = append( model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, - model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, + ) + break + } + + switch *Cfg.TeamSettings.RestrictPrivateChannelCreation { + case model.PERMISSIONS_ALL: + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break } switch *Cfg.TeamSettings.RestrictPrivateChannelManagement { case model.PERMISSIONS_ALL: - model.ROLE_CHANNEL_USER.Permissions = append( - model.ROLE_CHANNEL_USER.Permissions, + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, ) + break + } + + switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion { + case model.PERMISSIONS_ALL: model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, - model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break case model.PERMISSIONS_TEAM_ADMIN: model.ROLE_TEAM_ADMIN.Permissions = append( model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, - model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, ) break } -- cgit v1.2.3-1-g7c22