From 8bbe5dfb2f617da92300029b10a8b6b2672e4bf5 Mon Sep 17 00:00:00 2001
From: George Goldberg <george@gberg.me>
Date: Tue, 21 Feb 2017 15:47:28 +0000
Subject: Fix permission grants for channel management. (#5478)

When selecting the Channel, Team & System level for channel permissions,
they must be explicitly granted to the Channel *and* the Team admins.
---
 utils/authorization.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'utils')

diff --git a/utils/authorization.go b/utils/authorization.go
index de288fc81..9a45878a2 100644
--- a/utils/authorization.go
+++ b/utils/authorization.go
@@ -34,6 +34,10 @@ func SetDefaultRolesBasedOnConfig() {
 		)
 		break
 	case model.PERMISSIONS_CHANNEL_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+		)
 		model.ROLE_CHANNEL_ADMIN.Permissions = append(
 			model.ROLE_CHANNEL_ADMIN.Permissions,
 			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
@@ -55,6 +59,10 @@ func SetDefaultRolesBasedOnConfig() {
 		)
 		break
 	case model.PERMISSIONS_CHANNEL_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
+		)
 		model.ROLE_CHANNEL_ADMIN.Permissions = append(
 			model.ROLE_CHANNEL_ADMIN.Permissions,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
@@ -91,6 +99,10 @@ func SetDefaultRolesBasedOnConfig() {
 		)
 		break
 	case model.PERMISSIONS_CHANNEL_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+		)
 		model.ROLE_CHANNEL_ADMIN.Permissions = append(
 			model.ROLE_CHANNEL_ADMIN.Permissions,
 			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
@@ -112,6 +124,10 @@ func SetDefaultRolesBasedOnConfig() {
 		)
 		break
 	case model.PERMISSIONS_CHANNEL_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
+		)
 		model.ROLE_CHANNEL_ADMIN.Permissions = append(
 			model.ROLE_CHANNEL_ADMIN.Permissions,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-- 
cgit v1.2.3-1-g7c22