From 2a4de2eeccd5198bc70defc13fad67f2b1ae50ba Mon Sep 17 00:00:00 2001 From: Ibrahim Serdar Acikgoz Date: Tue, 25 Jul 2023 13:17:58 +0300 Subject: [PATCH] Revert "Add read_channel_content permission (#24018)" (#24114) This reverts commit a19ce047ba9a3234b84f17f14cc723a8cff52db8. --- e2e-tests/cypress/tests/support/api/role.js | 6 ++-- server/channels/api4/channel.go | 4 +-- server/channels/api4/file.go | 20 +++++------ server/channels/api4/integration_action.go | 12 +++---- server/channels/api4/post.go | 36 +++++++++---------- server/channels/api4/preference.go | 4 +-- server/channels/api4/reaction.go | 8 ++--- server/channels/api4/user.go | 20 +++++------ server/channels/api4/webhook.go | 12 +++---- server/channels/app/app_test.go | 1 - server/channels/app/authorization.go | 2 +- server/channels/app/authorization_test.go | 2 -- server/channels/app/permissions_migrations.go | 20 ----------- server/channels/app/post.go | 6 ++-- server/channels/app/webhook.go | 2 +- .../channels/store/sqlstore/integrity_test.go | 2 -- .../channels/store/storetest/scheme_store.go | 10 +++--- server/channels/testlib/store.go | 1 - server/public/model/migration.go | 1 - server/public/model/permission.go | 8 ----- server/public/model/role.go | 2 -- .../guest_permissions_tree/index.tsx | 2 -- .../src/constants/permissions.ts | 2 -- webapp/channels/src/utils/constants.tsx | 13 +++---- 24 files changed, 74 insertions(+), 122 deletions(-) diff --git a/e2e-tests/cypress/tests/support/api/role.js b/e2e-tests/cypress/tests/support/api/role.js index 16f6f47f3b..d53862b72d 100644 --- a/e2e-tests/cypress/tests/support/api/role.js +++ b/e2e-tests/cypress/tests/support/api/role.js @@ -10,14 +10,14 @@ import xor from 'lodash.xor'; export const defaultRolesPermissions = { channel_admin: 'use_channel_mentions remove_reaction manage_public_channel_members use_group_mentions manage_channel_roles manage_private_channel_members add_reaction read_public_channel_groups create_post read_private_channel_groups', - channel_guest: 'upload_file edit_post create_post use_channel_mentions read_channel read_channel_content add_reaction remove_reaction', - channel_user: 'manage_private_channel_members read_public_channel_groups delete_post read_private_channel_groups use_group_mentions manage_private_channel_properties delete_public_channel add_reaction manage_public_channel_properties edit_post upload_file use_channel_mentions get_public_link read_channel read_channel_content delete_private_channel manage_public_channel_members create_post remove_reaction', + channel_guest: 'upload_file edit_post create_post use_channel_mentions read_channel add_reaction remove_reaction', + channel_user: 'manage_private_channel_members read_public_channel_groups delete_post read_private_channel_groups use_group_mentions manage_private_channel_properties delete_public_channel add_reaction manage_public_channel_properties edit_post upload_file use_channel_mentions get_public_link read_channel delete_private_channel manage_public_channel_members create_post remove_reaction', custom_group_user: '', playbook_admin: 'playbook_private_manage_properties playbook_public_make_private playbook_public_manage_members playbook_public_manage_roles playbook_public_manage_properties playbook_private_manage_members playbook_private_manage_roles', playbook_member: 'playbook_public_view playbook_public_manage_members playbook_public_manage_properties playbook_private_view playbook_private_manage_members playbook_private_manage_properties run_create', run_admin: 'run_manage_properties run_manage_members', run_member: 'run_view', - system_admin: 'sysconsole_write_environment_elasticsearch playbook_public_manage_properties sysconsole_write_authentication_ldap run_view manage_jobs manage_roles playbook_public_create manage_public_channel_properties sysconsole_read_plugins delete_post purge_elasticsearch_indexes sysconsole_read_integrations_bot_accounts read_data_retention_job manage_private_channel_members create_elasticsearch_post_indexing_job sysconsole_read_authentication_guest_access create_elasticsearch_post_aggregation_job join_public_teams sysconsole_read_site_public_links add_saml_idp_cert sysconsole_write_site_announcement_banner sysconsole_write_site_notices sysconsole_read_experimental_feature_flags sysconsole_read_site_users_and_teams manage_slash_commands sysconsole_read_authentication_ldap read_channel read_channel_content sysconsole_write_authentication_password list_users_without_team sysconsole_read_authentication_email add_saml_public_cert playbook_private_create promote_guest sysconsole_read_user_management_system_roles manage_public_channel_members create_data_retention_job add_saml_private_cert sysconsole_write_user_management_users sysconsole_read_compliance_compliance_monitoring playbook_public_manage_members sysconsole_write_environment_database sysconsole_write_user_management_teams playbook_private_manage_roles read_public_channel sysconsole_write_plugins sysconsole_read_authentication_openid sysconsole_write_user_management_groups sysconsole_write_site_file_sharing_and_downloads playbook_private_manage_properties sysconsole_read_site_customization join_public_channels add_user_to_team restore_custom_group download_compliance_export_result sysconsole_write_user_management_system_roles sysconsole_write_environment_session_lengths create_custom_group manage_private_channel_properties create_post_public remove_ldap_private_cert sysconsole_write_site_public_links import_team sysconsole_read_environment_developer sysconsole_read_environment_database sysconsole_read_environment_web_server use_channel_mentions view_team remove_others_reactions sysconsole_read_environment_session_lengths sysconsole_write_integrations_bot_accounts playbook_public_view use_group_mentions sysconsole_write_environment_web_server add_ldap_private_cert read_public_channel_groups invite_guest sysconsole_read_environment_smtp create_post sysconsole_read_about_edition_and_license sysconsole_read_authentication_signup sysconsole_read_authentication_saml sysconsole_read_environment_file_storage sysconsole_write_experimental_feature_flags sysconsole_write_site_localization sysconsole_write_environment_rate_limiting sysconsole_read_environment_rate_limiting sysconsole_read_products_boards get_saml_cert_status sysconsole_read_environment_high_availability manage_secure_connections read_compliance_export_job sysconsole_write_compliance_custom_terms_of_service read_user_access_token edit_post sysconsole_write_environment_logging sysconsole_read_environment_push_notification_server sysconsole_write_site_customization read_other_users_teams read_elasticsearch_post_aggregation_job sysconsole_write_compliance_data_retention_policy sysconsole_read_user_management_permissions sysconsole_read_site_emoji sysconsole_read_compliance_data_retention_policy read_license_information sysconsole_read_experimental_features read_deleted_posts sysconsole_read_environment_logging sysconsole_read_reporting_site_statistics test_elasticsearch sysconsole_read_site_posts add_reaction sysconsole_write_authentication_signup manage_outgoing_webhooks create_post_ephemeral sysconsole_read_environment_image_proxy invite_user manage_others_outgoing_webhooks create_user_access_token sysconsole_write_environment_image_proxy sysconsole_write_products_boards read_elasticsearch_post_indexing_job purge_bleve_indexes sysconsole_write_environment_performance_monitoring sysconsole_write_authentication_guest_access sysconsole_read_compliance_custom_terms_of_service edit_others_posts sysconsole_write_billing get_saml_metadata_from_idp sysconsole_write_authentication_saml create_post_bleve_indexes_job invalidate_caches sysconsole_write_experimental_bleve view_members manage_others_bots run_create join_private_teams convert_private_channel_to_public read_audits assign_bot read_jobs remove_user_from_team revoke_user_access_token manage_team sysconsole_read_reporting_server_logs get_public_link manage_others_slash_commands manage_system delete_public_channel read_private_channel_groups sysconsole_read_authentication_mfa delete_emojis list_private_teams create_emojis sysconsole_read_billing sysconsole_write_site_emoji invalidate_email_invite sysconsole_write_environment_file_storage sysconsole_write_compliance_compliance_monitoring remove_saml_public_cert sysconsole_read_compliance_compliance_export sysconsole_read_site_localization manage_team_roles list_public_teams get_logs sysconsole_write_integrations_integration_management sysconsole_read_integrations_cors manage_oauth delete_others_emojis sysconsole_write_integrations_gif manage_incoming_webhooks sysconsole_write_authentication_email create_private_channel playbook_private_make_public manage_bots add_ldap_public_cert remove_ldap_public_cert sysconsole_write_site_notifications sysconsole_write_environment_developer playbook_private_manage_members sysconsole_read_user_management_teams edit_custom_group remove_reaction playbook_public_manage_roles sysconsole_write_reporting_server_logs read_others_bots sysconsole_write_site_posts sysconsole_read_site_notifications sysconsole_read_authentication_password playbook_private_view manage_system_wide_oauth get_analytics list_team_channels sysconsole_write_user_management_channels delete_private_channel manage_custom_group_members test_s3 create_ldap_sync_job sysconsole_read_integrations_integration_management test_site_url recycle_database_connections sysconsole_read_site_announcement_banner test_email manage_shared_channels read_bots sysconsole_write_environment_smtp sysconsole_read_experimental_bleve sysconsole_write_environment_push_notification_server sysconsole_write_user_management_permissions sysconsole_read_environment_elasticsearch sysconsole_write_reporting_site_statistics sysconsole_write_site_users_and_teams demote_to_guest create_team test_ldap remove_saml_idp_cert delete_others_posts edit_other_users sysconsole_write_reporting_team_statistics sysconsole_read_integrations_gif sysconsole_read_site_notices sysconsole_write_about_edition_and_license manage_others_incoming_webhooks run_manage_members create_bot sysconsole_write_authentication_mfa sysconsole_read_user_management_users assign_system_admin_role sysconsole_write_experimental_features edit_brand create_group_channel sysconsole_write_authentication_openid create_direct_channel manage_license_information reload_config manage_channel_roles sysconsole_read_user_management_groups create_compliance_export_job read_ldap_sync_job upload_file sysconsole_read_site_file_sharing_and_downloads delete_custom_group sysconsole_read_user_management_channels sysconsole_write_compliance_compliance_export remove_saml_private_cert sysconsole_read_environment_performance_monitoring create_public_channel sysconsole_write_integrations_cors sysconsole_write_environment_high_availability playbook_public_make_private run_manage_properties sysconsole_read_reporting_team_statistics convert_public_channel_to_private', + system_admin: 'sysconsole_write_environment_elasticsearch playbook_public_manage_properties sysconsole_write_authentication_ldap run_view manage_jobs manage_roles playbook_public_create manage_public_channel_properties sysconsole_read_plugins delete_post purge_elasticsearch_indexes sysconsole_read_integrations_bot_accounts read_data_retention_job manage_private_channel_members create_elasticsearch_post_indexing_job sysconsole_read_authentication_guest_access create_elasticsearch_post_aggregation_job join_public_teams sysconsole_read_site_public_links add_saml_idp_cert sysconsole_write_site_announcement_banner sysconsole_write_site_notices sysconsole_read_experimental_feature_flags sysconsole_read_site_users_and_teams manage_slash_commands sysconsole_read_authentication_ldap read_channel sysconsole_write_authentication_password list_users_without_team sysconsole_read_authentication_email add_saml_public_cert playbook_private_create promote_guest sysconsole_read_user_management_system_roles manage_public_channel_members create_data_retention_job add_saml_private_cert sysconsole_write_user_management_users sysconsole_read_compliance_compliance_monitoring playbook_public_manage_members sysconsole_write_environment_database sysconsole_write_user_management_teams playbook_private_manage_roles read_public_channel sysconsole_write_plugins sysconsole_read_authentication_openid sysconsole_write_user_management_groups sysconsole_write_site_file_sharing_and_downloads playbook_private_manage_properties sysconsole_read_site_customization join_public_channels add_user_to_team restore_custom_group download_compliance_export_result sysconsole_write_user_management_system_roles sysconsole_write_environment_session_lengths create_custom_group manage_private_channel_properties create_post_public remove_ldap_private_cert sysconsole_write_site_public_links import_team sysconsole_read_environment_developer sysconsole_read_environment_database sysconsole_read_environment_web_server use_channel_mentions view_team remove_others_reactions sysconsole_read_environment_session_lengths sysconsole_write_integrations_bot_accounts playbook_public_view use_group_mentions sysconsole_write_environment_web_server add_ldap_private_cert read_public_channel_groups invite_guest sysconsole_read_environment_smtp create_post sysconsole_read_about_edition_and_license sysconsole_read_authentication_signup sysconsole_read_authentication_saml sysconsole_read_environment_file_storage sysconsole_write_experimental_feature_flags sysconsole_write_site_localization sysconsole_write_environment_rate_limiting sysconsole_read_environment_rate_limiting sysconsole_read_products_boards get_saml_cert_status sysconsole_read_environment_high_availability manage_secure_connections read_compliance_export_job sysconsole_write_compliance_custom_terms_of_service read_user_access_token edit_post sysconsole_write_environment_logging sysconsole_read_environment_push_notification_server sysconsole_write_site_customization read_other_users_teams read_elasticsearch_post_aggregation_job sysconsole_write_compliance_data_retention_policy sysconsole_read_user_management_permissions sysconsole_read_site_emoji sysconsole_read_compliance_data_retention_policy read_license_information sysconsole_read_experimental_features read_deleted_posts sysconsole_read_environment_logging sysconsole_read_reporting_site_statistics test_elasticsearch sysconsole_read_site_posts add_reaction sysconsole_write_authentication_signup manage_outgoing_webhooks create_post_ephemeral sysconsole_read_environment_image_proxy invite_user manage_others_outgoing_webhooks create_user_access_token sysconsole_write_environment_image_proxy sysconsole_write_products_boards read_elasticsearch_post_indexing_job purge_bleve_indexes sysconsole_write_environment_performance_monitoring sysconsole_write_authentication_guest_access sysconsole_read_compliance_custom_terms_of_service edit_others_posts sysconsole_write_billing get_saml_metadata_from_idp sysconsole_write_authentication_saml create_post_bleve_indexes_job invalidate_caches sysconsole_write_experimental_bleve view_members manage_others_bots run_create join_private_teams convert_private_channel_to_public read_audits assign_bot read_jobs remove_user_from_team revoke_user_access_token manage_team sysconsole_read_reporting_server_logs get_public_link manage_others_slash_commands manage_system delete_public_channel read_private_channel_groups sysconsole_read_authentication_mfa delete_emojis list_private_teams create_emojis sysconsole_read_billing sysconsole_write_site_emoji invalidate_email_invite sysconsole_write_environment_file_storage sysconsole_write_compliance_compliance_monitoring remove_saml_public_cert sysconsole_read_compliance_compliance_export sysconsole_read_site_localization manage_team_roles list_public_teams get_logs sysconsole_write_integrations_integration_management sysconsole_read_integrations_cors manage_oauth delete_others_emojis sysconsole_write_integrations_gif manage_incoming_webhooks sysconsole_write_authentication_email create_private_channel playbook_private_make_public manage_bots add_ldap_public_cert remove_ldap_public_cert sysconsole_write_site_notifications sysconsole_write_environment_developer playbook_private_manage_members sysconsole_read_user_management_teams edit_custom_group remove_reaction playbook_public_manage_roles sysconsole_write_reporting_server_logs read_others_bots sysconsole_write_site_posts sysconsole_read_site_notifications sysconsole_read_authentication_password playbook_private_view manage_system_wide_oauth get_analytics list_team_channels sysconsole_write_user_management_channels delete_private_channel manage_custom_group_members test_s3 create_ldap_sync_job sysconsole_read_integrations_integration_management test_site_url recycle_database_connections sysconsole_read_site_announcement_banner test_email manage_shared_channels read_bots sysconsole_write_environment_smtp sysconsole_read_experimental_bleve sysconsole_write_environment_push_notification_server sysconsole_write_user_management_permissions sysconsole_read_environment_elasticsearch sysconsole_write_reporting_site_statistics sysconsole_write_site_users_and_teams demote_to_guest create_team test_ldap remove_saml_idp_cert delete_others_posts edit_other_users sysconsole_write_reporting_team_statistics sysconsole_read_integrations_gif sysconsole_read_site_notices sysconsole_write_about_edition_and_license manage_others_incoming_webhooks run_manage_members create_bot sysconsole_write_authentication_mfa sysconsole_read_user_management_users assign_system_admin_role sysconsole_write_experimental_features edit_brand create_group_channel sysconsole_write_authentication_openid create_direct_channel manage_license_information reload_config manage_channel_roles sysconsole_read_user_management_groups create_compliance_export_job read_ldap_sync_job upload_file sysconsole_read_site_file_sharing_and_downloads delete_custom_group sysconsole_read_user_management_channels sysconsole_write_compliance_compliance_export remove_saml_private_cert sysconsole_read_environment_performance_monitoring create_public_channel sysconsole_write_integrations_cors sysconsole_write_environment_high_availability playbook_public_make_private run_manage_properties sysconsole_read_reporting_team_statistics convert_public_channel_to_private', system_custom_group_admin: 'create_custom_group edit_custom_group delete_custom_group restore_custom_group manage_custom_group_members', system_guest: 'create_group_channel create_direct_channel', system_manager: ' sysconsole_read_site_announcement_banner manage_private_channel_properties edit_brand read_private_channel_groups manage_private_channel_members manage_team_roles sysconsole_write_environment_session_lengths sysconsole_read_site_emoji sysconsole_write_environment_developer sysconsole_read_user_management_groups sysconsole_write_user_management_groups sysconsole_write_environment_rate_limiting delete_private_channel sysconsole_read_environment_performance_monitoring sysconsole_read_environment_rate_limiting sysconsole_write_user_management_teams sysconsole_write_integrations_integration_management sysconsole_write_site_public_links sysconsole_read_authentication_ldap sysconsole_write_integrations_cors reload_config sysconsole_write_user_management_channels sysconsole_read_environment_high_availability sysconsole_read_site_users_and_teams sysconsole_read_user_management_teams sysconsole_write_site_users_and_teams sysconsole_read_site_customization sysconsole_write_environment_high_availability sysconsole_read_integrations_bot_accounts sysconsole_read_authentication_guest_access sysconsole_read_site_public_links read_elasticsearch_post_indexing_job sysconsole_read_user_management_channels sysconsole_read_reporting_team_statistics invalidate_caches sysconsole_read_authentication_signup read_elasticsearch_post_aggregation_job sysconsole_write_environment_smtp manage_public_channel_members list_public_teams add_user_to_team sysconsole_read_environment_web_server sysconsole_read_site_localization get_logs sysconsole_write_site_posts sysconsole_write_integrations_bot_accounts sysconsole_write_user_management_permissions sysconsole_read_environment_elasticsearch sysconsole_read_environment_smtp list_private_teams read_public_channel_groups sysconsole_write_environment_file_storage sysconsole_write_integrations_gif manage_public_channel_properties sysconsole_write_environment_performance_monitoring sysconsole_write_site_notifications sysconsole_read_site_notifications sysconsole_read_environment_image_proxy sysconsole_write_site_announcement_banner sysconsole_write_site_emoji test_site_url sysconsole_read_integrations_gif sysconsole_write_environment_logging convert_public_channel_to_private get_analytics sysconsole_read_user_management_permissions sysconsole_write_environment_image_proxy test_elasticsearch recycle_database_connections sysconsole_write_site_localization sysconsole_read_reporting_server_logs create_elasticsearch_post_indexing_job sysconsole_read_reporting_site_statistics test_ldap delete_public_channel sysconsole_write_environment_push_notification_server read_license_information sysconsole_write_products_boards sysconsole_read_about_edition_and_license convert_private_channel_to_public sysconsole_read_integrations_integration_management create_elasticsearch_post_aggregation_job purge_elasticsearch_indexes sysconsole_read_environment_database join_public_teams sysconsole_read_authentication_email sysconsole_read_environment_push_notification_server view_team read_channel sysconsole_read_authentication_password read_ldap_sync_job sysconsole_read_integrations_cors sysconsole_read_environment_logging manage_team sysconsole_read_authentication_openid read_public_channel sysconsole_write_environment_elasticsearch sysconsole_read_plugins manage_channel_roles remove_user_from_team test_email sysconsole_write_site_file_sharing_and_downloads test_s3 sysconsole_read_site_file_sharing_and_downloads sysconsole_read_site_notices sysconsole_read_environment_file_storage join_private_teams sysconsole_read_products_boards sysconsole_read_environment_session_lengths sysconsole_write_environment_database sysconsole_read_authentication_saml sysconsole_read_authentication_mfa sysconsole_write_site_notices sysconsole_write_environment_web_server sysconsole_read_site_posts sysconsole_read_environment_developer sysconsole_write_site_customization', diff --git a/server/channels/api4/channel.go b/server/channels/api4/channel.go index 9b2e32d1c4..ba433e73a0 100644 --- a/server/channels/api4/channel.go +++ b/server/channels/api4/channel.go @@ -711,8 +711,8 @@ func getPinnedPosts(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), c.Params.ChannelId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } diff --git a/server/channels/api4/file.go b/server/channels/api4/file.go index 2df9a110fc..a070c10193 100644 --- a/server/channels/api4/file.go +++ b/server/channels/api4/file.go @@ -463,8 +463,8 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { } audit.AddEventParameterAuditable(auditRec, "file", info) - if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -495,8 +495,8 @@ func getFileThumbnail(c *Context, w http.ResponseWriter, r *http.Request) { return } - if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -538,8 +538,8 @@ func getFileLink(c *Context, w http.ResponseWriter, r *http.Request) { } audit.AddEventParameterAuditable(auditRec, "file", info) - if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -571,8 +571,8 @@ func getFilePreview(c *Context, w http.ResponseWriter, r *http.Request) { return } - if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -605,8 +605,8 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) { return } - if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if info.CreatorId != c.AppContext.Session().UserId && !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), info.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } diff --git a/server/channels/api4/integration_action.go b/server/channels/api4/integration_action.go index 75b9cc5253..7b7addb88a 100644 --- a/server/channels/api4/integration_action.go +++ b/server/channels/api4/integration_action.go @@ -44,13 +44,13 @@ func doPostAction(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("DoPostAction", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err) return } - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), cookie.ChannelId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), cookie.ChannelId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } } else { - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } } @@ -108,8 +108,8 @@ func submitDialog(c *Context, w http.ResponseWriter, r *http.Request) { submit.UserId = c.AppContext.Session().UserId - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), submit.ChannelId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), submit.ChannelId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } diff --git a/server/channels/api4/post.go b/server/channels/api4/post.go index fe2b553583..6e60a82f26 100644 --- a/server/channels/api4/post.go +++ b/server/channels/api4/post.go @@ -249,8 +249,8 @@ func getPostsForChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channelId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channelId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -333,8 +333,8 @@ func getPostsForChannelAroundLastUnread(c *Context, w http.ResponseWriter, r *ht } channelId := c.Params.ChannelId - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channelId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channelId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -424,7 +424,7 @@ func getFlaggedPostsForUser(c *Context, w http.ResponseWriter, r *http.Request) if !ok { allowed = false - if c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), post.ChannelId, model.PermissionReadChannelContent) { + if c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), post.ChannelId, model.PermissionReadChannel) { allowed = true } @@ -529,7 +529,7 @@ func getPostsByIds(c *Context, w http.ResponseWriter, r *http.Request) { channelMap[channel.Id] = channel } - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionReadChannelContent) { + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionReadChannel) { if channel.Type != model.ChannelTypeOpen || (channel.Type == model.ChannelTypeOpen && !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), channel.TeamId, model.PermissionReadPublicChannel)) { continue } @@ -942,8 +942,8 @@ func setPostUnread(c *Context, w http.ResponseWriter, r *http.Request) { c.SetPermissionError(model.PermissionEditOtherUsers) return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -967,8 +967,8 @@ func setPostReminder(c *Context, w http.ResponseWriter, r *http.Request) { c.SetPermissionError(model.PermissionEditOtherUsers) return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -997,8 +997,8 @@ func saveIsPinnedPost(c *Context, w http.ResponseWriter, isPinned bool) { audit.AddEventParameter(auditRec, "post_id", c.Params.PostId) defer c.LogAuditRecWithLevel(auditRec, app.LevelContent) - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -1049,8 +1049,8 @@ func acknowledgePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -1086,8 +1086,8 @@ func unacknowledgePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -1112,8 +1112,8 @@ func getFileInfosForPost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } diff --git a/server/channels/api4/preference.go b/server/channels/api4/preference.go index c9e61b50c0..e3a71b487d 100644 --- a/server/channels/api4/preference.go +++ b/server/channels/api4/preference.go @@ -116,8 +116,8 @@ func updatePreferences(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), post.ChannelId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), post.ChannelId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } } diff --git a/server/channels/api4/reaction.go b/server/channels/api4/reaction.go index e0cf409a3d..d6adc0f687 100644 --- a/server/channels/api4/reaction.go +++ b/server/channels/api4/reaction.go @@ -57,8 +57,8 @@ func getReactions(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.PostId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -121,8 +121,8 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) { func getBulkReactions(c *Context, w http.ResponseWriter, r *http.Request) { postIds := model.ArrayFromJSON(r.Body) for _, postId := range postIds { - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), postId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), postId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } } diff --git a/server/channels/api4/user.go b/server/channels/api4/user.go index 30204b9076..b3f2a459a3 100644 --- a/server/channels/api4/user.go +++ b/server/channels/api4/user.go @@ -3111,8 +3111,8 @@ func getThreadForUser(c *Context, w http.ResponseWriter, r *http.Request) { c.SetPermissionError(model.PermissionEditOtherUsers) return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } extendedStr := r.URL.Query().Get("extended") @@ -3226,8 +3226,8 @@ func updateReadStateThreadByUser(c *Context, w http.ResponseWriter, r *http.Requ c.SetPermissionError(model.PermissionEditOtherUsers) return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -3262,8 +3262,8 @@ func setUnreadThreadByPostId(c *Context, w http.ResponseWriter, r *http.Request) return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -3296,8 +3296,8 @@ func unfollowThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) { c.SetPermissionError(model.PermissionEditOtherUsers) return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } @@ -3329,8 +3329,8 @@ func followThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannelContent) { - c.SetPermissionError(model.PermissionReadChannelContent) + if !c.App.SessionHasPermissionToChannelByPost(*c.AppContext.Session(), c.Params.ThreadId, model.PermissionReadChannel) { + c.SetPermissionError(model.PermissionReadChannel) return } diff --git a/server/channels/api4/webhook.go b/server/channels/api4/webhook.go index 47e11fe490..037624f5c6 100644 --- a/server/channels/api4/webhook.go +++ b/server/channels/api4/webhook.go @@ -51,9 +51,9 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionReadChannelContent) { + if channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionReadChannel) { c.LogAudit("fail - bad channel permissions") - c.SetPermissionError(model.PermissionReadChannelContent) + c.SetPermissionError(model.PermissionReadChannel) return } @@ -155,9 +155,9 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionReadChannelContent) { + if channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), channel.Id, model.PermissionReadChannel) { c.LogAudit("fail - bad channel permissions") - c.SetPermissionError(model.PermissionReadChannelContent) + c.SetPermissionError(model.PermissionReadChannel) return } @@ -260,7 +260,7 @@ func getIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { } if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PermissionManageIncomingWebhooks) || - (channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), hook.ChannelId, model.PermissionReadChannelContent)) { + (channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), hook.ChannelId, model.PermissionReadChannel)) { c.LogAudit("fail - bad permissions") c.SetPermissionError(model.PermissionManageIncomingWebhooks) return @@ -314,7 +314,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { auditRec.AddMeta("team_id", hook.TeamId) if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), hook.TeamId, model.PermissionManageIncomingWebhooks) || - (channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), hook.ChannelId, model.PermissionReadChannelContent)) { + (channel.Type != model.ChannelTypeOpen && !c.App.SessionHasPermissionToChannel(c.AppContext, *c.AppContext.Session(), hook.ChannelId, model.PermissionReadChannel)) { c.LogAudit("fail - bad permissions") c.SetPermissionError(model.PermissionManageIncomingWebhooks) return diff --git a/server/channels/app/app_test.go b/server/channels/app/app_test.go index 0a3237a365..4cdeacb28e 100644 --- a/server/channels/app/app_test.go +++ b/server/channels/app/app_test.go @@ -112,7 +112,6 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) { expected1 := map[string][]string{ "channel_user": { model.PermissionReadChannel.Id, - model.PermissionReadChannelContent.Id, model.PermissionAddReaction.Id, model.PermissionRemoveReaction.Id, model.PermissionManagePublicChannelMembers.Id, diff --git a/server/channels/app/authorization.go b/server/channels/app/authorization.go index de20eb869f..5ef7b80833 100644 --- a/server/channels/app/authorization.go +++ b/server/channels/app/authorization.go @@ -404,5 +404,5 @@ func (a *App) SessionHasPermissionToManageBot(session model.Session, botUserId s } func (a *App) HasPermissionToReadChannel(c request.CTX, userID string, channel *model.Channel) bool { - return a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionReadChannelContent) || (channel.Type == model.ChannelTypeOpen && a.HasPermissionToTeam(userID, channel.TeamId, model.PermissionReadPublicChannel)) + return a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionReadChannel) || (channel.Type == model.ChannelTypeOpen && a.HasPermissionToTeam(userID, channel.TeamId, model.PermissionReadPublicChannel)) } diff --git a/server/channels/app/authorization_test.go b/server/channels/app/authorization_test.go index 7ed67118a5..7b36e6e90d 100644 --- a/server/channels/app/authorization_test.go +++ b/server/channels/app/authorization_test.go @@ -33,13 +33,11 @@ func TestCheckIfRolesGrantPermission(t *testing.T) { {[]string{model.SystemAdminRoleId}, model.PermissionManageSystem.Id, true}, {[]string{model.SystemAdminRoleId}, "non-existent-permission", false}, {[]string{model.ChannelUserRoleId}, model.PermissionReadChannel.Id, true}, - {[]string{model.ChannelUserRoleId}, model.PermissionReadChannelContent.Id, true}, {[]string{model.ChannelUserRoleId}, model.PermissionManageSystem.Id, false}, {[]string{model.SystemAdminRoleId, model.ChannelUserRoleId}, model.PermissionManageSystem.Id, true}, {[]string{model.ChannelUserRoleId, model.SystemAdminRoleId}, model.PermissionManageSystem.Id, true}, {[]string{model.TeamUserRoleId, model.TeamAdminRoleId}, model.PermissionManageSlashCommands.Id, true}, {[]string{model.TeamAdminRoleId, model.TeamUserRoleId}, model.PermissionManageSlashCommands.Id, true}, - {[]string{model.ChannelGuestRoleId}, model.PermissionReadChannelContent.Id, true}, } for _, testcase := range cases { diff --git a/server/channels/app/permissions_migrations.go b/server/channels/app/permissions_migrations.go index 0b43919a73..e0fefa0b1f 100644 --- a/server/channels/app/permissions_migrations.go +++ b/server/channels/app/permissions_migrations.go @@ -1092,25 +1092,6 @@ func (a *App) getProductsBoardsPermissions() (permissionsMap, error) { return transformations, nil } -func (a *App) getAddChannelReadContentPermissions() (permissionsMap, error) { - t := []permissionTransformation{} - - readChannelContentPermissions := []string{ - model.PermissionReadChannelContent.Id, - } - - t = append(t, permissionTransformation{ - On: permissionOr( - isExactRole(model.SystemAdminRoleId), - isExactRole(model.ChannelUserRoleId), - isExactRole(model.ChannelGuestRoleId), - ), - Add: readChannelContentPermissions, - }) - - return t, nil -} - // DoPermissionsMigrations execute all the permissions migrations need by the current version. func (a *App) DoPermissionsMigrations() error { return a.Srv().doPermissionsMigrations() @@ -1154,7 +1135,6 @@ func (s *Server) doPermissionsMigrations() error { {Key: model.MigrationKeyAddPlayboosksManageRolesPermissions, Migration: a.getPlaybooksPermissionsAddManageRoles}, {Key: model.MigrationKeyAddProductsBoardsPermissions, Migration: a.getProductsBoardsPermissions}, {Key: model.MigrationKeyAddCustomUserGroupsPermissionRestore, Migration: a.getAddCustomUserGroupsPermissionRestore}, - {Key: model.MigrationKeyAddReadChannelContentPermissions, Migration: a.getAddChannelReadContentPermissions}, } roles, err := s.Store().Role().GetAll() diff --git a/server/channels/app/post.go b/server/channels/app/post.go index 48651dc8e8..05ec078bb9 100644 --- a/server/channels/app/post.go +++ b/server/channels/app/post.go @@ -1995,13 +1995,13 @@ func (a *App) GetPostIfAuthorized(c request.CTX, postID string, session *model.S return nil, err } - if !a.SessionHasPermissionToChannel(c, *session, channel.Id, model.PermissionReadChannelContent) { + if !a.SessionHasPermissionToChannel(c, *session, channel.Id, model.PermissionReadChannel) { if channel.Type == model.ChannelTypeOpen { if !a.SessionHasPermissionToTeam(*session, channel.TeamId, model.PermissionReadPublicChannel) { return nil, a.MakePermissionError(session, []*model.Permission{model.PermissionReadPublicChannel}) } } else { - return nil, a.MakePermissionError(session, []*model.Permission{model.PermissionReadChannelContent}) + return nil, a.MakePermissionError(session, []*model.Permission{model.PermissionReadChannel}) } } @@ -2217,7 +2217,7 @@ func (a *App) GetPostInfo(c request.CTX, postID string) (*model.PostInfo, *model } else if channel.Type == model.ChannelTypePrivate { hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionManagePrivateChannelMembers) } else if channel.Type == model.ChannelTypeDirect || channel.Type == model.ChannelTypeGroup { - hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionReadChannelContent) + hasPermissionToAccessChannel = a.HasPermissionToChannel(c, userID, channel.Id, model.PermissionReadChannel) } if !hasPermissionToAccessChannel { diff --git a/server/channels/app/webhook.go b/server/channels/app/webhook.go index e5600ef373..9f98d22ca7 100644 --- a/server/channels/app/webhook.go +++ b/server/channels/app/webhook.go @@ -775,7 +775,7 @@ func (a *App) HandleIncomingWebhook(c *request.Context, hookID string, req *mode return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.user.app_error", nil, "", http.StatusForbidden).Wrap(result.NErr) } - if channel.Type != model.ChannelTypeOpen && !a.HasPermissionToChannel(c, hook.UserId, channel.Id, model.PermissionReadChannelContent) { + if channel.Type != model.ChannelTypeOpen && !a.HasPermissionToChannel(c, hook.UserId, channel.Id, model.PermissionReadChannel) { return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.permissions.app_error", nil, "", http.StatusForbidden) } diff --git a/server/channels/store/sqlstore/integrity_test.go b/server/channels/store/sqlstore/integrity_test.go index 76b61ad2cc..a10c8ddaa4 100644 --- a/server/channels/store/sqlstore/integrity_test.go +++ b/server/channels/store/sqlstore/integrity_test.go @@ -258,7 +258,6 @@ func createDefaultRoles(ss store.Store) { DisplayName: model.ChannelUserRoleId, Permissions: []string{ model.PermissionReadChannel.Id, - model.PermissionReadChannelContent.Id, model.PermissionCreatePost.Id, }, }) @@ -268,7 +267,6 @@ func createDefaultRoles(ss store.Store) { DisplayName: model.ChannelGuestRoleId, Permissions: []string{ model.PermissionReadChannel.Id, - model.PermissionReadChannelContent.Id, model.PermissionCreatePost.Id, }, }) diff --git a/server/channels/store/storetest/scheme_store.go b/server/channels/store/storetest/scheme_store.go index fb7de168a9..5423015a79 100644 --- a/server/channels/store/storetest/scheme_store.go +++ b/server/channels/store/storetest/scheme_store.go @@ -67,7 +67,6 @@ func createDefaultRoles(ss store.Store) { DisplayName: model.ChannelUserRoleId, Permissions: []string{ model.PermissionReadChannel.Id, - model.PermissionReadChannelContent.Id, model.PermissionCreatePost.Id, }, }) @@ -77,7 +76,6 @@ func createDefaultRoles(ss store.Store) { DisplayName: model.ChannelGuestRoleId, Permissions: []string{ model.PermissionReadChannel.Id, - model.PermissionReadChannelContent.Id, model.PermissionCreatePost.Id, }, }) @@ -160,7 +158,7 @@ func testSchemeStoreSave(t *testing.T, ss store.Store) { role4, err := ss.Role().GetByName(context.Background(), d1.DefaultChannelUserRole) assert.NoError(t, err) - assert.Equal(t, role4.Permissions, []string{"read_channel", "read_channel_content", "create_post"}) + assert.Equal(t, role4.Permissions, []string{"read_channel", "create_post"}) assert.True(t, role4.SchemeManaged) role5, err := ss.Role().GetByName(context.Background(), d1.DefaultTeamGuestRole) @@ -170,7 +168,7 @@ func testSchemeStoreSave(t *testing.T, ss store.Store) { role6, err := ss.Role().GetByName(context.Background(), d1.DefaultChannelGuestRole) assert.NoError(t, err) - assert.Equal(t, role6.Permissions, []string{"read_channel", "read_channel_content", "create_post"}) + assert.Equal(t, role6.Permissions, []string{"read_channel", "create_post"}) assert.True(t, role6.SchemeManaged) // Change the scheme description and update. @@ -388,7 +386,7 @@ func testSchemeStoreDelete(t *testing.T, ss store.Store) { role4, err := ss.Role().GetByName(context.Background(), d1.DefaultChannelUserRole) assert.NoError(t, err) - assert.Equal(t, role4.Permissions, []string{"read_channel", "read_channel_content", "create_post"}) + assert.Equal(t, role4.Permissions, []string{"read_channel", "create_post"}) assert.True(t, role4.SchemeManaged) role5, err := ss.Role().GetByName(context.Background(), d1.DefaultTeamGuestRole) @@ -398,7 +396,7 @@ func testSchemeStoreDelete(t *testing.T, ss store.Store) { role6, err := ss.Role().GetByName(context.Background(), d1.DefaultChannelGuestRole) assert.NoError(t, err) - assert.Equal(t, role6.Permissions, []string{"read_channel", "read_channel_content", "create_post"}) + assert.Equal(t, role6.Permissions, []string{"read_channel", "create_post"}) assert.True(t, role6.SchemeManaged) // Delete the scheme. diff --git a/server/channels/testlib/store.go b/server/channels/testlib/store.go index 6937f0456b..05af2385b4 100644 --- a/server/channels/testlib/store.go +++ b/server/channels/testlib/store.go @@ -70,7 +70,6 @@ func GetMockStoreForSetupFunctions() *mocks.Store { systemStore.On("GetByName", model.MigrationKeyAddCustomUserGroupsPermissions).Return(&model.System{Name: model.MigrationKeyAddCustomUserGroupsPermissions, Value: "true"}, nil) systemStore.On("GetByName", model.MigrationKeyAddPlayboosksManageRolesPermissions).Return(&model.System{Name: model.MigrationKeyAddPlayboosksManageRolesPermissions, Value: "true"}, nil) systemStore.On("GetByName", model.MigrationKeyAddCustomUserGroupsPermissionRestore).Return(&model.System{Name: model.MigrationKeyAddCustomUserGroupsPermissionRestore, Value: "true"}, nil) - systemStore.On("GetByName", model.MigrationKeyAddReadChannelContentPermissions).Return(&model.System{Name: model.MigrationKeyAddReadChannelContentPermissions, Value: "true"}, nil) systemStore.On("GetByName", "CustomGroupAdminRoleCreationMigrationComplete").Return(&model.System{Name: model.MigrationKeyAddPlayboosksManageRolesPermissions, Value: "true"}, nil) systemStore.On("GetByName", "products_boards").Return(&model.System{Name: "products_boards", Value: "true"}, nil) systemStore.On("GetByName", "elasticsearch_fix_channel_index_migration").Return(&model.System{Name: "elasticsearch_fix_channel_index_migration", Value: "true"}, nil) diff --git a/server/public/model/migration.go b/server/public/model/migration.go index 480080b872..159bf53f1e 100644 --- a/server/public/model/migration.go +++ b/server/public/model/migration.go @@ -40,7 +40,6 @@ const ( MigrationKeyAddPlayboosksManageRolesPermissions = "playbooks_manage_roles" MigrationKeyAddProductsBoardsPermissions = "products_boards" MigrationKeyAddCustomUserGroupsPermissionRestore = "custom_groups_permission_restore" - MigrationKeyAddReadChannelContentPermissions = "read_channel_content_permissions" MigrationKeyElasticsearchFixChannelIndex = "elasticsearch_fix_channel_index_migration" MigrationKeyS3Path = "s3_path_migration" ) diff --git a/server/public/model/permission.go b/server/public/model/permission.go index 88c35798fb..43c48b74a7 100644 --- a/server/public/model/permission.go +++ b/server/public/model/permission.go @@ -51,7 +51,6 @@ var PermissionDeletePublicChannel *Permission var PermissionDeletePrivateChannel *Permission var PermissionEditOtherUsers *Permission var PermissionReadChannel *Permission -var PermissionReadChannelContent *Permission var PermissionReadPublicChannelGroups *Permission var PermissionReadPrivateChannelGroups *Permission var PermissionReadPublicChannel *Permission @@ -562,12 +561,6 @@ func initializePermissions() { "authentication.permissions.read_channel.description", PermissionScopeChannel, } - PermissionReadChannelContent = &Permission{ - "read_channel_content", - "authentication.permissions.read_channel_content.name", - "authentication.permissions.read_channel_content.description", - PermissionScopeChannel, - } PermissionReadPublicChannelGroups = &Permission{ "read_public_channel_groups", "authentication.permissions.read_public_channel_groups.name", @@ -2336,7 +2329,6 @@ func initializePermissions() { PermissionDeletePublicChannel, PermissionDeletePrivateChannel, PermissionReadChannel, - PermissionReadChannelContent, PermissionReadPublicChannelGroups, PermissionReadPrivateChannelGroups, PermissionAddReaction, diff --git a/server/public/model/role.go b/server/public/model/role.go index d79a561937..4fba0c64f7 100644 --- a/server/public/model/role.go +++ b/server/public/model/role.go @@ -749,7 +749,6 @@ func MakeDefaultRoles() map[string]*Role { Description: "authentication.roles.channel_guest.description", Permissions: []string{ PermissionReadChannel.Id, - PermissionReadChannelContent.Id, PermissionAddReaction.Id, PermissionRemoveReaction.Id, PermissionUploadFile.Id, @@ -767,7 +766,6 @@ func MakeDefaultRoles() map[string]*Role { Description: "authentication.roles.channel_user.description", Permissions: []string{ PermissionReadChannel.Id, - PermissionReadChannelContent.Id, PermissionAddReaction.Id, PermissionRemoveReaction.Id, PermissionManagePublicChannelMembers.Id, diff --git a/webapp/channels/src/components/admin_console/permission_schemes_settings/guest_permissions_tree/index.tsx b/webapp/channels/src/components/admin_console/permission_schemes_settings/guest_permissions_tree/index.tsx index 79f79eb537..52255c2a57 100644 --- a/webapp/channels/src/components/admin_console/permission_schemes_settings/guest_permissions_tree/index.tsx +++ b/webapp/channels/src/components/admin_console/permission_schemes_settings/guest_permissions_tree/index.tsx @@ -17,8 +17,6 @@ export const GUEST_INCLUDED_PERMISSIONS = [ Permissions.DELETE_POST, Permissions.ADD_REACTION, Permissions.REMOVE_REACTION, - Permissions.READ_CHANNEL, - Permissions.UPLOAD_FILE, Permissions.USE_CHANNEL_MENTIONS, Permissions.USE_GROUP_MENTIONS, Permissions.CREATE_POST, diff --git a/webapp/channels/src/packages/mattermost-redux/src/constants/permissions.ts b/webapp/channels/src/packages/mattermost-redux/src/constants/permissions.ts index 1054aadd96..19ff5a3ccb 100644 --- a/webapp/channels/src/packages/mattermost-redux/src/constants/permissions.ts +++ b/webapp/channels/src/packages/mattermost-redux/src/constants/permissions.ts @@ -33,7 +33,6 @@ const values = { DELETE_PRIVATE_CHANNEL: 'delete_private_channel', EDIT_OTHER_USERS: 'edit_other_users', READ_CHANNEL: 'read_channel', - READ_CHANNEL_CONTENT: 'read_channel_content', READ_PUBLIC_CHANNEL: 'read_public_channel', ADD_REACTION: 'add_reaction', REMOVE_REACTION: 'remove_reaction', @@ -108,7 +107,6 @@ const values = { CREATE_ELASTICSEARCH_POST_AGGREGATION_JOB: 'create_elasticsearch_post_aggregation_job', READ_ELASTICSEARCH_POST_INDEXING_JOB: 'read_elasticsearch_post_indexing_job', READ_ELASTICSEARCH_POST_AGGREGATION_JOB: 'read_elasticsearch_post_aggregation_job', - USE_SLASH_COMMANDS: 'use_slash_commands', SYSCONSOLE_READ_ABOUT_EDITION_AND_LICENSE: 'sysconsole_read_about_edition_and_license', SYSCONSOLE_WRITE_ABOUT_EDITION_AND_LICENSE: 'sysconsole_write_about_edition_and_license', diff --git a/webapp/channels/src/utils/constants.tsx b/webapp/channels/src/utils/constants.tsx index fb19606eca..5ad1eaef27 100644 --- a/webapp/channels/src/utils/constants.tsx +++ b/webapp/channels/src/utils/constants.tsx @@ -1184,7 +1184,6 @@ export const PermissionsScope = { [Permissions.DELETE_PRIVATE_CHANNEL]: 'channel_scope', [Permissions.EDIT_OTHER_USERS]: 'system_scope', [Permissions.READ_CHANNEL]: 'channel_scope', - [Permissions.READ_CHANNEL_CONTENT]: 'channel_scope', [Permissions.READ_PUBLIC_CHANNEL]: 'team_scope', [Permissions.ADD_REACTION]: 'channel_scope', [Permissions.REMOVE_REACTION]: 'channel_scope', @@ -1244,13 +1243,13 @@ export const PermissionsScope = { [Permissions.DELETE_CUSTOM_GROUP]: 'system_scope', [Permissions.RESTORE_CUSTOM_GROUP]: 'system_scope', [Permissions.MANAGE_CUSTOM_GROUP_MEMBERS]: 'system_scope', - [Permissions.USE_SLASH_COMMANDS]: 'channel_scope', }; export const DefaultRolePermissions = { all_users: [ Permissions.CREATE_DIRECT_CHANNEL, Permissions.CREATE_GROUP_CHANNEL, + Permissions.PERMANENT_DELETE_USER, Permissions.CREATE_TEAM, Permissions.LIST_TEAM_CHANNELS, Permissions.JOIN_PUBLIC_CHANNELS, @@ -1265,7 +1264,6 @@ export const DefaultRolePermissions = { Permissions.INVITE_USER, Permissions.ADD_USER_TO_TEAM, Permissions.READ_CHANNEL, - Permissions.READ_CHANNEL_CONTENT, Permissions.ADD_REACTION, Permissions.REMOVE_REACTION, Permissions.MANAGE_PUBLIC_CHANNEL_MEMBERS, @@ -1277,6 +1275,8 @@ export const DefaultRolePermissions = { Permissions.MANAGE_PRIVATE_CHANNEL_MEMBERS, Permissions.DELETE_POST, Permissions.EDIT_POST, + Permissions.LIST_PUBLIC_TEAMS, + Permissions.JOIN_PUBLIC_TEAMS, Permissions.USE_CHANNEL_MENTIONS, Permissions.USE_GROUP_MENTIONS, Permissions.CREATE_CUSTOM_GROUP, @@ -1289,13 +1289,8 @@ export const DefaultRolePermissions = { Permissions.PLAYBOOK_PRIVATE_MANAGE_MEMBERS, Permissions.PLAYBOOK_PUBLIC_MANAGE_PROPERTIES, Permissions.PLAYBOOK_PRIVATE_MANAGE_PROPERTIES, + Permissions.PLAYBOOK_PUBLIC_MAKE_PRIVATE, Permissions.RUN_CREATE, - Permissions.USE_SLASH_COMMANDS, - Permissions.DELETE_EMOJIS, - Permissions.INVITE_GUEST, - Permissions.CREATE_EMOJIS, - Permissions.RUN_VIEW, - Permissions.RESTORE_CUSTOM_GROUP, ], channel_admin: [ Permissions.MANAGE_CHANNEL_ROLES,