MM-27909: Add manage_shared_channels permission (#15601)

* MM-27909: Add manage_shared_channels permission We add a new permission to manage shared channels. It's a channel scoped permission and only the system admin has that by default. https://mattermost.atlassian.net/browse/MM-27909 * change to system scoped * Trigger CI * Trigger CI Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
2025-02-25 18:55:24 -06:00 · 2020-10-26 15:54:50 +05:30
parent 96f1739f8f
commit 72432ab3ff
5 changed files with 22 additions and 0 deletions
--- a/app/app_test.go
+++ b/app/app_test.go
@@ -180,6 +180,7 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
 		},
 		"system_admin": allPermissionIDs,
 	}
+	assert.Contains(t, allPermissionIDs, model.PERMISSION_MANAGE_SHARED_CHANNELS.Id, "manage_shared_channels permission not found")

 	// Check the migration matches what's expected.
 	for name, permissions := range expected1 {
--- a/app/permissions_migrations.go
+++ b/app/permissions_migrations.go
@@ -69,6 +69,7 @@ const (
 	PERMISSION_READ_PUBLIC_CHANNEL_GROUPS        = "read_public_channel_groups"
 	PERMISSION_READ_PRIVATE_CHANNEL_GROUPS       = "read_private_channel_groups"
 	PERMISSION_EDIT_BRAND                        = "edit_brand"
+	PERMISSION_MANAGE_SHARED_CHANNELS            = "manage_shared_channels"
 )

 func isRole(roleName string) func(*model.Role, map[string]map[string]bool) bool {
@@ -501,6 +502,15 @@ func (a *App) getAddConvertChannelPermissionsMigration() (permissionsMap, error)
 	}, nil
 }

+func (a *App) getAddManageSharedChannelsPermissionsMigration() (permissionsMap, error) {
+	return permissionsMap{
+		permissionTransformation{
+			On:  isRole(model.SYSTEM_ADMIN_ROLE_ID),
+			Add: []string{PERMISSION_MANAGE_SHARED_CHANNELS},
+		},
+	}, nil
+}
+
 // DoPermissionsMigrations execute all the permissions migrations need by the current version.
 func (a *App) DoPermissionsMigrations() error {
 	PermissionsMigrations := []struct {
@@ -520,6 +530,7 @@ func (a *App) DoPermissionsMigrations() error {
 		{Key: model.MIGRATION_KEY_ADD_USE_GROUP_MENTIONS_PERMISSION, Migration: a.getAddUseGroupMentionsPermissionMigration},
 		{Key: model.MIGRATION_KEY_ADD_SYSTEM_CONSOLE_PERMISSIONS, Migration: a.getAddSystemConsolePermissionsMigration},
 		{Key: model.MIGRATION_KEY_ADD_CONVERT_CHANNEL_PERMISSIONS, Migration: a.getAddConvertChannelPermissionsMigration},
+		{Key: model.MIGRATION_KEY_ADD_MANAGE_SHARED_CHANNEL_PERMISSIONS, Migration: a.getAddManageSharedChannelsPermissionsMigration},
 	}

 	for _, migration := range PermissionsMigrations {
--- a/model/migration.go
+++ b/model/migration.go
@@ -21,4 +21,5 @@ const (
 	MIGRATION_KEY_ADD_SYSTEM_CONSOLE_PERMISSIONS              = "add_system_console_permissions"
 	MIGRATION_KEY_SIDEBAR_CATEGORIES_PHASE_2                  = "migration_sidebar_categories_phase_2"
 	MIGRATION_KEY_ADD_CONVERT_CHANNEL_PERMISSIONS             = "add_convert_channel_permissions"
+	MIGRATION_KEY_ADD_MANAGE_SHARED_CHANNEL_PERMISSIONS       = "manage_shared_channel_permissions"
 )
--- a/model/permission.go
+++ b/model/permission.go
@@ -99,6 +99,7 @@ var PERMISSION_USE_CHANNEL_MENTIONS *Permission
 var PERMISSION_USE_GROUP_MENTIONS *Permission
 var PERMISSION_READ_OTHER_USERS_TEAMS *Permission
 var PERMISSION_EDIT_BRAND *Permission
+var PERMISSION_MANAGE_SHARED_CHANNELS *Permission

 var PERMISSION_SYSCONSOLE_READ_ABOUT *Permission
 var PERMISSION_SYSCONSOLE_WRITE_ABOUT *Permission
@@ -516,6 +517,12 @@ func initializePermissions() {
 		"authentication.permissions.delete_others_posts.description",
 		PermissionScopeChannel,
 	}
+	PERMISSION_MANAGE_SHARED_CHANNELS = &Permission{
+		"manage_shared_channels",
+		"authentication.permissions.manage_shared_channels.name",
+		"authentication.permissions.manage_shared_channels.description",
+		PermissionScopeSystem,
+	}
 	PERMISSION_REMOVE_USER_FROM_TEAM = &Permission{
 		"remove_user_from_team",
 		"authentication.permissions.remove_user_from_team.name",
@@ -912,6 +919,7 @@ func initializePermissions() {
 		PERMISSION_PROMOTE_GUEST,
 		PERMISSION_DEMOTE_TO_GUEST,
 		PERMISSION_EDIT_BRAND,
+		PERMISSION_MANAGE_SHARED_CHANNELS,
 	}

 	TeamScopedPermissions := []*Permission{
--- a/testlib/store.go
+++ b/testlib/store.go
@@ -46,6 +46,7 @@ func GetMockStoreForSetupFunctions() *mocks.Store {
 	systemStore.On("GetByName", model.MIGRATION_KEY_ADD_USE_GROUP_MENTIONS_PERMISSION).Return(&model.System{Name: model.MIGRATION_KEY_ADD_USE_GROUP_MENTIONS_PERMISSION, Value: "true"}, nil)
 	systemStore.On("GetByName", model.MIGRATION_KEY_ADD_SYSTEM_CONSOLE_PERMISSIONS).Return(&model.System{Name: model.MIGRATION_KEY_ADD_SYSTEM_CONSOLE_PERMISSIONS, Value: "true"}, nil)
 	systemStore.On("GetByName", model.MIGRATION_KEY_ADD_CONVERT_CHANNEL_PERMISSIONS).Return(&model.System{Name: model.MIGRATION_KEY_ADD_CONVERT_CHANNEL_PERMISSIONS, Value: "true"}, nil)
+	systemStore.On("GetByName", model.MIGRATION_KEY_ADD_MANAGE_SHARED_CHANNEL_PERMISSIONS).Return(&model.System{Name: model.MIGRATION_KEY_ADD_MANAGE_SHARED_CHANNEL_PERMISSIONS, Value: "true"}, nil)
 	systemStore.On("Get").Return(make(model.StringMap), nil)
 	systemStore.On("Save", mock.AnythingOfType("*model.System")).Return(nil)