IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

MM-8827: Add ADD_REACTION, REMOVE_REACTION and REMOVE_OTHERS_REACTIONS permissions (#8300)

Browse Source
This commit is contained in:
Jesús Espino
2018-02-19 12:13:29 +01:00
committed by George Goldberg
parent 0e718a632a
commit 8891fa2a5e
6 changed files with 333 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/reaction.go
View File

@@ -36,8 +36,8 @@ func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_ADD_REACTION) {
c.SetPermissionError(model.PERMISSION_ADD_REACTION)
return
}
@@ -87,8 +87,8 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_REMOVE_REACTION) {
c.SetPermissionError(model.PERMISSION_REMOVE_REACTION)
return
}

12
api4/reaction.go
View File

@@ -32,8 +32,8 @@ func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !c.App.SessionHasPermissionToChannelByPost(c.Session, reaction.PostId, model.PERMISSION_READ_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
if !c.App.SessionHasPermissionToChannelByPost(c.Session, reaction.PostId, model.PERMISSION_ADD_REACTION) {
c.SetPermissionError(model.PERMISSION_ADD_REACTION)
return
}
@@ -82,13 +82,13 @@ func deleteReaction(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if !c.App.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_READ_CHANNEL) {
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
if !c.App.SessionHasPermissionToChannelByPost(c.Session, c.Params.PostId, model.PERMISSION_REMOVE_REACTION) {
c.SetPermissionError(model.PERMISSION_REMOVE_REACTION)
return
}
if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
if c.Params.UserId != c.Session.UserId && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_REMOVE_OTHERS_REACTIONS) {
c.SetPermissionError(model.PERMISSION_REMOVE_OTHERS_REACTIONS)
return
}

464
api4/reaction_test.go
View File

@@ -19,116 +19,159 @@ func TestSaveReaction(t *testing.T) {
userId := th.BasicUser.Id
postId := th.BasicPost.Id
// Check the appropriate permissions are enforced.
defaultRolePermissions := th.SaveDefaultRolePermissions()
defer func() {
th.RestoreDefaultRolePermissions(defaultRolePermissions)
}()
reaction := &model.Reaction{
UserId: userId,
PostId: postId,
EmojiName: "smile",
}
rr, resp := Client.SaveReaction(reaction)
CheckNoError(t, resp)
t.Run("successful-reaction", func(t *testing.T) {
rr, resp := Client.SaveReaction(reaction)
CheckNoError(t, resp)
if rr.UserId != reaction.UserId {
t.Fatal("UserId did not match")
}
if rr.UserId != reaction.UserId {
t.Fatal("UserId did not match")
}
if rr.PostId != reaction.PostId {
t.Fatal("PostId did not match")
}
if rr.PostId != reaction.PostId {
t.Fatal("PostId did not match")
}
if rr.EmojiName != reaction.EmojiName {
t.Fatal("EmojiName did not match")
}
if rr.EmojiName != reaction.EmojiName {
t.Fatal("EmojiName did not match")
}
if rr.CreateAt == 0 {
t.Fatal("CreateAt should exist")
}
if rr.CreateAt == 0 {
t.Fatal("CreateAt should exist")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 {
t.Fatal("didn't save reaction correctly")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 {
t.Fatal("didn't save reaction correctly")
}
})
// saving a duplicate reaction
rr, resp = Client.SaveReaction(reaction)
CheckNoError(t, resp)
t.Run("duplicated-reaction", func(t *testing.T) {
_, resp := Client.SaveReaction(reaction)
CheckNoError(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 {
t.Fatal("should have not save duplicated reaction")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 1 {
t.Fatal("should have not save duplicated reaction")
}
})
reaction.EmojiName = "sad"
t.Run("save-second-reaction", func(t *testing.T) {
reaction.EmojiName = "sad"
rr, resp = Client.SaveReaction(reaction)
CheckNoError(t, resp)
rr, resp := Client.SaveReaction(reaction)
CheckNoError(t, resp)
if rr.EmojiName != reaction.EmojiName {
t.Fatal("EmojiName did not match")
}
if rr.EmojiName != reaction.EmojiName {
t.Fatal("EmojiName did not match")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 2 {
t.Fatal("should have save multiple reactions")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 2 {
t.Fatal("should have save multiple reactions")
}
})
// saving special case
reaction.EmojiName = "+1"
t.Run("saving-special-case", func(t *testing.T) {
reaction.EmojiName = "+1"
rr, resp = Client.SaveReaction(reaction)
CheckNoError(t, resp)
rr, resp := Client.SaveReaction(reaction)
CheckNoError(t, resp)
if rr.EmojiName != reaction.EmojiName {
t.Fatal("EmojiName did not match")
}
if rr.EmojiName != reaction.EmojiName {
t.Fatal("EmojiName did not match")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 3 {
t.Fatal("should have save multiple reactions")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil && len(reactions) != 3 {
t.Fatal("should have save multiple reactions")
}
})
reaction.PostId = GenerateTestId()
t.Run("react-to-not-existing-post-id", func(t *testing.T) {
reaction.PostId = GenerateTestId()
_, resp = Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
})
reaction.PostId = "junk"
t.Run("react-to-not-valid-post-id", func(t *testing.T) {
reaction.PostId = "junk"
_, resp = Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
})
reaction.PostId = postId
reaction.UserId = GenerateTestId()
t.Run("react-as-not-existing-user-id", func(t *testing.T) {
reaction.PostId = postId
reaction.UserId = GenerateTestId()
_, resp = Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
})
reaction.UserId = "junk"
t.Run("react-as-not-valid-user-id", func(t *testing.T) {
reaction.UserId = "junk"
_, resp = Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
})
reaction.UserId = userId
reaction.EmojiName = ""
t.Run("react-as-empty-emoji-name", func(t *testing.T) {
reaction.UserId = userId
reaction.EmojiName = ""
_, resp = Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
})
reaction.EmojiName = strings.Repeat("a", 65)
t.Run("react-as-not-valid-emoji-name", func(t *testing.T) {
reaction.EmojiName = strings.Repeat("a", 65)
_, resp = Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckBadRequestStatus(t, resp)
})
reaction.EmojiName = "smile"
otherUser := th.CreateUser()
Client.Logout()
Client.Login(otherUser.Email, otherUser.Password)
t.Run("react-as-other-user", func(t *testing.T) {
reaction.EmojiName = "smile"
otherUser := th.CreateUser()
Client.Logout()
Client.Login(otherUser.Email, otherUser.Password)
_, resp = Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
_, resp := Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
})
Client.Logout()
_, resp = Client.SaveReaction(reaction)
CheckUnauthorizedStatus(t, resp)
t.Run("react-being-not-logged-in", func(t *testing.T) {
Client.Logout()
_, resp := Client.SaveReaction(reaction)
CheckUnauthorizedStatus(t, resp)
})
_, resp = th.SystemAdminClient.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
t.Run("react-as-other-user-being-system-admin", func(t *testing.T) {
_, resp := th.SystemAdminClient.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
})
t.Run("unable-to-create-reaction-without-permissions", func(t *testing.T) {
th.LoginBasic()
th.RemovePermissionFromRole(model.PERMISSION_ADD_REACTION.Id, model.CHANNEL_USER_ROLE_ID)
_, resp := Client.SaveReaction(reaction)
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 3 {
t.Fatal("should have not created a reactions")
}
th.AddPermissionToRole(model.PERMISSION_ADD_REACTION.Id, model.CHANNEL_USER_ROLE_ID)
})
}
func TestGetReactions(t *testing.T) {
@@ -177,29 +220,39 @@ func TestGetReactions(t *testing.T) {
}
}
rr, resp := Client.GetReactions(postId)
CheckNoError(t, resp)
t.Run("get-reactions", func(t *testing.T) {
rr, resp := Client.GetReactions(postId)
CheckNoError(t, resp)
assert.Len(t, rr, 5)
for _, r := range reactions {
assert.Contains(t, reactions, r)
}
assert.Len(t, rr, 5)
for _, r := range reactions {
assert.Contains(t, reactions, r)
}
})
rr, resp = Client.GetReactions("junk")
CheckBadRequestStatus(t, resp)
t.Run("get-reactions-of-invalid-post-id", func(t *testing.T) {
rr, resp := Client.GetReactions("junk")
CheckBadRequestStatus(t, resp)
assert.Empty(t, rr)
assert.Empty(t, rr)
})
_, resp = Client.GetReactions(GenerateTestId())
CheckForbiddenStatus(t, resp)
t.Run("get-reactions-of-not-existing-post-id", func(t *testing.T) {
_, resp := Client.GetReactions(GenerateTestId())
CheckForbiddenStatus(t, resp)
})
Client.Logout()
t.Run("get-reactions-as-anonymous-user", func(t *testing.T) {
Client.Logout()
_, resp = Client.GetReactions(postId)
CheckUnauthorizedStatus(t, resp)
_, resp := Client.GetReactions(postId)
CheckUnauthorizedStatus(t, resp)
})
_, resp = th.SystemAdminClient.GetReactions(postId)
CheckNoError(t, resp)
t.Run("get-reactions-as-system-admin", func(t *testing.T) {
_, resp := th.SystemAdminClient.GetReactions(postId)
CheckNoError(t, resp)
})
}
func TestDeleteReaction(t *testing.T) {
@@ -216,131 +269,186 @@ func TestDeleteReaction(t *testing.T) {
EmojiName: "smile",
}
th.App.SaveReactionForPost(r1)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("didn't save reaction correctly")
}
ok, resp := Client.DeleteReaction(r1)
CheckNoError(t, resp)
if !ok {
t.Fatal("should have returned true")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 {
t.Fatal("should have deleted reaction")
}
// deleting one reaction when a post has multiple reactions
r2 := &model.Reaction{
UserId: userId,
PostId: postId,
EmojiName: "smile-",
}
th.App.SaveReactionForPost(r1)
th.App.SaveReactionForPost(r2)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("didn't save reactions correctly")
}
_, resp = Client.DeleteReaction(r2)
CheckNoError(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 {
t.Fatal("should have deleted 1 reaction only")
}
// deleting one reaction of name +1
r3 := &model.Reaction{
UserId: userId,
PostId: postId,
EmojiName: "+1",
}
th.App.SaveReactionForPost(r3)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("didn't save reactions correctly")
}
_, resp = Client.DeleteReaction(r3)
CheckNoError(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 {
t.Fatal("should have deleted 1 reaction only")
}
// deleting a reaction made by another user
r4 := &model.Reaction{
UserId: user2Id,
PostId: postId,
EmojiName: "smile_",
}
th.LoginBasic2()
th.App.SaveReactionForPost(r4)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("didn't save reaction correctly")
}
// Check the appropriate permissions are enforced.
defaultRolePermissions := th.SaveDefaultRolePermissions()
defer func() {
th.RestoreDefaultRolePermissions(defaultRolePermissions)
}()
th.LoginBasic()
t.Run("delete-reaction", func(t *testing.T) {
th.App.SaveReactionForPost(r1)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("didn't save reaction correctly")
}
ok, resp = Client.DeleteReaction(r4)
CheckForbiddenStatus(t, resp)
ok, resp := Client.DeleteReaction(r1)
CheckNoError(t, resp)
if ok {
t.Fatal("should have returned false")
}
if !ok {
t.Fatal("should have returned true")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("should have not deleted a reaction")
}
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 {
t.Fatal("should have deleted reaction")
}
})
r1.PostId = GenerateTestId()
_, resp = Client.DeleteReaction(r1)
CheckForbiddenStatus(t, resp)
t.Run("delete-reaction-when-post-has-multiple-reactions", func(t *testing.T) {
th.App.SaveReactionForPost(r1)
th.App.SaveReactionForPost(r2)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("didn't save reactions correctly")
}
r1.PostId = "junk"
_, resp := Client.DeleteReaction(r2)
CheckNoError(t, resp)
_, resp = Client.DeleteReaction(r1)
CheckBadRequestStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 {
t.Fatal("should have deleted 1 reaction only")
}
})
r1.PostId = postId
r1.UserId = GenerateTestId()
t.Run("delete-reaction-when-plus-one-reaction-name", func(t *testing.T) {
th.App.SaveReactionForPost(r3)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("didn't save reactions correctly")
}
_, resp = Client.DeleteReaction(r1)
CheckForbiddenStatus(t, resp)
_, resp := Client.DeleteReaction(r3)
CheckNoError(t, resp)
r1.UserId = "junk"
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 || *reactions[0] != *r1 {
t.Fatal("should have deleted 1 reaction only")
}
})
_, resp = Client.DeleteReaction(r1)
CheckBadRequestStatus(t, resp)
t.Run("delete-reaction-made-by-another-user", func(t *testing.T) {
th.LoginBasic2()
th.App.SaveReactionForPost(r4)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("didn't save reaction correctly")
}
r1.UserId = userId
r1.EmojiName = ""
th.LoginBasic()
_, resp = Client.DeleteReaction(r1)
CheckNotFoundStatus(t, resp)
ok, resp := Client.DeleteReaction(r4)
CheckForbiddenStatus(t, resp)
r1.EmojiName = strings.Repeat("a", 65)
if ok {
t.Fatal("should have returned false")
}
_, resp = Client.DeleteReaction(r1)
CheckBadRequestStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 2 {
t.Fatal("should have not deleted a reaction")
}
})
Client.Logout()
r1.EmojiName = "smile"
t.Run("delete-reaction-from-not-existing-post-id", func(t *testing.T) {
r1.PostId = GenerateTestId()
_, resp := Client.DeleteReaction(r1)
CheckForbiddenStatus(t, resp)
})
_, resp = Client.DeleteReaction(r1)
CheckUnauthorizedStatus(t, resp)
t.Run("delete-reaction-from-not-valid-post-id", func(t *testing.T) {
r1.PostId = "junk"
_, resp = th.SystemAdminClient.DeleteReaction(r1)
CheckNoError(t, resp)
_, resp := Client.DeleteReaction(r1)
CheckBadRequestStatus(t, resp)
})
_, resp = th.SystemAdminClient.DeleteReaction(r4)
CheckNoError(t, resp)
t.Run("delete-reaction-from-not-existing-user-id", func(t *testing.T) {
r1.PostId = postId
r1.UserId = GenerateTestId()
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 {
t.Fatal("should have deleted both reactions")
}
_, resp := Client.DeleteReaction(r1)
CheckForbiddenStatus(t, resp)
})
t.Run("delete-reaction-from-not-valid-user-id", func(t *testing.T) {
r1.UserId = "junk"
_, resp := Client.DeleteReaction(r1)
CheckBadRequestStatus(t, resp)
})
t.Run("delete-reaction-with-empty-name", func(t *testing.T) {
r1.UserId = userId
r1.EmojiName = ""
_, resp := Client.DeleteReaction(r1)
CheckNotFoundStatus(t, resp)
})
t.Run("delete-reaction-with-not-existing-name", func(t *testing.T) {
r1.EmojiName = strings.Repeat("a", 65)
_, resp := Client.DeleteReaction(r1)
CheckBadRequestStatus(t, resp)
})
t.Run("delete-reaction-as-anonymous-user", func(t *testing.T) {
Client.Logout()
r1.EmojiName = "smile"
_, resp := Client.DeleteReaction(r1)
CheckUnauthorizedStatus(t, resp)
})
t.Run("delete-reaction-as-system-admin", func(t *testing.T) {
_, resp := th.SystemAdminClient.DeleteReaction(r1)
CheckNoError(t, resp)
_, resp = th.SystemAdminClient.DeleteReaction(r4)
CheckNoError(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 0 {
t.Fatal("should have deleted both reactions")
}
})
t.Run("unable-to-delete-reaction-without-permissions", func(t *testing.T) {
th.LoginBasic()
th.RemovePermissionFromRole(model.PERMISSION_REMOVE_REACTION.Id, model.CHANNEL_USER_ROLE_ID)
th.App.SaveReactionForPost(r1)
_, resp := Client.DeleteReaction(r1)
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("should have not deleted a reactions")
}
th.AddPermissionToRole(model.PERMISSION_REMOVE_REACTION.Id, model.CHANNEL_USER_ROLE_ID)
})
t.Run("unable-to-delete-others-reactions-without-permissions", func(t *testing.T) {
th.RemovePermissionFromRole(model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, model.SYSTEM_ADMIN_ROLE_ID)
th.App.SaveReactionForPost(r1)
_, resp := th.SystemAdminClient.DeleteReaction(r1)
CheckForbiddenStatus(t, resp)
if reactions, err := th.App.GetReactionsForPost(postId); err != nil || len(reactions) != 1 {
t.Fatal("should have not deleted a reactions")
}
th.AddPermissionToRole(model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, model.SYSTEM_ADMIN_ROLE_ID)
})
}

10
app/app_test.go
View File

@@ -106,6 +106,8 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
expected1 := map[string][]string{
"channel_user": []string{
model.PERMISSION_READ_CHANNEL.Id,
model.PERMISSION_ADD_REACTION.Id,
model.PERMISSION_REMOVE_REACTION.Id,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
model.PERMISSION_UPLOAD_FILE.Id,
model.PERMISSION_GET_PUBLIC_LINK.Id,
@@ -196,11 +198,14 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id,
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
model.PERMISSION_VIEW_TEAM.Id,
model.PERMISSION_READ_CHANNEL.Id,
model.PERMISSION_ADD_REACTION.Id,
model.PERMISSION_REMOVE_REACTION.Id,
model.PERMISSION_UPLOAD_FILE.Id,
model.PERMISSION_GET_PUBLIC_LINK.Id,
model.PERMISSION_CREATE_POST.Id,
@@ -265,6 +270,8 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
expected2 := map[string][]string{
"channel_user": []string{
model.PERMISSION_READ_CHANNEL.Id,
model.PERMISSION_ADD_REACTION.Id,
model.PERMISSION_REMOVE_REACTION.Id,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
model.PERMISSION_UPLOAD_FILE.Id,
model.PERMISSION_GET_PUBLIC_LINK.Id,
@@ -355,11 +362,14 @@ func TestDoAdvancedPermissionsMigration(t *testing.T) {
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id,
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
model.PERMISSION_VIEW_TEAM.Id,
model.PERMISSION_READ_CHANNEL.Id,
model.PERMISSION_ADD_REACTION.Id,
model.PERMISSION_REMOVE_REACTION.Id,
model.PERMISSION_UPLOAD_FILE.Id,
model.PERMISSION_GET_PUBLIC_LINK.Id,
model.PERMISSION_CREATE_POST.Id,

24
model/permission.go
View File

@@ -40,6 +40,9 @@ var PERMISSION_DELETE_PRIVATE_CHANNEL *Permission
var PERMISSION_EDIT_OTHER_USERS *Permission
var PERMISSION_READ_CHANNEL *Permission
var PERMISSION_READ_PUBLIC_CHANNEL *Permission
var PERMISSION_ADD_REACTION *Permission
var PERMISSION_REMOVE_REACTION *Permission
var PERMISSION_REMOVE_OTHERS_REACTIONS *Permission
var PERMISSION_PERMANENT_DELETE_USER *Permission
var PERMISSION_UPLOAD_FILE *Permission
var PERMISSION_GET_PUBLIC_LINK *Permission
@@ -222,6 +225,24 @@ func initializePermissions() {
"authentication.permissions.read_public_channel.description",
PERMISSION_SCOPE_TEAM,
}
PERMISSION_ADD_REACTION = &Permission{
"add_reaction",
"authentication.permissions.add_reaction.name",
"authentication.permissions.add_reaction.description",
PERMISSION_SCOPE_CHANNEL,
}
PERMISSION_REMOVE_REACTION = &Permission{
"remove_reaction",
"authentication.permissions.remove_reaction.name",
"authentication.permissions.remove_reaction.description",
PERMISSION_SCOPE_CHANNEL,
}
PERMISSION_REMOVE_OTHERS_REACTIONS = &Permission{
"remove_others_reactions",
"authentication.permissions.remove_others_reactions.name",
"authentication.permissions.remove_others_reactions.description",
PERMISSION_SCOPE_CHANNEL,
}
PERMISSION_PERMANENT_DELETE_USER = &Permission{
"permanent_delete_user",
"authentication.permissions.permanent_delete_user.name",
@@ -386,6 +407,9 @@ func initializePermissions() {
PERMISSION_EDIT_OTHER_USERS,
PERMISSION_READ_CHANNEL,
PERMISSION_READ_PUBLIC_CHANNEL,
PERMISSION_ADD_REACTION,
PERMISSION_REMOVE_REACTION,
PERMISSION_REMOVE_OTHERS_REACTIONS,
PERMISSION_PERMANENT_DELETE_USER,
PERMISSION_UPLOAD_FILE,
PERMISSION_GET_PUBLIC_LINK,

3
model/role.go
View File

@@ -178,6 +178,8 @@ func MakeDefaultRoles() map[string]*Role {
Description: "authentication.roles.channel_user.description",
Permissions: []string{
PERMISSION_READ_CHANNEL.Id,
PERMISSION_ADD_REACTION.Id,
PERMISSION_REMOVE_REACTION.Id,
PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
PERMISSION_UPLOAD_FILE.Id,
PERMISSION_GET_PUBLIC_LINK.Id,
@@ -331,6 +333,7 @@ func MakeDefaultRoles() map[string]*Role {
PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
PERMISSION_READ_USER_ACCESS_TOKEN.Id,
PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
PERMISSION_REMOVE_OTHERS_REACTIONS.Id,
},
roles[TEAM_USER_ROLE_ID].Permissions...,
),