Prevent system_admin role mistake (#4405)

2025-02-25 18:55:24 -06:00 · 2016-11-01 12:05:48 -04:00
parent 92642bab68
commit aa6cb03b20
3 changed files with 20 additions and 2 deletions
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -986,6 +986,10 @@ func TestUserUpdateRoles(t *testing.T) {
 		t.Fatal("Should have errored, bad id")
 	}

+	if _, err := Client.UpdateUserRoles("system_admin", ""); err == nil {
+		t.Fatal("Should have errored, we want to avoid this mistake")
+	}
+
 	if _, err := Client.UpdateUserRoles("12345678901234567890123456", ""); err == nil {
 		t.Fatal("Should have errored, bad id")
 	}
--- a/mattermost.go
+++ b/mattermost.go
@@ -706,6 +706,15 @@ func cmdAssignRole() {
 			os.Exit(1)
 		}

+		// Do some conversions
+		if flagRole == "system_admin" {
+			flagRole = "system_user system_admin"
+		}
+
+		if flagRole == "" {
+			flagRole = "system_user"
+		}
+
 		if !model.IsValidUserRoles(flagRole) {
 			fmt.Fprintln(os.Stderr, "flag invalid argument: -role")
 			flag.Usage()
@@ -1527,7 +1536,7 @@ FLAGS:

    -role="system_admin"              The role used in other commands
                                      valid values are
-                                        "" - The empty role is basic user
+                                        "system_user" - Is basic user
                                           permissions
                                        "system_admin" - Represents a system
                                           admin who has access to all teams
@@ -1572,7 +1581,7 @@ COMMANDS:
    -assign_role                      Assigns role to a user.  It requires the -role and
                                      -email flag.  You may need to log out
                                      of your current sessions for the new role to be
-                                      applied.
+                                      applied. For system admin use "system_admin". For Regular user just use "system_user".
        Example:
            platform -assign_role -email="user@example.com" -role="system_admin"

--- a/model/user.go
+++ b/model/user.go
@@ -337,6 +337,11 @@ func IsValidUserRoles(userRoles string) bool {
 		}
 	}

+	// Exclude just the system_admin role explicitly to prevent mistakes
+	if len(roles) == 1 && roles[0] == "system_admin" {
+		return false
+	}
+
 	return true
 }