IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Mm 30807 granular data retention scaffold (#16891)" (#17437)

Browse Source 
This reverts commit 3ea75332e7.
This commit is contained in:
Agniva De Sarker
2021-04-18 22:41:50 +05:30
committed by GitHub
parent 3a13987ee1
commit e0efdd708b
49 changed files with 984 additions and 5079 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
api4/channel.go
View File

@@ -704,20 +704,11 @@ func getAllChannels(c *Context, w http.ResponseWriter, r *http.Request) {
c.SetPermissionError(permissions...)
return
}
// Only system managers may use the ExcludePolicyConstrained parameter
if c.Params.ExcludePolicyConstrained && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
opts := model.ChannelSearchOpts{
NotAssociatedToGroup: c.Params.NotAssociatedToGroup,
ExcludeDefaultChannels: c.Params.ExcludeDefaultChannels,
IncludeDeleted: c.Params.IncludeDeleted,
ExcludePolicyConstrained: c.Params.ExcludePolicyConstrained,
}
if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
opts.IncludePolicyID = true
NotAssociatedToGroup: c.Params.NotAssociatedToGroup,
ExcludeDefaultChannels: c.Params.ExcludeDefaultChannels,
IncludeDeleted: c.Params.IncludeDeleted,
}
channels, err := c.App.GetAllChannels(c.Params.Page, c.Params.PerPage, opts)
@@ -1022,11 +1013,6 @@ func searchAllChannels(c *Context, w http.ResponseWriter, r *http.Request) {
c.SetInvalidParam("channel_search")
return
}
// Only system managers may use the ExcludePolicyConstrained field
if props.ExcludePolicyConstrained && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_CHANNELS)
@@ -1036,21 +1022,17 @@ func searchAllChannels(c *Context, w http.ResponseWriter, r *http.Request) {
includeDeleted = includeDeleted || props.IncludeDeleted
opts := model.ChannelSearchOpts{
NotAssociatedToGroup: props.NotAssociatedToGroup,
ExcludeDefaultChannels: props.ExcludeDefaultChannels,
TeamIds: props.TeamIds,
GroupConstrained: props.GroupConstrained,
ExcludeGroupConstrained: props.ExcludeGroupConstrained,
ExcludePolicyConstrained: props.ExcludePolicyConstrained,
Public: props.Public,
Private: props.Private,
IncludeDeleted: includeDeleted,
Deleted: props.Deleted,
Page: props.Page,
PerPage: props.PerPage,
}
if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
opts.IncludePolicyID = true
NotAssociatedToGroup: props.NotAssociatedToGroup,
ExcludeDefaultChannels: props.ExcludeDefaultChannels,
TeamIds: props.TeamIds,
GroupConstrained: props.GroupConstrained,
ExcludeGroupConstrained: props.ExcludeGroupConstrained,
Public: props.Public,
Private: props.Private,
IncludeDeleted: includeDeleted,
Deleted: props.Deleted,
Page: props.Page,
PerPage: props.PerPage,
}
channels, totalCount, appErr := c.App.SearchAllChannels(props.Term, opts)

96
api4/channel_test.go
View File

@@ -1025,62 +1025,6 @@ func TestGetAllChannels(t *testing.T) {
_, resp := Client.GetAllChannels(0, 20, "")
CheckForbiddenStatus(t, resp)
sysManagerChannels, resp := th.SystemManagerClient.GetAllChannels(0, 10000, "")
CheckOKStatus(t, resp)
policyChannel := (*sysManagerChannels)[0]
policy, savePolicyErr := th.App.Srv().Store.RetentionPolicy().Save(&model.RetentionPolicyWithTeamAndChannelIDs{
RetentionPolicy: model.RetentionPolicy{
DisplayName: "Policy 1",
PostDuration: model.NewInt64(30),
},
ChannelIDs: []string{policyChannel.Id},
})
require.NoError(t, savePolicyErr)
t.Run("exclude policy constrained", func(t *testing.T) {
_, resp := th.SystemManagerClient.GetAllChannelsExcludePolicyConstrained(0, 10000, "")
CheckForbiddenStatus(t, resp)
channels, resp := th.SystemAdminClient.GetAllChannelsExcludePolicyConstrained(0, 10000, "")
CheckOKStatus(t, resp)
found := false
for _, channel := range *channels {
if channel.Id == policyChannel.Id {
found = true
break
}
}
require.False(t, found)
})
t.Run("does not return policy ID", func(t *testing.T) {
channels, resp := th.SystemManagerClient.GetAllChannels(0, 10000, "")
CheckOKStatus(t, resp)
found := false
for _, channel := range *channels {
if channel.Id == policyChannel.Id {
found = true
require.Nil(t, channel.PolicyID)
break
}
}
require.True(t, found)
})
t.Run("returns policy ID", func(t *testing.T) {
channels, resp := th.SystemAdminClient.GetAllChannels(0, 10000, "")
CheckOKStatus(t, resp)
found := false
for _, channel := range *channels {
if channel.Id == policyChannel.Id {
found = true
require.Equal(t, *channel.PolicyID, policy.ID)
break
}
}
require.True(t, found)
})
}
func TestGetAllChannelsWithCount(t *testing.T) {
@@ -1446,46 +1390,6 @@ func TestSearchAllChannels(t *testing.T) {
_, resp = Client.SearchAllChannels(&model.ChannelSearch{Term: ""})
CheckForbiddenStatus(t, resp)
// Choose a policy which the system manager can read
sysManagerChannels, resp := th.SystemManagerClient.GetAllChannels(0, 10000, "")
CheckOKStatus(t, resp)
policyChannel := (*sysManagerChannels)[0]
policy, savePolicyErr := th.App.Srv().Store.RetentionPolicy().Save(&model.RetentionPolicyWithTeamAndChannelIDs{
RetentionPolicy: model.RetentionPolicy{
DisplayName: "Policy 1",
PostDuration: model.NewInt64(30),
},
ChannelIDs: []string{policyChannel.Id},
})
require.NoError(t, savePolicyErr)
t.Run("does not return policy ID", func(t *testing.T) {
channels, resp := th.SystemManagerClient.SearchAllChannels(&model.ChannelSearch{Term: policyChannel.Name})
CheckOKStatus(t, resp)
found := false
for _, channel := range *channels {
if channel.Id == policyChannel.Id {
found = true
require.Nil(t, channel.PolicyID)
break
}
}
require.True(t, found)
})
t.Run("returns policy ID", func(t *testing.T) {
channels, resp := th.SystemAdminClient.SearchAllChannels(&model.ChannelSearch{Term: policyChannel.Name})
CheckOKStatus(t, resp)
found := false
for _, channel := range *channels {
if channel.Id == policyChannel.Id {
found = true
require.Equal(t, *channel.PolicyID, policy.ID)
break
}
}
require.True(t, found)
})
}
func TestSearchAllChannelsPaged(t *testing.T) {

422
api4/data_retention.go
View File

@@ -4,435 +4,21 @@
package api4
import (
"encoding/json"
"net/http"
"github.com/mattermost/mattermost-server/v5/audit"
"github.com/mattermost/mattermost-server/v5/model"
)
func (api *API) InitDataRetention() {
api.BaseRoutes.DataRetention.Handle("/policy", api.ApiSessionRequired(getGlobalPolicy)).Methods("GET")
api.BaseRoutes.DataRetention.Handle("/policies", api.ApiSessionRequired(getPolicies)).Methods("GET")
api.BaseRoutes.DataRetention.Handle("/policies_count", api.ApiSessionRequired(getPoliciesCount)).Methods("GET")
api.BaseRoutes.DataRetention.Handle("/policies", api.ApiSessionRequired(createPolicy)).Methods("POST")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getPolicy)).Methods("GET")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}", api.ApiSessionRequired(patchPolicy)).Methods("PATCH")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}", api.ApiSessionRequired(deletePolicy)).Methods("DELETE")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequired(getTeamsForPolicy)).Methods("GET")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequired(addTeamsToPolicy)).Methods("POST")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams", api.ApiSessionRequired(removeTeamsFromPolicy)).Methods("DELETE")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/teams/search", api.ApiSessionRequired(searchTeamsInPolicy)).Methods("POST")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForPolicy)).Methods("GET")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(addChannelsToPolicy)).Methods("POST")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(removeChannelsFromPolicy)).Methods("DELETE")
api.BaseRoutes.DataRetention.Handle("/policies/{policy_id:[A-Za-z0-9]+}/channels/search", api.ApiSessionRequired(searchChannelsInPolicy)).Methods("POST")
api.BaseRoutes.User.Handle("/data_retention/team_policies", api.ApiSessionRequired(getTeamPoliciesForUser)).Methods("GET")
api.BaseRoutes.User.Handle("/data_retention/channel_policies", api.ApiSessionRequired(getChannelPoliciesForUser)).Methods("GET")
}
func getGlobalPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
// No permission check required.
policy, err := c.App.GetGlobalRetentionPolicy()
if err != nil {
c.Err = err
return
}
w.Write(policy.ToJson())
}
func getPolicies(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
limit := c.Params.PerPage
offset := c.Params.Page * limit
policies, err := c.App.GetRetentionPolicies(offset, limit)
if err != nil {
c.Err = err
return
}
w.Write(policies.ToJson())
}
func getPoliciesCount(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
count, err := c.App.GetRetentionPoliciesCount()
if err != nil {
c.Err = err
return
}
body := map[string]int64{"total_count": count}
b, _ := json.Marshal(body)
w.Write(b)
api.BaseRoutes.DataRetention.Handle("/policy", api.ApiSessionRequired(getPolicy)).Methods("GET")
}
func getPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
// No permission check required.
c.RequirePolicyId()
policy, err := c.App.GetRetentionPolicy(c.Params.PolicyId)
if err != nil {
c.Err = err
return
}
w.Write(policy.ToJson())
}
func createPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
policy, jsonErr := model.RetentionPolicyWithTeamAndChannelIdsFromJson(r.Body)
if jsonErr != nil {
c.SetInvalidParam("policy")
return
}
auditRec := c.MakeAuditRecord("createPolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("policy", policy)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
newPolicy, err := c.App.CreateRetentionPolicy(policy)
policy, err := c.App.GetDataRetentionPolicy()
if err != nil {
c.Err = err
return
}
auditRec.AddMeta("policy", newPolicy) // overwrite meta
auditRec.Success()
w.WriteHeader(http.StatusCreated)
w.Write(newPolicy.ToJson())
}
func patchPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
patch, jsonErr := model.RetentionPolicyWithTeamAndChannelIdsFromJson(r.Body)
if jsonErr != nil {
c.SetInvalidParam("policy")
}
c.RequirePolicyId()
patch.ID = c.Params.PolicyId
auditRec := c.MakeAuditRecord("patchPolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("patch", patch)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
policy, err := c.App.PatchRetentionPolicy(patch)
if err != nil {
c.Err = err
return
}
auditRec.Success()
w.Write(policy.ToJson())
}
func deletePolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
policyId := c.Params.PolicyId
auditRec := c.MakeAuditRecord("deletePolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("policy_id", policyId)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
err := c.App.DeleteRetentionPolicy(policyId)
if err != nil {
c.Err = err
return
}
auditRec.Success()
ReturnStatusOK(w)
}
func getTeamsForPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
c.RequirePolicyId()
policyId := c.Params.PolicyId
limit := c.Params.PerPage
offset := c.Params.Page * limit
teams, err := c.App.GetTeamsForRetentionPolicy(policyId, offset, limit)
if err != nil {
c.Err = err
return
}
b, jsonErr := json.Marshal(teams)
if jsonErr != nil {
c.Err = model.NewAppError("Api4.getTeamsForPolicy", "api.marshal_error", nil, jsonErr.Error(), http.StatusInternalServerError)
return
}
w.Write(b)
}
func searchTeamsInPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
props := model.TeamSearchFromJson(r.Body)
if props == nil {
c.SetInvalidParam("team_search")
return
}
props.PolicyID = model.NewString(c.Params.PolicyId)
props.IncludePolicyID = model.NewBool(true)
teams, _, err := c.App.SearchAllTeams(props)
if err != nil {
c.Err = err
return
}
c.App.SanitizeTeams(*c.App.Session(), teams)
payload := []byte(model.TeamListToJson(teams))
w.Write(payload)
}
func addTeamsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
policyId := c.Params.PolicyId
var teamIDs []string
jsonErr := json.NewDecoder(r.Body).Decode(&teamIDs)
if jsonErr != nil {
c.SetInvalidParam("team_ids")
return
}
auditRec := c.MakeAuditRecord("addTeamsToPolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("policy_id", policyId)
auditRec.AddMeta("team_ids", teamIDs)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
err := c.App.AddTeamsToRetentionPolicy(policyId, teamIDs)
if err != nil {
c.Err = err
return
}
auditRec.Success()
ReturnStatusOK(w)
}
func removeTeamsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
policyId := c.Params.PolicyId
var teamIDs []string
jsonErr := json.NewDecoder(r.Body).Decode(&teamIDs)
if jsonErr != nil {
c.SetInvalidParam("team_ids")
return
}
auditRec := c.MakeAuditRecord("removeTeamsFromPolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("policy_id", policyId)
auditRec.AddMeta("team_ids", teamIDs)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
err := c.App.RemoveTeamsFromRetentionPolicy(policyId, teamIDs)
if err != nil {
c.Err = err
return
}
auditRec.Success()
ReturnStatusOK(w)
}
func getChannelsForPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
c.RequirePolicyId()
policyId := c.Params.PolicyId
limit := c.Params.PerPage
offset := c.Params.Page * limit
channels, err := c.App.GetChannelsForRetentionPolicy(policyId, offset, limit)
if err != nil {
c.Err = err
return
}
b, jsonErr := json.Marshal(channels)
if jsonErr != nil {
c.Err = model.NewAppError("Api4.getChannelsForPolicy", "api.marshal_error", nil, jsonErr.Error(), http.StatusInternalServerError)
return
}
w.Write(b)
}
func searchChannelsInPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
props := model.ChannelSearchFromJson(r.Body)
if props == nil {
c.SetInvalidParam("channel_search")
return
}
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
opts := model.ChannelSearchOpts{
PolicyID: c.Params.PolicyId,
IncludePolicyID: true,
Deleted: props.Deleted,
IncludeDeleted: props.IncludeDeleted,
Public: props.Public,
Private: props.Private,
TeamIds: props.TeamIds,
}
channels, _, appErr := c.App.SearchAllChannels(props.Term, opts)
if appErr != nil {
c.Err = appErr
return
}
payload := []byte(channels.ToJson())
w.Write(payload)
}
func addChannelsToPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
policyId := c.Params.PolicyId
var channelIDs []string
jsonErr := json.NewDecoder(r.Body).Decode(&channelIDs)
if jsonErr != nil {
c.SetInvalidParam("channel_ids")
return
}
auditRec := c.MakeAuditRecord("addChannelsToPolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("policy_id", policyId)
auditRec.AddMeta("channel_ids", channelIDs)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
err := c.App.AddChannelsToRetentionPolicy(policyId, channelIDs)
if err != nil {
c.Err = err
return
}
auditRec.Success()
ReturnStatusOK(w)
}
func removeChannelsFromPolicy(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequirePolicyId()
policyId := c.Params.PolicyId
var channelIDs []string
jsonErr := json.NewDecoder(r.Body).Decode(&channelIDs)
if jsonErr != nil {
c.SetInvalidParam("channel_ids")
return
}
auditRec := c.MakeAuditRecord("removeChannelsFromPolicy", audit.Fail)
defer c.LogAuditRec(auditRec)
auditRec.AddMeta("policy_id", policyId)
auditRec.AddMeta("channel_ids", channelIDs)
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_WRITE_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
err := c.App.RemoveChannelsFromRetentionPolicy(policyId, channelIDs)
if err != nil {
c.Err = err
return
}
auditRec.Success()
ReturnStatusOK(w)
}
func getTeamPoliciesForUser(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequireUserId()
if c.Err != nil {
return
}
userID := c.Params.UserId
limit := c.Params.PerPage
offset := c.Params.Page * limit
if userID != c.App.Session().UserId && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
policies, err := c.App.GetTeamPoliciesForUser(userID, offset, limit)
if err != nil {
c.Err = err
return
}
w.Write(policies.ToJson())
}
func getChannelPoliciesForUser(c *Context, w http.ResponseWriter, r *http.Request) {
c.RequireUserId()
if c.Err != nil {
return
}
userID := c.Params.UserId
limit := c.Params.PerPage
offset := c.Params.Page * limit
if userID != c.App.Session().UserId && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
return
}
policies, err := c.App.GetChannelPoliciesForUser(userID, offset, limit)
if err != nil {
c.Err = err
return
}
w.Write(policies.ToJson())
w.Write([]byte(policy.ToJson()))
}

60
api4/team.go
View File

@@ -955,37 +955,29 @@ func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) {
var err *model.AppError
var teamsWithCount *model.TeamsWithCount
opts := &model.TeamSearch{}
if c.Params.ExcludePolicyConstrained {
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
opts.ExcludePolicyConstrained = model.NewBool(true)
}
if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
opts.IncludePolicyID = model.NewBool(true)
}
listPrivate := c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_LIST_PRIVATE_TEAMS)
listPublic := c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_LIST_PUBLIC_TEAMS)
limit := c.Params.PerPage
offset := limit * c.Params.Page
if listPrivate && listPublic {
if c.Params.IncludeTotalCount {
teamsWithCount, err = c.App.GetAllTeamsPageWithCount(c.Params.Page*c.Params.PerPage, c.Params.PerPage)
} else {
teams, err = c.App.GetAllTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage)
}
} else if listPrivate {
opts.AllowOpenInvite = model.NewBool(false)
if c.Params.IncludeTotalCount {
teamsWithCount, err = c.App.GetAllPrivateTeamsPageWithCount(c.Params.Page*c.Params.PerPage, c.Params.PerPage)
} else {
teams, err = c.App.GetAllPrivateTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage)
}
} else if listPublic {
opts.AllowOpenInvite = model.NewBool(true)
if c.Params.IncludeTotalCount {
teamsWithCount, err = c.App.GetAllPublicTeamsPageWithCount(c.Params.Page*c.Params.PerPage, c.Params.PerPage)
} else {
teams, err = c.App.GetAllPublicTeamsPage(c.Params.Page*c.Params.PerPage, c.Params.PerPage)
}
} else {
// The user doesn't have permissions to list private as well as public teams.
c.Err = model.NewAppError("getAllTeams", "api.team.get_all_teams.insufficient_permissions", nil, "", http.StatusForbidden)
return
}
if c.Params.IncludeTotalCount {
teamsWithCount, err = c.App.GetAllTeamsPageWithCount(offset, limit, opts)
} else {
teams, err = c.App.GetAllTeamsPage(offset, limit, opts)
err = model.NewAppError("getAllTeams", "api.team.get_all_teams.insufficient_permissions", nil, "", http.StatusForbidden)
}
if err != nil {
c.Err = err
@@ -999,7 +991,7 @@ func getAllTeams(c *Context, w http.ResponseWriter, r *http.Request) {
if c.Params.IncludeTotalCount {
resBody = model.TeamsWithCountToJson(teamsWithCount)
} else {
resBody = model.ToJson(teams)
resBody = []byte(model.TeamListToJson(teams))
}
w.Write(resBody)
@@ -1011,16 +1003,6 @@ func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) {
c.SetInvalidParam("team_search")
return
}
// Only system managers may use the ExcludePolicyConstrained field
if props.ExcludePolicyConstrained != nil && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY)
return
}
// policy ID may only be used through the /data_retention/policies endpoint
props.PolicyID = nil
if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_COMPLIANCE_DATA_RETENTION_POLICY) {
props.IncludePolicyID = model.NewBool(true)
}
var teams []*model.Team
var totalCount int64
@@ -1033,13 +1015,13 @@ func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = model.NewAppError("searchTeams", "api.team.search_teams.pagination_not_implemented.private_team_search", nil, "", http.StatusNotImplemented)
return
}
teams, err = c.App.SearchPrivateTeams(props)
teams, err = c.App.SearchPrivateTeams(props.Term)
} else if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_LIST_PUBLIC_TEAMS) {
if props.Page != nil || props.PerPage != nil {
c.Err = model.NewAppError("searchTeams", "api.team.search_teams.pagination_not_implemented.public_team_search", nil, "", http.StatusNotImplemented)
return
}
teams, err = c.App.SearchPublicTeams(props)
teams, err = c.App.SearchPublicTeams(props.Term)
} else {
teams = []*model.Team{}
}
@@ -1053,8 +1035,8 @@ func searchTeams(c *Context, w http.ResponseWriter, r *http.Request) {
var payload []byte
if props.Page != nil && props.PerPage != nil {
twc := map[string]interface{}{"teams": teams, "total_count": totalCount}
payload = model.ToJson(twc)
twc := &model.TeamsWithCount{Teams: teams, TotalCount: totalCount}
payload = model.TeamsWithCountToJson(twc)
} else {
payload = []byte(model.TeamListToJson(teams))
}

114
api4/team_test.go
View File

@@ -1007,76 +1007,6 @@ func TestGetAllTeams(t *testing.T) {
require.Len(t, teams, 5)
})
// Choose a team which the system manager can access
sysManagerTeams, resp := th.SystemManagerClient.GetAllTeams("", 0, 10000)
CheckOKStatus(t, resp)
policyTeam := sysManagerTeams[0]
// If no policies exist, GetAllTeamsExcludePolicyConstrained should return everything
t.Run("exclude policy constrained, without policy", func(t *testing.T) {
_, excludeConstrainedResp := Client.GetAllTeamsExcludePolicyConstrained("", 0, 100)
CheckForbiddenStatus(t, excludeConstrainedResp)
teams, excludeConstrainedResp := th.SystemAdminClient.GetAllTeamsExcludePolicyConstrained("", 0, 100)
CheckOKStatus(t, excludeConstrainedResp)
found := false
for _, team := range teams {
if team.Id == policyTeam.Id {
found = true
break
}
}
require.True(t, found)
})
// Now actually create the policy and assign the team to it
policy, savePolicyErr := th.App.Srv().Store.RetentionPolicy().Save(&model.RetentionPolicyWithTeamAndChannelIDs{
RetentionPolicy: model.RetentionPolicy{
DisplayName: "Policy 1",
PostDuration: model.NewInt64(30),
},
TeamIDs: []string{policyTeam.Id},
})
require.NoError(t, savePolicyErr)
// This time, the team shouldn't be returned
t.Run("exclude policy constrained, with policy", func(t *testing.T) {
teams, excludeConstrainedResp := th.SystemAdminClient.GetAllTeamsExcludePolicyConstrained("", 0, 100)
CheckOKStatus(t, excludeConstrainedResp)
found := false
for _, team := range teams {
if team.Id == policyTeam.Id {
found = true
break
}
}
require.False(t, found)
})
t.Run("does not return policy ID", func(t *testing.T) {
teams, sysManagerResp := th.SystemManagerClient.GetAllTeams("", 0, 100)
CheckOKStatus(t, sysManagerResp)
found := false
for _, team := range teams {
if team.Id == policyTeam.Id {
found = true
require.Nil(t, team.PolicyID)
break
}
}
require.True(t, found)
})
t.Run("returns policy ID", func(t *testing.T) {
teams, sysAdminResp := th.SystemAdminClient.GetAllTeams("", 0, 100)
CheckOKStatus(t, sysAdminResp)
found := false
for _, team := range teams {
if team.Id == policyTeam.Id {
found = true
require.Equal(t, *team.PolicyID, policy.ID)
break
}
}
require.True(t, found)
})
t.Run("Unauthorized", func(t *testing.T) {
Client.Logout()
_, resp = Client.GetAllTeams("", 1, 10)
@@ -1285,7 +1215,7 @@ func TestSearchAllTeams(t *testing.T) {
th.LoginBasic()
th.TestForAllClients(t, func(t *testing.T, client *model.Client4) {
rteams, resp = client.SearchTeams(&model.TeamSearch{Term: oTeam.Name})
rteams, resp := client.SearchTeams(&model.TeamSearch{Term: oTeam.Name})
CheckNoError(t, resp)
require.Len(t, rteams, 1, "should have returned 1 team")
require.Equal(t, oTeam.Id, rteams[0].Id, "invalid team")
@@ -1301,7 +1231,7 @@ func TestSearchAllTeams(t *testing.T) {
})
th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) {
rteams, resp = client.SearchTeams(&model.TeamSearch{Term: oTeam.Name})
rteams, resp := client.SearchTeams(&model.TeamSearch{Term: oTeam.Name})
CheckNoError(t, resp)
require.Len(t, rteams, 1, "should have returned 1 team")
@@ -1309,46 +1239,6 @@ func TestSearchAllTeams(t *testing.T) {
CheckNoError(t, resp)
require.Len(t, rteams, 1, "should have returned 1 team")
})
// Choose a team which the system manager can access
sysManagerTeams, resp := th.SystemManagerClient.GetAllTeams("", 0, 10000)
CheckOKStatus(t, resp)
policyTeam := sysManagerTeams[0]
// Now actually create the policy and assign the team to it
policy, savePolicyErr := th.App.Srv().Store.RetentionPolicy().Save(&model.RetentionPolicyWithTeamAndChannelIDs{
RetentionPolicy: model.RetentionPolicy{
DisplayName: "Policy 1",
PostDuration: model.NewInt64(30),
},
TeamIDs: []string{policyTeam.Id},
})
require.NoError(t, savePolicyErr)
t.Run("does not return policy ID", func(t *testing.T) {
teams, sysManagerResp := th.SystemManagerClient.SearchTeams(&model.TeamSearch{Term: policyTeam.Name})
CheckOKStatus(t, sysManagerResp)
found := false
for _, team := range teams {
if team.Id == policyTeam.Id {
found = true
require.Nil(t, team.PolicyID)
break
}
}
require.True(t, found)
})
t.Run("returns policy ID", func(t *testing.T) {
teams, sysAdminResp := th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: policyTeam.Name})
CheckOKStatus(t, sysAdminResp)
found := false
for _, team := range teams {
if team.Id == policyTeam.Id {
found = true
require.Equal(t, *team.PolicyID, policy.ID)
break
}
}
require.True(t, found)
})
}
func TestSearchAllTeamsPaged(t *testing.T) {