IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
8354206e5c3cabfbb6f0eee9874fd5c4f74a295c
mattermost/model/role_test.go
Martin Kraft 8354206e5c MM-25543: New Admin Roles (#14960) 
* MM-23832: Initial set of changes

* MM-23832: further iteration

* MM-23832: further iteration

* MM-23832: further iteration

* MM-23832: Fixes merge.

* create migration for new Roles

* MM-23832: Renames some roles.

* MM-23832: Adds ability to see logs.

* MM-23832: Removes manage roles from restricted admin.

* MM-23832: Make authentication section read-only for restricted admin.

* MM-23832: Allow restricted admin to purge caches.

* MM-23832: Adds ability to recycle DB connections.

* MM-23832: Adds ability to purge indexes.

* MM-23832: Adds ability to test email and S3 config.

* MM-23832: Adds abilituy to read job status.

* MM-23832: Adds ability to read plugin statuses.

* MM-23832: Renames Restricted Admin to System Manager.

* MM-23832: Adds manage team roles to system_user_manager.

* MM-23832: Updates some permissions.

* MM-23832: Allow get all channels and get moderations.

* MM-23832: Adds some permissions to User Manager.

* MM-23832: Remove write users from user manager.

* MM-23832: Changes permissions for the usermanagement > users sysconsole section.

* MM-23832: Removes read_settings and write_settings permissions. Ensures the usermanagement parent permissions encompass the sub-permissions.

* MM-23832: Updates permissions.

* MM-23832: Changes some permissions checks, adds new permissions to roles.

* MM-23832: Adds ability to update a role.

* MM-23832: Permissions updates.

* MM-23832: Removes write access to plugins for system manager.

* MM-23832: Removes read compliance from new roles.

* MM-23832: Adds mock for new roles creation migration.

* MM-23832: Changes to variadic param.

* MM-23832: Removes some duplication in the permissions model. Renames some permissions constants.

* MM-23832: Updates some migrations.

* MM-23832: Removes some unnecessary constants.

* MM-23832: Changes back to old app method name.

* MM-23832: Fixes incorrect permission check.

* MM-23832: Changes write to read permission check.

* MM-23832: Removes the authentication permission from link/unlink group.

* MM-23832: Enable testing LDAP with read permissions.

* MM-23832: Make testing elasticsearch a read permission.

* MM-23832: Warn metrics are associated to any system console read permissions.

* MM-23832: Updates some permissions checks.

* MM-23832: Removes non-systemconsole permissions from roles.

* MM-23832: Update default permission assignment of sysadmin.

* MM-23832: Fixes incorrect permission check. Removes some unused stuff.

* MM-23832: Update permission to check.

* MM-23832: Switches to struct tags.

* MM-23832: Adds some docs for the permissions tag.

* MM-23832: Removes whitespace.

* MM-23832: Combines system admin restricted access with other acess-control tag.

* MM-23832: Fixes some tests.

* MM-23832: Clarifies docs, does not assume prior permission check in '-' access value case.

* MM-23832: Updates to correct access tag value.

* MM-23832: Adds test of the config settings tag access.

* MM-23832: Undoes whitespace change.

* MM-23832: Removes comment.

* MM-23832: Adds the permissions to the new roles rather than using OR conditions on the permissions checks.

* MM-23832: Removes or condition on permission check.

* MM-23832: Updates mapping.

* MM-23832: Typo fix.

* MM-23832: Adds new 'read_jobs' permission.

* MM-23832: Add read_jobs to all roles with manage_jobs.

* MM-23832: Adds new permission read_other_users_teams.

* MM-23832: Adds read filtering of config.

* MM-23932: Change tag value.

* MM-23832: Fixes some tests. Adds test for read config access tag.

* MM-23832: Adds permissions to list teams.

* MM-23832: Removes the '-' tag value. Adds a new permission read_channel_groups. Updates a permission check.

* MM-23832: Removes unnecessary parent permission for user_management. Fixes permission check change error.

* MM-23832: Removes unused parameter to filter/merge function.

* MM-23832: Renames migration name.

* MM-23832: Fix for godoc.

* MM-23832: Fixes tests.

* MM-23832: Only makes a map once rather than every function call. Doesn't require access tag on config field structs. Reverts one test update and fixes another.

* MM-23832: Removes all of the unnecessary uses of (*App).SessionHasPermissionToAny since removing the user_management parent permission.

* MM-23832: Updates constant type.

* MM-23832: Removes unnecessary comment.

* MM-23832: Renames permissions.

* MM-23832: Fix for permission name changes.

* MM-23832: Adds missing config access tags. Adds some requirec ancillary permissions for write_usermanagement_teams.

* MM-23832: Adds local API endpoint for getting config.

* MM-23832: If tag value is blank or restrict_sys_admin_write then don't do the permission check.

* MM-23832: nil check for strings prior to dereferencing.

* MM-23832: Fix for config display logic.

* MM-23832: Updates godoc.

* MM-23832: Delays the unrestricted check for parity with other permissions checks if the channel id does not exist.

* MM-23832: Removes tautology.

* MM-23832: Re-adds status code check.

* MM-23832: Adds new permission to edit brand image.

* MM-23832: Exports variable for use by mmctl.

* MM-23832: Initialize exported map for use by mmctl.

* MM-23832: Accept deprecated permissions as valid.

* MM-23832: Adds missing permissions to archive a channel.

* MM-23832: Adds missing permissions for managing team.

* MM-23832: Properly filters config values in patch and update API responses.

* MM-23832: Fixes license viewing and writing permissions.

* MM-23832: Require license to assign 'new system roles'.

* MM-23832: Adds translation keys.

* MM-23832: Updates translation order.

* MM-27529: Splits read_channel_groups into read_public_channel_groups and read_private_channel_groups.

* MM-23832: Prevent read-only permissions from editing site url test parameter.

* MM-23832: Prevent read permissions from sniffing ports and elastic password.

* MM-23832: Adds missing permission required for write user management channels.

* MM-23832: Allows new roles to search for channels.

* MM-23832: Adds ability for system_manager to manage jobs.

* MM-23832: Cluster status access by sysconsole permission, not manage_system.

* MM-23832: Adds 'add_user_to_team' permission to sysconsole write usermanagement teams.

* MM-23832: Fixes lint.

* MM-23832: Test fix.

* MM-23832: Test fix.

Co-authored-by: Catalin Tomai <catalin.tomai@mattermost.com>
Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
2020-08-21 16:49:31 -04:00

279 lines
7.6 KiB
Go
Raw Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package model
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestChannelModeratedPermissionsChangedByPatch(t *testing.T) {
testCases := []struct {
Name string
Permissions []string
PatchPermissions []string
Expected []string
}{
{
"Empty patch returns empty slice",
[]string{},
[]string{},
[]string{},
},
{
"Adds permissions to empty initial permissions list",
[]string{},
[]string{PERMISSION_CREATE_POST.Id, PERMISSION_ADD_REACTION.Id},
[]string{ChannelModeratedPermissions[0], ChannelModeratedPermissions[1]},
},
{
"Ignores non moderated permissions in initial permissions list",
[]string{PERMISSION_ASSIGN_BOT.Id},
[]string{PERMISSION_CREATE_POST.Id, PERMISSION_REMOVE_REACTION.Id},
[]string{ChannelModeratedPermissions[0], ChannelModeratedPermissions[1]},
},
{
"Adds removed moderated permissions from initial permissions list",
[]string{PERMISSION_CREATE_POST.Id},
[]string{},
[]string{PERMISSION_CREATE_POST.Id},
},
{
"No changes returns empty slice",
[]string{PERMISSION_CREATE_POST.Id, PERMISSION_ASSIGN_BOT.Id},
[]string{PERMISSION_CREATE_POST.Id},
[]string{},
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
baseRole := &Role{Permissions: tc.Permissions}
rolePatch := &RolePatch{Permissions: &tc.PatchPermissions}
result := ChannelModeratedPermissionsChangedByPatch(baseRole, rolePatch)
assert.ElementsMatch(t, tc.Expected, result)
})
}
}
func TestRolePatchFromChannelModerationsPatch(t *testing.T) {
createPosts := ChannelModeratedPermissions[0]
createReactions := ChannelModeratedPermissions[1]
manageMembers := ChannelModeratedPermissions[2]
channelMentions := ChannelModeratedPermissions[3]
basePermissions := []string{
PERMISSION_ADD_REACTION.Id,
PERMISSION_REMOVE_REACTION.Id,
PERMISSION_CREATE_POST.Id,
PERMISSION_USE_CHANNEL_MENTIONS.Id,
PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
PERMISSION_UPLOAD_FILE.Id,
PERMISSION_GET_PUBLIC_LINK.Id,
PERMISSION_USE_SLASH_COMMANDS.Id,
}
baseModeratedPermissions := []string{
PERMISSION_ADD_REACTION.Id,
PERMISSION_REMOVE_REACTION.Id,
PERMISSION_CREATE_POST.Id,
PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
PERMISSION_USE_CHANNEL_MENTIONS.Id,
}
testCases := []struct {
Name string
Permissions []string
ChannelModerationsPatch []*ChannelModerationPatch
RoleName string
ExpectedPatchPermissions []string
}{
{
"Patch to member role adding a permission that already exists",
basePermissions,
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(true)},
},
},
"members",
baseModeratedPermissions,
},
{
"Patch to member role with moderation patch for guest role",
basePermissions,
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Guests: NewBool(true)},
},
},
"members",
baseModeratedPermissions,
},
{
"Patch to guest role with moderation patch for member role",
basePermissions,
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(true)},
},
},
"guests",
baseModeratedPermissions,
},
{
"Patch to member role removing multiple channel moderated permissions",
basePermissions,
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(false)},
},
{
Name: &manageMembers,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(false)},
},
{
Name: &channelMentions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(false)},
},
},
"members",
[]string{PERMISSION_CREATE_POST.Id},
},
{
"Patch to guest role removing multiple channel moderated permissions",
basePermissions,
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Guests: NewBool(false)},
},
{
Name: &manageMembers,
Roles: &ChannelModeratedRolesPatch{Guests: NewBool(false)},
},
{
Name: &channelMentions,
Roles: &ChannelModeratedRolesPatch{Guests: NewBool(false)},
},
},
"guests",
[]string{PERMISSION_CREATE_POST.Id},
},
{
"Patch enabling and removing multiple channel moderated permissions ",
[]string{PERMISSION_ADD_REACTION.Id, PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id},
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(false)},
},
{
Name: &manageMembers,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(false)},
},
{
Name: &channelMentions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(true)},
},
{
Name: &createPosts,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(true)},
},
},
"members",
[]string{PERMISSION_CREATE_POST.Id, PERMISSION_USE_CHANNEL_MENTIONS.Id},
},
{
"Patch enabling a partially enabled permission",
[]string{PERMISSION_ADD_REACTION.Id},
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(true)},
},
},
"members",
[]string{PERMISSION_ADD_REACTION.Id, PERMISSION_REMOVE_REACTION.Id},
},
{
"Patch disabling a partially disabled permission",
[]string{PERMISSION_ADD_REACTION.Id},
[]*ChannelModerationPatch{
{
Name: &createReactions,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(false)},
},
{
Name: &createPosts,
Roles: &ChannelModeratedRolesPatch{Members: NewBool(true)},
},
},
"members",
[]string{PERMISSION_CREATE_POST.Id},
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
baseRole := &Role{Permissions: tc.Permissions}
rolePatch := baseRole.RolePatchFromChannelModerationsPatch(tc.ChannelModerationsPatch, tc.RoleName)
assert.ElementsMatch(t, tc.ExpectedPatchPermissions, *rolePatch.Permissions)
})
}
}
func TestGetChannelModeratedPermissions(t *testing.T) {
tests := []struct {
Name string
Permissions []string
ChannelType string
Expected map[string]bool
}{
{
"Filters non moderated permissions",
[]string{PERMISSION_CREATE_BOT.Id},
CHANNEL_OPEN,
map[string]bool{},
},
{
"Returns a map of moderated permissions",
[]string{PERMISSION_CREATE_POST.Id, PERMISSION_ADD_REACTION.Id, PERMISSION_REMOVE_REACTION.Id, PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, PERMISSION_USE_CHANNEL_MENTIONS.Id},
CHANNEL_OPEN,
map[string]bool{
ChannelModeratedPermissions[0]: true,
ChannelModeratedPermissions[1]: true,
ChannelModeratedPermissions[2]: true,
ChannelModeratedPermissions[3]: true,
},
},
{
"Returns a map of moderated permissions when non moderated present",
[]string{PERMISSION_CREATE_POST.Id, PERMISSION_CREATE_DIRECT_CHANNEL.Id},
CHANNEL_OPEN,
map[string]bool{
ChannelModeratedPermissions[0]: true,
},
},
{
"Returns a nothing when no permissions present",
[]string{},
CHANNEL_OPEN,
map[string]bool{},
},
}
for _, tc := range tests {
t.Run(tc.Name, func(t *testing.T) {
role := &Role{Permissions: tc.Permissions}
moderatedPermissions := role.GetChannelModeratedPermissions(tc.ChannelType)
for permission := range moderatedPermissions {
assert.Equal(t, moderatedPermissions[permission], tc.Expected[permission])
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink