IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
d6603ba7c052efc128bf290af0cf78ada45ba2cc
mattermost/utils/authorization.go
Joram Wilander 528f2dc6c3 Merge release-3.10 into master (#6654) 
* PLT-6787 Fixed being able to send a post before files finished uploading (#6617)

* Fix quick switcher for channels/users not stored locally (#6610)

* Fix button text on confirm mention modal (#6609)

* fix post delete permission of channel admin (#6608)

* open comment thread for the most recent reply-able message (#6605)

* Use mutex flag with yarn to prevent concurrent builds interfering (#6619)

* Use mutex flag with yarn to prevent concurrent builds interfering

* Remove yarn mutex file with clean

* Minor bug fixes (#6615)

* PLT-6774 - Fixing color for offline icon

* PLT-6784 - Fixing status icon

* Fixing icon margin

* Updating caret position

* PLT-6070 Have ChannelMentionProvider stop searching after a term returns no results (#6620)

* Fixing JS error (#6623)

* Minor bug fixes (#6622)

* PLT-6808 - Updating channel switcher on mobile

* PLT-6743 - Updating scrollbar styling

* Login instead of failing if user exists in OAuth sign-up flow (#6627)

* PLT-6802 Disable team switcher (#6626)

* Disable team switcher

* Fix ESLint errors

* PLT-6807 Ensured select teams page can scroll on iOS (#6630)

* Do not redirect from account switch pages on 401 (#6631)

* Fixing loadtest command and renaming to /test (#6624)

* PLT-6820 Update mattermost-redux dependency (#6632)

* translations PR 20170612 (#6629)

* Bump HTTP client timeout to 30 seconds (#6633)

* For team unreads return empty array instead of null (#6636)

* PLT-6831 Fix status modal localization IDs (#6637)

* Fix status modal localization IDs

* Update test snapshot
2017-06-15 11:05:43 -04:00

300 lines
8.5 KiB
Go
Raw Blame History

// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package utils
import (
"github.com/mattermost/platform/model"
)
func SetDefaultRolesBasedOnConfig() {
// Reset the roles to default to make this logic easier
model.InitalizeRoles()
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPublicChannelCreation {
case model.PERMISSIONS_ALL:
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
)
break
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
)
}
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPublicChannelManagement {
case model.PERMISSIONS_ALL:
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
)
break
case model.PERMISSIONS_CHANNEL_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
)
model.ROLE_CHANNEL_ADMIN.Permissions = append(
model.ROLE_CHANNEL_ADMIN.Permissions,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
)
break
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
)
}
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPublicChannelDeletion {
case model.PERMISSIONS_ALL:
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
)
break
case model.PERMISSIONS_CHANNEL_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
)
model.ROLE_CHANNEL_ADMIN.Permissions = append(
model.ROLE_CHANNEL_ADMIN.Permissions,
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
)
break
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
)
}
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPrivateChannelCreation {
case model.PERMISSIONS_ALL:
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
)
break
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
)
}
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPrivateChannelManagement {
case model.PERMISSIONS_ALL:
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
)
break
case model.PERMISSIONS_CHANNEL_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
)
model.ROLE_CHANNEL_ADMIN.Permissions = append(
model.ROLE_CHANNEL_ADMIN.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
)
break
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
)
}
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion {
case model.PERMISSIONS_ALL:
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
)
break
case model.PERMISSIONS_CHANNEL_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
)
model.ROLE_CHANNEL_ADMIN.Permissions = append(
model.ROLE_CHANNEL_ADMIN.Permissions,
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
)
break
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
)
}
// Restrict permissions for Private Channel Manage Members
if IsLicensed {
switch *Cfg.TeamSettings.RestrictPrivateChannelManageMembers {
case model.PERMISSIONS_ALL:
model.ROLE_CHANNEL_USER.Permissions = append(
model.ROLE_CHANNEL_USER.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
)
break
case model.PERMISSIONS_CHANNEL_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
)
model.ROLE_CHANNEL_ADMIN.Permissions = append(
model.ROLE_CHANNEL_ADMIN.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
)
break
case model.PERMISSIONS_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
)
break
}
} else {
model.ROLE_CHANNEL_USER.Permissions = append(
model.ROLE_CHANNEL_USER.Permissions,
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
)
}
if !*Cfg.ServiceSettings.EnableOnlyAdminIntegrations {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_MANAGE_WEBHOOKS.Id,
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
)
model.ROLE_SYSTEM_USER.Permissions = append(
model.ROLE_SYSTEM_USER.Permissions,
model.PERMISSION_MANAGE_OAUTH.Id,
)
}
// Grant permissions for inviting and adding users to a team.
if IsLicensed {
if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN {
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_INVITE_USER.Id,
model.PERMISSION_ADD_USER_TO_TEAM.Id,
)
} else if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL {
model.ROLE_SYSTEM_USER.Permissions = append(
model.ROLE_SYSTEM_USER.Permissions,
model.PERMISSION_INVITE_USER.Id,
model.PERMISSION_ADD_USER_TO_TEAM.Id,
)
}
} else {
model.ROLE_TEAM_USER.Permissions = append(
model.ROLE_TEAM_USER.Permissions,
model.PERMISSION_INVITE_USER.Id,
model.PERMISSION_ADD_USER_TO_TEAM.Id,
)
}
if IsLicensed {
switch *Cfg.ServiceSettings.RestrictPostDelete {
case model.PERMISSIONS_DELETE_POST_ALL:
model.ROLE_CHANNEL_USER.Permissions = append(
model.ROLE_CHANNEL_USER.Permissions,
model.PERMISSION_DELETE_POST.Id,
)
model.ROLE_CHANNEL_ADMIN.Permissions = append(
model.ROLE_CHANNEL_ADMIN.Permissions,
model.PERMISSION_DELETE_POST.Id,
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
)
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_POST.Id,
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
)
break
case model.PERMISSIONS_DELETE_POST_TEAM_ADMIN:
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_POST.Id,
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
)
break
}
} else {
model.ROLE_CHANNEL_USER.Permissions = append(
model.ROLE_CHANNEL_USER.Permissions,
model.PERMISSION_DELETE_POST.Id,
)
model.ROLE_TEAM_ADMIN.Permissions = append(
model.ROLE_TEAM_ADMIN.Permissions,
model.PERMISSION_DELETE_POST.Id,
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
)
}
if Cfg.TeamSettings.EnableTeamCreation {
model.ROLE_SYSTEM_USER.Permissions = append(
model.ROLE_SYSTEM_USER.Permissions,
model.PERMISSION_CREATE_TEAM.Id,
)
}
}
Reference in New Issue View Git Blame Copy Permalink