mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
847f30a13b
* MM-11707: Removes edit_others_posts permission from the team_admin role in MakeDefaultRoles(). * MM-11707: Tests fix. * MM-11707: Update test store. * MM-11707: Allow to change the permission for edit the others posts on TE * Fixing tests
591 lines
20 KiB
Go
591 lines
20 KiB
Go
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package app
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/mattermost/mattermost-server/mlog"
|
|
"github.com/mattermost/mattermost-server/model"
|
|
"github.com/mattermost/mattermost-server/store/storetest"
|
|
"github.com/mattermost/mattermost-server/utils"
|
|
)
|
|
|
|
func TestMain(m *testing.M) {
|
|
flag.Parse()
|
|
|
|
// Setup a global logger to catch tests logging outside of app context
|
|
// The global logger will be stomped by apps initalizing but that's fine for testing. Ideally this won't happen.
|
|
mlog.InitGlobalLogger(mlog.NewLogger(&mlog.LoggerConfiguration{
|
|
EnableConsole: true,
|
|
ConsoleJson: true,
|
|
ConsoleLevel: "error",
|
|
EnableFile: false,
|
|
}))
|
|
|
|
utils.TranslationsPreInit()
|
|
|
|
// In the case where a dev just wants to run a single test, it's faster to just use the default
|
|
// store.
|
|
if filter := flag.Lookup("test.run").Value.String(); filter != "" && filter != "." {
|
|
mlog.Info("-test.run used, not creating temporary containers")
|
|
os.Exit(m.Run())
|
|
}
|
|
|
|
status := 0
|
|
|
|
container, settings, err := storetest.NewMySQLContainer()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
UseTestStore(container, settings)
|
|
|
|
defer func() {
|
|
StopTestStore()
|
|
os.Exit(status)
|
|
}()
|
|
|
|
status = m.Run()
|
|
}
|
|
|
|
/* Temporarily comment out until MM-11108
|
|
func TestAppRace(t *testing.T) {
|
|
for i := 0; i < 10; i++ {
|
|
a, err := New()
|
|
require.NoError(t, err)
|
|
a.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ListenAddress = ":0" })
|
|
serverErr := a.StartServer()
|
|
require.NoError(t, serverErr)
|
|
a.Shutdown()
|
|
}
|
|
}
|
|
*/
|
|
|
|
func TestUpdateConfig(t *testing.T) {
|
|
th := Setup()
|
|
defer th.TearDown()
|
|
|
|
prev := *th.App.Config().ServiceSettings.SiteURL
|
|
|
|
th.App.AddConfigListener(func(old, current *model.Config) {
|
|
assert.Equal(t, prev, *old.ServiceSettings.SiteURL)
|
|
assert.Equal(t, "foo", *current.ServiceSettings.SiteURL)
|
|
})
|
|
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.ServiceSettings.SiteURL = "foo"
|
|
})
|
|
}
|
|
|
|
func TestDoAdvancedPermissionsMigration(t *testing.T) {
|
|
th := Setup()
|
|
defer th.TearDown()
|
|
|
|
if testStoreSqlSupplier == nil {
|
|
t.Skip("This test requires a TestStore to be run.")
|
|
}
|
|
|
|
th.ResetRoleMigration()
|
|
|
|
th.App.DoAdvancedPermissionsMigration()
|
|
|
|
roleNames := []string{
|
|
"system_user",
|
|
"system_admin",
|
|
"team_user",
|
|
"team_admin",
|
|
"channel_user",
|
|
"channel_admin",
|
|
"system_post_all",
|
|
"system_post_all_public",
|
|
"system_user_access_token",
|
|
"team_post_all",
|
|
"team_post_all_public",
|
|
}
|
|
|
|
roles1, err1 := th.App.GetRolesByNames(roleNames)
|
|
assert.Nil(t, err1)
|
|
assert.Equal(t, len(roles1), len(roleNames))
|
|
|
|
expected1 := map[string][]string{
|
|
"channel_user": []string{
|
|
model.PERMISSION_READ_CHANNEL.Id,
|
|
model.PERMISSION_ADD_REACTION.Id,
|
|
model.PERMISSION_REMOVE_REACTION.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_UPLOAD_FILE.Id,
|
|
model.PERMISSION_GET_PUBLIC_LINK.Id,
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
model.PERMISSION_USE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_EDIT_POST.Id,
|
|
},
|
|
"channel_admin": []string{
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
},
|
|
"team_user": []string{
|
|
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
|
|
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
|
|
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_VIEW_TEAM.Id,
|
|
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_INVITE_USER.Id,
|
|
model.PERMISSION_ADD_USER_TO_TEAM.Id,
|
|
},
|
|
"team_post_all": []string{
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
},
|
|
"team_post_all_public": []string{
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
},
|
|
"team_admin": []string{
|
|
model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM.Id,
|
|
model.PERMISSION_IMPORT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM_ROLES.Id,
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
|
|
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_WEBHOOKS.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
|
|
},
|
|
"system_user": []string{
|
|
model.PERMISSION_CREATE_DIRECT_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_GROUP_CHANNEL.Id,
|
|
model.PERMISSION_PERMANENT_DELETE_USER.Id,
|
|
model.PERMISSION_CREATE_TEAM.Id,
|
|
},
|
|
"system_post_all": []string{
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
},
|
|
"system_post_all_public": []string{
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
},
|
|
"system_user_access_token": []string{
|
|
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
|
|
},
|
|
"system_admin": []string{
|
|
model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id,
|
|
model.PERMISSION_MANAGE_SYSTEM.Id,
|
|
model.PERMISSION_MANAGE_ROLES.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
|
|
model.PERMISSION_EDIT_OTHER_USERS.Id,
|
|
model.PERMISSION_EDIT_OTHERS_POSTS.Id,
|
|
model.PERMISSION_MANAGE_OAUTH.Id,
|
|
model.PERMISSION_INVITE_USER.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
|
|
model.PERMISSION_CREATE_TEAM.Id,
|
|
model.PERMISSION_ADD_USER_TO_TEAM.Id,
|
|
model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_JOBS.Id,
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
model.PERMISSION_CREATE_POST_EPHEMERAL.Id,
|
|
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id,
|
|
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
|
|
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
|
|
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_VIEW_TEAM.Id,
|
|
model.PERMISSION_READ_CHANNEL.Id,
|
|
model.PERMISSION_ADD_REACTION.Id,
|
|
model.PERMISSION_REMOVE_REACTION.Id,
|
|
model.PERMISSION_UPLOAD_FILE.Id,
|
|
model.PERMISSION_GET_PUBLIC_LINK.Id,
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
model.PERMISSION_USE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM.Id,
|
|
model.PERMISSION_IMPORT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM_ROLES.Id,
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_WEBHOOKS.Id,
|
|
model.PERMISSION_EDIT_POST.Id,
|
|
},
|
|
}
|
|
|
|
// Check the migration matches what's expected.
|
|
for name, permissions := range expected1 {
|
|
role, err := th.App.GetRoleByName(name)
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, role.Permissions, permissions)
|
|
}
|
|
|
|
// Add a license and change the policy config.
|
|
restrictPublicChannel := *th.App.Config().TeamSettings.RestrictPublicChannelManagement
|
|
restrictPrivateChannel := *th.App.Config().TeamSettings.RestrictPrivateChannelManagement
|
|
|
|
defer func() {
|
|
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPublicChannelManagement = restrictPublicChannel })
|
|
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictPrivateChannelManagement = restrictPrivateChannel })
|
|
}()
|
|
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.TeamSettings.RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN
|
|
})
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.TeamSettings.RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN
|
|
})
|
|
th.App.SetLicense(model.NewTestLicense())
|
|
|
|
// Check the migration doesn't change anything if run again.
|
|
th.App.DoAdvancedPermissionsMigration()
|
|
|
|
roles2, err2 := th.App.GetRolesByNames(roleNames)
|
|
assert.Nil(t, err2)
|
|
assert.Equal(t, len(roles2), len(roleNames))
|
|
|
|
for name, permissions := range expected1 {
|
|
role, err := th.App.GetRoleByName(name)
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, permissions, role.Permissions)
|
|
}
|
|
|
|
// Reset the database
|
|
th.ResetRoleMigration()
|
|
|
|
// Do the migration again with different policy config settings and a license.
|
|
th.App.DoAdvancedPermissionsMigration()
|
|
|
|
// Check the role permissions.
|
|
expected2 := map[string][]string{
|
|
"channel_user": []string{
|
|
model.PERMISSION_READ_CHANNEL.Id,
|
|
model.PERMISSION_ADD_REACTION.Id,
|
|
model.PERMISSION_REMOVE_REACTION.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_UPLOAD_FILE.Id,
|
|
model.PERMISSION_GET_PUBLIC_LINK.Id,
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
model.PERMISSION_USE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_EDIT_POST.Id,
|
|
},
|
|
"channel_admin": []string{
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
},
|
|
"team_user": []string{
|
|
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
|
|
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
|
|
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_VIEW_TEAM.Id,
|
|
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_INVITE_USER.Id,
|
|
model.PERMISSION_ADD_USER_TO_TEAM.Id,
|
|
},
|
|
"team_post_all": []string{
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
},
|
|
"team_post_all_public": []string{
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
},
|
|
"team_admin": []string{
|
|
model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM.Id,
|
|
model.PERMISSION_IMPORT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM_ROLES.Id,
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
|
|
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_WEBHOOKS.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
|
|
},
|
|
"system_user": []string{
|
|
model.PERMISSION_CREATE_DIRECT_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_GROUP_CHANNEL.Id,
|
|
model.PERMISSION_PERMANENT_DELETE_USER.Id,
|
|
model.PERMISSION_CREATE_TEAM.Id,
|
|
},
|
|
"system_post_all": []string{
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
},
|
|
"system_post_all_public": []string{
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
},
|
|
"system_user_access_token": []string{
|
|
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
|
|
},
|
|
"system_admin": []string{
|
|
model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id,
|
|
model.PERMISSION_MANAGE_SYSTEM.Id,
|
|
model.PERMISSION_MANAGE_ROLES.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
|
|
model.PERMISSION_EDIT_OTHER_USERS.Id,
|
|
model.PERMISSION_EDIT_OTHERS_POSTS.Id,
|
|
model.PERMISSION_MANAGE_OAUTH.Id,
|
|
model.PERMISSION_INVITE_USER.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
|
|
model.PERMISSION_CREATE_TEAM.Id,
|
|
model.PERMISSION_ADD_USER_TO_TEAM.Id,
|
|
model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_JOBS.Id,
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
model.PERMISSION_CREATE_POST_EPHEMERAL.Id,
|
|
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id,
|
|
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
|
|
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
|
|
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_VIEW_TEAM.Id,
|
|
model.PERMISSION_READ_CHANNEL.Id,
|
|
model.PERMISSION_ADD_REACTION.Id,
|
|
model.PERMISSION_REMOVE_REACTION.Id,
|
|
model.PERMISSION_UPLOAD_FILE.Id,
|
|
model.PERMISSION_GET_PUBLIC_LINK.Id,
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
model.PERMISSION_USE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM.Id,
|
|
model.PERMISSION_IMPORT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM_ROLES.Id,
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_WEBHOOKS.Id,
|
|
model.PERMISSION_EDIT_POST.Id,
|
|
},
|
|
}
|
|
|
|
roles3, err3 := th.App.GetRolesByNames(roleNames)
|
|
assert.Nil(t, err3)
|
|
assert.Equal(t, len(roles3), len(roleNames))
|
|
|
|
for name, permissions := range expected2 {
|
|
role, err := th.App.GetRoleByName(name)
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, permissions, role.Permissions, fmt.Sprintf("'%v' did not have expected permissions", name))
|
|
}
|
|
|
|
// Remove the license.
|
|
th.App.SetLicense(nil)
|
|
|
|
// Do the migration again.
|
|
th.ResetRoleMigration()
|
|
th.App.DoAdvancedPermissionsMigration()
|
|
|
|
// Check the role permissions.
|
|
roles4, err4 := th.App.GetRolesByNames(roleNames)
|
|
assert.Nil(t, err4)
|
|
assert.Equal(t, len(roles4), len(roleNames))
|
|
|
|
for name, permissions := range expected1 {
|
|
role, err := th.App.GetRoleByName(name)
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, permissions, role.Permissions)
|
|
}
|
|
|
|
// Check that the config setting for "always" and "time_limit" edit posts is updated correctly.
|
|
th.ResetRoleMigration()
|
|
|
|
config := th.App.GetConfig()
|
|
*config.ServiceSettings.AllowEditPost = "always"
|
|
*config.ServiceSettings.PostEditTimeLimit = 300
|
|
th.App.SaveConfig(config, false)
|
|
|
|
th.App.DoAdvancedPermissionsMigration()
|
|
config = th.App.GetConfig()
|
|
assert.Equal(t, -1, *config.ServiceSettings.PostEditTimeLimit)
|
|
|
|
th.ResetRoleMigration()
|
|
|
|
config = th.App.GetConfig()
|
|
*config.ServiceSettings.AllowEditPost = "time_limit"
|
|
*config.ServiceSettings.PostEditTimeLimit = 300
|
|
th.App.SaveConfig(config, false)
|
|
|
|
th.App.DoAdvancedPermissionsMigration()
|
|
config = th.App.GetConfig()
|
|
assert.Equal(t, 300, *config.ServiceSettings.PostEditTimeLimit)
|
|
|
|
config = th.App.GetConfig()
|
|
*config.ServiceSettings.AllowEditPost = "always"
|
|
*config.ServiceSettings.PostEditTimeLimit = 300
|
|
th.App.SaveConfig(config, false)
|
|
}
|
|
|
|
func TestDoEmojisPermissionsMigration(t *testing.T) {
|
|
th := Setup()
|
|
defer th.TearDown()
|
|
|
|
if testStoreSqlSupplier == nil {
|
|
t.Skip("This test requires a TestStore to be run.")
|
|
}
|
|
|
|
// Add a license and change the policy config.
|
|
restrictCustomEmojiCreation := *th.App.Config().ServiceSettings.RestrictCustomEmojiCreation
|
|
|
|
defer func() {
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.ServiceSettings.RestrictCustomEmojiCreation = restrictCustomEmojiCreation
|
|
})
|
|
}()
|
|
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.ServiceSettings.RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_SYSTEM_ADMIN
|
|
})
|
|
|
|
th.ResetEmojisMigration()
|
|
th.App.DoEmojisPermissionsMigration()
|
|
|
|
expectedSystemAdmin := []string{
|
|
model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id,
|
|
model.PERMISSION_MANAGE_SYSTEM.Id,
|
|
model.PERMISSION_MANAGE_ROLES.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id,
|
|
model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
|
|
model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
|
|
model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
|
|
model.PERMISSION_EDIT_OTHER_USERS.Id,
|
|
model.PERMISSION_EDIT_OTHERS_POSTS.Id,
|
|
model.PERMISSION_MANAGE_OAUTH.Id,
|
|
model.PERMISSION_INVITE_USER.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
|
|
model.PERMISSION_CREATE_TEAM.Id,
|
|
model.PERMISSION_ADD_USER_TO_TEAM.Id,
|
|
model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_JOBS.Id,
|
|
model.PERMISSION_CREATE_POST_PUBLIC.Id,
|
|
model.PERMISSION_CREATE_POST_EPHEMERAL.Id,
|
|
model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_READ_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id,
|
|
model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id,
|
|
model.PERMISSION_LIST_TEAM_CHANNELS.Id,
|
|
model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id,
|
|
model.PERMISSION_READ_PUBLIC_CHANNEL.Id,
|
|
model.PERMISSION_VIEW_TEAM.Id,
|
|
model.PERMISSION_READ_CHANNEL.Id,
|
|
model.PERMISSION_ADD_REACTION.Id,
|
|
model.PERMISSION_REMOVE_REACTION.Id,
|
|
model.PERMISSION_UPLOAD_FILE.Id,
|
|
model.PERMISSION_GET_PUBLIC_LINK.Id,
|
|
model.PERMISSION_CREATE_POST.Id,
|
|
model.PERMISSION_USE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM.Id,
|
|
model.PERMISSION_IMPORT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM_ROLES.Id,
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_WEBHOOKS.Id,
|
|
model.PERMISSION_EDIT_POST.Id,
|
|
model.PERMISSION_MANAGE_EMOJIS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id,
|
|
}
|
|
|
|
role1, err1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID)
|
|
assert.Nil(t, err1)
|
|
assert.Equal(t, expectedSystemAdmin, role1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID))
|
|
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.ServiceSettings.RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ADMIN
|
|
})
|
|
|
|
th.ResetEmojisMigration()
|
|
th.App.DoEmojisPermissionsMigration()
|
|
|
|
role2, err2 := th.App.GetRoleByName(model.TEAM_ADMIN_ROLE_ID)
|
|
assert.Nil(t, err2)
|
|
expected2 := []string{
|
|
model.PERMISSION_REMOVE_USER_FROM_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM.Id,
|
|
model.PERMISSION_IMPORT_TEAM.Id,
|
|
model.PERMISSION_MANAGE_TEAM_ROLES.Id,
|
|
model.PERMISSION_MANAGE_CHANNEL_ROLES.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_WEBHOOKS.Id,
|
|
model.PERMISSION_MANAGE_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id,
|
|
model.PERMISSION_MANAGE_WEBHOOKS.Id,
|
|
model.PERMISSION_DELETE_POST.Id,
|
|
model.PERMISSION_DELETE_OTHERS_POSTS.Id,
|
|
model.PERMISSION_MANAGE_EMOJIS.Id,
|
|
}
|
|
assert.Equal(t, expected2, role2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.TEAM_ADMIN_ROLE_ID))
|
|
|
|
systemAdmin1, systemAdminErr1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID)
|
|
assert.Nil(t, systemAdminErr1)
|
|
assert.Equal(t, expectedSystemAdmin, systemAdmin1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID))
|
|
|
|
th.App.UpdateConfig(func(cfg *model.Config) {
|
|
*cfg.ServiceSettings.RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ALL
|
|
})
|
|
|
|
th.ResetEmojisMigration()
|
|
th.App.DoEmojisPermissionsMigration()
|
|
|
|
role3, err3 := th.App.GetRoleByName(model.SYSTEM_USER_ROLE_ID)
|
|
assert.Nil(t, err3)
|
|
expected3 := []string{
|
|
model.PERMISSION_CREATE_DIRECT_CHANNEL.Id,
|
|
model.PERMISSION_CREATE_GROUP_CHANNEL.Id,
|
|
model.PERMISSION_PERMANENT_DELETE_USER.Id,
|
|
model.PERMISSION_CREATE_TEAM.Id,
|
|
model.PERMISSION_MANAGE_EMOJIS.Id,
|
|
}
|
|
assert.Equal(t, expected3, role3.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_USER_ROLE_ID))
|
|
|
|
systemAdmin2, systemAdminErr2 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID)
|
|
assert.Nil(t, systemAdminErr2)
|
|
assert.Equal(t, expectedSystemAdmin, systemAdmin2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID))
|
|
}
|