github.com/crspeller/mattermost-server@v0.0.0-20190328001957-a200beb3d111/app/app_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "fmt" 8 "sort" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 13 "github.com/crspeller/mattermost-server/model" 14 ) 15 16 /* Temporarily comment out until MM-11108 17 func TestAppRace(t *testing.T) { 18 for i := 0; i < 10; i++ { 19 a, err := New() 20 require.NoError(t, err) 21 a.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ListenAddress = ":0" }) 22 serverErr := a.StartServer() 23 require.NoError(t, serverErr) 24 a.Shutdown() 25 } 26 } 27 */ 28 29 func TestUpdateConfig(t *testing.T) { 30 th := Setup(t) 31 defer th.TearDown() 32 33 prev := *th.App.Config().ServiceSettings.SiteURL 34 35 th.App.AddConfigListener(func(old, current *model.Config) { 36 assert.Equal(t, prev, *old.ServiceSettings.SiteURL) 37 assert.Equal(t, "foo", *current.ServiceSettings.SiteURL) 38 }) 39 40 th.App.UpdateConfig(func(cfg *model.Config) { 41 *cfg.ServiceSettings.SiteURL = "foo" 42 }) 43 } 44 45 func TestDoAdvancedPermissionsMigration(t *testing.T) { 46 th := Setup(t) 47 defer th.TearDown() 48 49 th.ResetRoleMigration() 50 51 th.App.DoAdvancedPermissionsMigration() 52 53 roleNames := []string{ 54 "system_user", 55 "system_admin", 56 "team_user", 57 "team_admin", 58 "channel_user", 59 "channel_admin", 60 "system_post_all", 61 "system_post_all_public", 62 "system_user_access_token", 63 "team_post_all", 64 "team_post_all_public", 65 } 66 67 roles1, err1 := th.App.GetRolesByNames(roleNames) 68 assert.Nil(t, err1) 69 assert.Equal(t, len(roles1), len(roleNames)) 70 71 expected1 := map[string][]string{ 72 "channel_user": []string{ 73 model.PERMISSION_READ_CHANNEL.Id, 74 model.PERMISSION_ADD_REACTION.Id, 75 model.PERMISSION_REMOVE_REACTION.Id, 76 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 77 model.PERMISSION_UPLOAD_FILE.Id, 78 model.PERMISSION_GET_PUBLIC_LINK.Id, 79 model.PERMISSION_CREATE_POST.Id, 80 model.PERMISSION_USE_SLASH_COMMANDS.Id, 81 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 82 model.PERMISSION_DELETE_POST.Id, 83 model.PERMISSION_EDIT_POST.Id, 84 }, 85 "channel_admin": []string{ 86 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 87 }, 88 "team_user": []string{ 89 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 90 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 91 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 92 model.PERMISSION_VIEW_TEAM.Id, 93 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 94 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 95 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 96 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 97 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 98 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 99 model.PERMISSION_INVITE_USER.Id, 100 model.PERMISSION_ADD_USER_TO_TEAM.Id, 101 }, 102 "team_post_all": []string{ 103 model.PERMISSION_CREATE_POST.Id, 104 }, 105 "team_post_all_public": []string{ 106 model.PERMISSION_CREATE_POST_PUBLIC.Id, 107 }, 108 "team_admin": []string{ 109 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 110 model.PERMISSION_MANAGE_TEAM.Id, 111 model.PERMISSION_IMPORT_TEAM.Id, 112 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 113 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 114 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 115 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 116 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 117 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 118 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 119 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 120 model.PERMISSION_DELETE_POST.Id, 121 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 122 }, 123 "system_user": []string{ 124 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 125 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 126 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 127 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 128 model.PERMISSION_PERMANENT_DELETE_USER.Id, 129 model.PERMISSION_CREATE_TEAM.Id, 130 }, 131 "system_post_all": []string{ 132 model.PERMISSION_CREATE_POST.Id, 133 }, 134 "system_post_all_public": []string{ 135 model.PERMISSION_CREATE_POST_PUBLIC.Id, 136 }, 137 "system_user_access_token": []string{ 138 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 139 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 140 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 141 }, 142 "system_admin": []string{ 143 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 144 model.PERMISSION_MANAGE_SYSTEM.Id, 145 model.PERMISSION_MANAGE_ROLES.Id, 146 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 147 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 148 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 149 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 150 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 151 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 152 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 153 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 154 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 155 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 156 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 157 model.PERMISSION_EDIT_OTHER_USERS.Id, 158 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 159 model.PERMISSION_MANAGE_OAUTH.Id, 160 model.PERMISSION_INVITE_USER.Id, 161 model.PERMISSION_DELETE_POST.Id, 162 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 163 model.PERMISSION_CREATE_TEAM.Id, 164 model.PERMISSION_ADD_USER_TO_TEAM.Id, 165 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 166 model.PERMISSION_MANAGE_JOBS.Id, 167 model.PERMISSION_CREATE_POST_PUBLIC.Id, 168 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 169 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 170 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 171 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 172 model.PERMISSION_CREATE_BOT.Id, 173 model.PERMISSION_READ_BOTS.Id, 174 model.PERMISSION_READ_OTHERS_BOTS.Id, 175 model.PERMISSION_MANAGE_BOTS.Id, 176 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 177 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 178 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 179 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 180 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 181 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 182 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 183 model.PERMISSION_VIEW_TEAM.Id, 184 model.PERMISSION_READ_CHANNEL.Id, 185 model.PERMISSION_ADD_REACTION.Id, 186 model.PERMISSION_REMOVE_REACTION.Id, 187 model.PERMISSION_UPLOAD_FILE.Id, 188 model.PERMISSION_GET_PUBLIC_LINK.Id, 189 model.PERMISSION_CREATE_POST.Id, 190 model.PERMISSION_USE_SLASH_COMMANDS.Id, 191 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 192 model.PERMISSION_MANAGE_TEAM.Id, 193 model.PERMISSION_IMPORT_TEAM.Id, 194 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 195 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 196 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 197 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 198 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 199 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 200 model.PERMISSION_EDIT_POST.Id, 201 }, 202 } 203 204 // Check the migration matches what's expected. 205 for name, permissions := range expected1 { 206 role, err := th.App.GetRoleByName(name) 207 assert.Nil(t, err) 208 assert.Equal(t, role.Permissions, permissions) 209 } 210 211 // Add a license and change the policy config. 212 restrictPublicChannel := *th.App.Config().TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement 213 restrictPrivateChannel := *th.App.Config().TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement 214 215 defer func() { 216 th.App.UpdateConfig(func(cfg *model.Config) { 217 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement = restrictPublicChannel 218 }) 219 th.App.UpdateConfig(func(cfg *model.Config) { 220 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement = restrictPrivateChannel 221 }) 222 }() 223 224 th.App.UpdateConfig(func(cfg *model.Config) { 225 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN 226 }) 227 th.App.UpdateConfig(func(cfg *model.Config) { 228 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN 229 }) 230 th.App.SetLicense(model.NewTestLicense()) 231 232 // Check the migration doesn't change anything if run again. 233 th.App.DoAdvancedPermissionsMigration() 234 235 roles2, err2 := th.App.GetRolesByNames(roleNames) 236 assert.Nil(t, err2) 237 assert.Equal(t, len(roles2), len(roleNames)) 238 239 for name, permissions := range expected1 { 240 role, err := th.App.GetRoleByName(name) 241 assert.Nil(t, err) 242 assert.Equal(t, permissions, role.Permissions) 243 } 244 245 // Reset the database 246 th.ResetRoleMigration() 247 248 // Do the migration again with different policy config settings and a license. 249 th.App.DoAdvancedPermissionsMigration() 250 251 // Check the role permissions. 252 expected2 := map[string][]string{ 253 "channel_user": []string{ 254 model.PERMISSION_READ_CHANNEL.Id, 255 model.PERMISSION_ADD_REACTION.Id, 256 model.PERMISSION_REMOVE_REACTION.Id, 257 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 258 model.PERMISSION_UPLOAD_FILE.Id, 259 model.PERMISSION_GET_PUBLIC_LINK.Id, 260 model.PERMISSION_CREATE_POST.Id, 261 model.PERMISSION_USE_SLASH_COMMANDS.Id, 262 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 263 model.PERMISSION_DELETE_POST.Id, 264 model.PERMISSION_EDIT_POST.Id, 265 }, 266 "channel_admin": []string{ 267 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 268 }, 269 "team_user": []string{ 270 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 271 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 272 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 273 model.PERMISSION_VIEW_TEAM.Id, 274 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 275 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 276 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 277 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 278 model.PERMISSION_INVITE_USER.Id, 279 model.PERMISSION_ADD_USER_TO_TEAM.Id, 280 }, 281 "team_post_all": []string{ 282 model.PERMISSION_CREATE_POST.Id, 283 }, 284 "team_post_all_public": []string{ 285 model.PERMISSION_CREATE_POST_PUBLIC.Id, 286 }, 287 "team_admin": []string{ 288 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 289 model.PERMISSION_MANAGE_TEAM.Id, 290 model.PERMISSION_IMPORT_TEAM.Id, 291 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 292 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 293 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 294 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 295 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 296 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 297 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 298 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 299 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 300 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 301 model.PERMISSION_DELETE_POST.Id, 302 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 303 }, 304 "system_user": []string{ 305 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 306 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 307 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 308 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 309 model.PERMISSION_PERMANENT_DELETE_USER.Id, 310 model.PERMISSION_CREATE_TEAM.Id, 311 }, 312 "system_post_all": []string{ 313 model.PERMISSION_CREATE_POST.Id, 314 }, 315 "system_post_all_public": []string{ 316 model.PERMISSION_CREATE_POST_PUBLIC.Id, 317 }, 318 "system_user_access_token": []string{ 319 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 320 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 321 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 322 }, 323 "system_admin": []string{ 324 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 325 model.PERMISSION_MANAGE_SYSTEM.Id, 326 model.PERMISSION_MANAGE_ROLES.Id, 327 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 328 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 329 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 330 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 331 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 332 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 333 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 334 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 335 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 336 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 337 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 338 model.PERMISSION_EDIT_OTHER_USERS.Id, 339 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 340 model.PERMISSION_MANAGE_OAUTH.Id, 341 model.PERMISSION_INVITE_USER.Id, 342 model.PERMISSION_DELETE_POST.Id, 343 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 344 model.PERMISSION_CREATE_TEAM.Id, 345 model.PERMISSION_ADD_USER_TO_TEAM.Id, 346 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 347 model.PERMISSION_MANAGE_JOBS.Id, 348 model.PERMISSION_CREATE_POST_PUBLIC.Id, 349 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 350 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 351 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 352 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 353 model.PERMISSION_CREATE_BOT.Id, 354 model.PERMISSION_READ_BOTS.Id, 355 model.PERMISSION_READ_OTHERS_BOTS.Id, 356 model.PERMISSION_MANAGE_BOTS.Id, 357 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 358 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 359 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 360 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 361 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 362 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 363 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 364 model.PERMISSION_VIEW_TEAM.Id, 365 model.PERMISSION_READ_CHANNEL.Id, 366 model.PERMISSION_ADD_REACTION.Id, 367 model.PERMISSION_REMOVE_REACTION.Id, 368 model.PERMISSION_UPLOAD_FILE.Id, 369 model.PERMISSION_GET_PUBLIC_LINK.Id, 370 model.PERMISSION_CREATE_POST.Id, 371 model.PERMISSION_USE_SLASH_COMMANDS.Id, 372 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 373 model.PERMISSION_MANAGE_TEAM.Id, 374 model.PERMISSION_IMPORT_TEAM.Id, 375 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 376 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 377 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 378 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 379 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 380 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 381 model.PERMISSION_EDIT_POST.Id, 382 }, 383 } 384 385 roles3, err3 := th.App.GetRolesByNames(roleNames) 386 assert.Nil(t, err3) 387 assert.Equal(t, len(roles3), len(roleNames)) 388 389 for name, permissions := range expected2 { 390 role, err := th.App.GetRoleByName(name) 391 assert.Nil(t, err) 392 assert.Equal(t, permissions, role.Permissions, fmt.Sprintf("'%v' did not have expected permissions", name)) 393 } 394 395 // Remove the license. 396 th.App.SetLicense(nil) 397 398 // Do the migration again. 399 th.ResetRoleMigration() 400 th.App.DoAdvancedPermissionsMigration() 401 402 // Check the role permissions. 403 roles4, err4 := th.App.GetRolesByNames(roleNames) 404 assert.Nil(t, err4) 405 assert.Equal(t, len(roles4), len(roleNames)) 406 407 for name, permissions := range expected1 { 408 role, err := th.App.GetRoleByName(name) 409 assert.Nil(t, err) 410 assert.Equal(t, permissions, role.Permissions) 411 } 412 413 // Check that the config setting for "always" and "time_limit" edit posts is updated correctly. 414 th.ResetRoleMigration() 415 416 allowEditPost := *th.App.Config().ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost 417 postEditTimeLimit := *th.App.Config().ServiceSettings.PostEditTimeLimit 418 419 defer func() { 420 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = allowEditPost }) 421 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = postEditTimeLimit }) 422 }() 423 424 th.App.UpdateConfig(func(cfg *model.Config) { 425 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = "always" 426 *cfg.ServiceSettings.PostEditTimeLimit = 300 427 }) 428 429 th.App.DoAdvancedPermissionsMigration() 430 431 config := th.App.Config() 432 assert.Equal(t, -1, *config.ServiceSettings.PostEditTimeLimit) 433 434 th.ResetRoleMigration() 435 436 th.App.UpdateConfig(func(cfg *model.Config) { 437 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = "time_limit" 438 *cfg.ServiceSettings.PostEditTimeLimit = 300 439 }) 440 441 th.App.DoAdvancedPermissionsMigration() 442 config = th.App.Config() 443 assert.Equal(t, 300, *config.ServiceSettings.PostEditTimeLimit) 444 } 445 446 func TestDoEmojisPermissionsMigration(t *testing.T) { 447 th := Setup(t) 448 defer th.TearDown() 449 450 // Add a license and change the policy config. 451 restrictCustomEmojiCreation := *th.App.Config().ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation 452 453 defer func() { 454 th.App.UpdateConfig(func(cfg *model.Config) { 455 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = restrictCustomEmojiCreation 456 }) 457 }() 458 459 th.App.UpdateConfig(func(cfg *model.Config) { 460 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_SYSTEM_ADMIN 461 }) 462 463 th.ResetEmojisMigration() 464 th.App.DoEmojisPermissionsMigration() 465 466 expectedSystemAdmin := []string{ 467 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 468 model.PERMISSION_MANAGE_SYSTEM.Id, 469 model.PERMISSION_MANAGE_ROLES.Id, 470 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 471 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 472 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 473 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 474 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 475 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 476 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 477 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 478 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 479 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 480 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 481 model.PERMISSION_EDIT_OTHER_USERS.Id, 482 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 483 model.PERMISSION_MANAGE_OAUTH.Id, 484 model.PERMISSION_INVITE_USER.Id, 485 model.PERMISSION_DELETE_POST.Id, 486 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 487 model.PERMISSION_CREATE_TEAM.Id, 488 model.PERMISSION_ADD_USER_TO_TEAM.Id, 489 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 490 model.PERMISSION_MANAGE_JOBS.Id, 491 model.PERMISSION_CREATE_POST_PUBLIC.Id, 492 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 493 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 494 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 495 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 496 model.PERMISSION_CREATE_BOT.Id, 497 model.PERMISSION_READ_BOTS.Id, 498 model.PERMISSION_READ_OTHERS_BOTS.Id, 499 model.PERMISSION_MANAGE_BOTS.Id, 500 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 501 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 502 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 503 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 504 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 505 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 506 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 507 model.PERMISSION_VIEW_TEAM.Id, 508 model.PERMISSION_READ_CHANNEL.Id, 509 model.PERMISSION_ADD_REACTION.Id, 510 model.PERMISSION_REMOVE_REACTION.Id, 511 model.PERMISSION_UPLOAD_FILE.Id, 512 model.PERMISSION_GET_PUBLIC_LINK.Id, 513 model.PERMISSION_CREATE_POST.Id, 514 model.PERMISSION_USE_SLASH_COMMANDS.Id, 515 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 516 model.PERMISSION_MANAGE_TEAM.Id, 517 model.PERMISSION_IMPORT_TEAM.Id, 518 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 519 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 520 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 521 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 522 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 523 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 524 model.PERMISSION_EDIT_POST.Id, 525 model.PERMISSION_CREATE_EMOJIS.Id, 526 model.PERMISSION_DELETE_EMOJIS.Id, 527 model.PERMISSION_DELETE_OTHERS_EMOJIS.Id, 528 } 529 sort.Strings(expectedSystemAdmin) 530 531 role1, err1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 532 assert.Nil(t, err1) 533 sort.Strings(role1.Permissions) 534 assert.Equal(t, expectedSystemAdmin, role1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 535 536 th.App.UpdateConfig(func(cfg *model.Config) { 537 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ADMIN 538 }) 539 540 th.ResetEmojisMigration() 541 th.App.DoEmojisPermissionsMigration() 542 543 role2, err2 := th.App.GetRoleByName(model.TEAM_ADMIN_ROLE_ID) 544 assert.Nil(t, err2) 545 expected2 := []string{ 546 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 547 model.PERMISSION_MANAGE_TEAM.Id, 548 model.PERMISSION_IMPORT_TEAM.Id, 549 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 550 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 551 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 552 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 553 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 554 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 555 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 556 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 557 model.PERMISSION_DELETE_POST.Id, 558 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 559 model.PERMISSION_CREATE_EMOJIS.Id, 560 model.PERMISSION_DELETE_EMOJIS.Id, 561 } 562 sort.Strings(expected2) 563 sort.Strings(role2.Permissions) 564 assert.Equal(t, expected2, role2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.TEAM_ADMIN_ROLE_ID)) 565 566 systemAdmin1, systemAdminErr1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 567 assert.Nil(t, systemAdminErr1) 568 sort.Strings(systemAdmin1.Permissions) 569 assert.Equal(t, expectedSystemAdmin, systemAdmin1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 570 571 th.App.UpdateConfig(func(cfg *model.Config) { 572 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ALL 573 }) 574 575 th.ResetEmojisMigration() 576 th.App.DoEmojisPermissionsMigration() 577 578 role3, err3 := th.App.GetRoleByName(model.SYSTEM_USER_ROLE_ID) 579 assert.Nil(t, err3) 580 expected3 := []string{ 581 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 582 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 583 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 584 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 585 model.PERMISSION_PERMANENT_DELETE_USER.Id, 586 model.PERMISSION_CREATE_TEAM.Id, 587 model.PERMISSION_CREATE_EMOJIS.Id, 588 model.PERMISSION_DELETE_EMOJIS.Id, 589 } 590 sort.Strings(expected3) 591 sort.Strings(role3.Permissions) 592 assert.Equal(t, expected3, role3.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_USER_ROLE_ID)) 593 594 systemAdmin2, systemAdminErr2 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 595 assert.Nil(t, systemAdminErr2) 596 sort.Strings(systemAdmin2.Permissions) 597 assert.Equal(t, expectedSystemAdmin, systemAdmin2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 598 }