github.com/crspeller/mattermost-server@v0.0.0-20190328001957-a200beb3d111/app/permissions.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "bufio" 8 "encoding/json" 9 "fmt" 10 "io" 11 12 "github.com/crspeller/mattermost-server/model" 13 "github.com/pkg/errors" 14 ) 15 16 const permissionsExportBatchSize = 100 17 const systemSchemeName = "00000000-0000-0000-0000-000000000000" // Prevents collisions with user-created schemes. 18 19 func (a *App) ResetPermissionsSystem() *model.AppError { 20 // Reset all Teams to not have a scheme. 21 if result := <-a.Srv.Store.Team().ResetAllTeamSchemes(); result.Err != nil { 22 return result.Err 23 } 24 25 // Reset all Channels to not have a scheme. 26 if result := <-a.Srv.Store.Channel().ResetAllChannelSchemes(); result.Err != nil { 27 return result.Err 28 } 29 30 // Reset all Custom Role assignments to Users. 31 if result := <-a.Srv.Store.User().ClearAllCustomRoleAssignments(); result.Err != nil { 32 return result.Err 33 } 34 35 // Reset all Custom Role assignments to TeamMembers. 36 if result := <-a.Srv.Store.Team().ClearAllCustomRoleAssignments(); result.Err != nil { 37 return result.Err 38 } 39 40 // Reset all Custom Role assignments to ChannelMembers. 41 if result := <-a.Srv.Store.Channel().ClearAllCustomRoleAssignments(); result.Err != nil { 42 return result.Err 43 } 44 45 // Purge all schemes from the database. 46 if result := <-a.Srv.Store.Scheme().PermanentDeleteAll(); result.Err != nil { 47 return result.Err 48 } 49 50 // Purge all roles from the database. 51 if result := <-a.Srv.Store.Role().PermanentDeleteAll(); result.Err != nil { 52 return result.Err 53 } 54 55 // Remove the "System" table entry that marks the advanced permissions migration as done. 56 if result := <-a.Srv.Store.System().PermanentDeleteByName(ADVANCED_PERMISSIONS_MIGRATION_KEY); result.Err != nil { 57 return result.Err 58 } 59 60 // Now that the permissions system has been reset, re-run the migration to reinitialise it. 61 a.DoAdvancedPermissionsMigration() 62 a.DoEmojisPermissionsMigration() 63 a.DoPermissionsMigrations() 64 65 return nil 66 } 67 68 func (a *App) ExportPermissions(w io.Writer) error { 69 70 next := a.SchemesIterator(permissionsExportBatchSize) 71 var schemeBatch []*model.Scheme 72 73 for schemeBatch = next(); len(schemeBatch) > 0; schemeBatch = next() { 74 75 for _, scheme := range schemeBatch { 76 77 roleNames := []string{ 78 scheme.DefaultTeamAdminRole, 79 scheme.DefaultTeamUserRole, 80 scheme.DefaultChannelAdminRole, 81 scheme.DefaultChannelUserRole, 82 } 83 84 roles := []*model.Role{} 85 for _, roleName := range roleNames { 86 if len(roleName) == 0 { 87 continue 88 } 89 role, err := a.GetRoleByName(roleName) 90 if err != nil { 91 return err 92 } 93 roles = append(roles, role) 94 } 95 96 schemeExport, err := json.Marshal(&model.SchemeConveyor{ 97 Name: scheme.Name, 98 DisplayName: scheme.DisplayName, 99 Description: scheme.Description, 100 Scope: scheme.Scope, 101 TeamAdmin: scheme.DefaultTeamAdminRole, 102 TeamUser: scheme.DefaultTeamUserRole, 103 ChannelAdmin: scheme.DefaultChannelAdminRole, 104 ChannelUser: scheme.DefaultChannelUserRole, 105 Roles: roles, 106 }) 107 if err != nil { 108 return err 109 } 110 111 schemeExport = append(schemeExport, []byte("\n")...) 112 113 _, err = w.Write(schemeExport) 114 if err != nil { 115 return err 116 } 117 } 118 119 } 120 121 defaultRoleNames := []string{} 122 for _, dr := range model.MakeDefaultRoles() { 123 defaultRoleNames = append(defaultRoleNames, dr.Name) 124 } 125 126 roles, appErr := a.GetRolesByNames(defaultRoleNames) 127 if appErr != nil { 128 return errors.New(appErr.Message) 129 } 130 131 schemeExport, err := json.Marshal(&model.SchemeConveyor{ 132 Name: systemSchemeName, 133 Roles: roles, 134 }) 135 if err != nil { 136 return err 137 } 138 139 schemeExport = append(schemeExport, []byte("\n")...) 140 141 _, err = w.Write(schemeExport) 142 return err 143 } 144 145 func (a *App) ImportPermissions(jsonl io.Reader) error { 146 createdSchemeIDs := []string{} 147 148 scanner := bufio.NewScanner(jsonl) 149 150 for scanner.Scan() { 151 var schemeConveyor *model.SchemeConveyor 152 err := json.Unmarshal(scanner.Bytes(), &schemeConveyor) 153 if err != nil { 154 rollback(a, createdSchemeIDs) 155 return err 156 } 157 158 if schemeConveyor.Name == systemSchemeName { 159 for _, roleIn := range schemeConveyor.Roles { 160 dbRole, err := a.GetRoleByName(roleIn.Name) 161 if err != nil { 162 rollback(a, createdSchemeIDs) 163 return errors.New(err.Message) 164 } 165 _, err = a.PatchRole(dbRole, &model.RolePatch{ 166 Permissions: &roleIn.Permissions, 167 }) 168 if err != nil { 169 rollback(a, createdSchemeIDs) 170 return err 171 } 172 } 173 continue 174 } 175 176 // Create the new Scheme. The new Roles are created automatically. 177 var appErr *model.AppError 178 schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme()) 179 if appErr != nil { 180 rollback(a, createdSchemeIDs) 181 return errors.New(appErr.Message) 182 } 183 createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id) 184 185 schemeIn := schemeConveyor.Scheme() 186 roleNameTuples := [][]string{ 187 {schemeCreated.DefaultTeamAdminRole, schemeIn.DefaultTeamAdminRole}, 188 {schemeCreated.DefaultTeamUserRole, schemeIn.DefaultTeamUserRole}, 189 {schemeCreated.DefaultChannelAdminRole, schemeIn.DefaultChannelAdminRole}, 190 {schemeCreated.DefaultChannelUserRole, schemeIn.DefaultChannelUserRole}, 191 } 192 for _, roleNameTuple := range roleNameTuples { 193 if len(roleNameTuple[0]) == 0 || len(roleNameTuple[1]) == 0 { 194 continue 195 } 196 197 err = updateRole(a, schemeConveyor, roleNameTuple[0], roleNameTuple[1]) 198 if err != nil { 199 // Delete the new Schemes. The new Roles are deleted automatically. 200 rollback(a, createdSchemeIDs) 201 return err 202 } 203 } 204 } 205 206 if err := scanner.Err(); err != nil { 207 rollback(a, createdSchemeIDs) 208 return err 209 } 210 211 return nil 212 } 213 214 func rollback(a *App, createdSchemeIDs []string) { 215 for _, schemeID := range createdSchemeIDs { 216 a.DeleteScheme(schemeID) 217 } 218 } 219 220 func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedName, defaultRoleName string) error { 221 var err *model.AppError 222 223 roleCreated, err := a.GetRoleByName(roleCreatedName) 224 if err != nil { 225 return errors.New(err.Message) 226 } 227 228 var roleIn *model.Role 229 for _, role := range sc.Roles { 230 if role.Name == defaultRoleName { 231 roleIn = role 232 break 233 } 234 } 235 236 roleCreated.DisplayName = roleIn.DisplayName 237 roleCreated.Description = roleIn.Description 238 roleCreated.Permissions = roleIn.Permissions 239 240 _, err = a.UpdateRole(roleCreated) 241 if err != nil { 242 return errors.New(fmt.Sprintf("%v: %v\n", err.Message, err.DetailedError)) 243 } 244 245 return nil 246 }