github.com/jlevesy/mattermost-server@v5.3.2-0.20181003190404-7468f35cb0c8+incompatible/app/permissions.go (about) 1 // Copyright (c) 2018-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "bufio" 8 "encoding/json" 9 "fmt" 10 "io" 11 12 "github.com/mattermost/mattermost-server/model" 13 "github.com/pkg/errors" 14 ) 15 16 const permissionsExportBatchSize = 100 17 const systemSchemeName = "00000000-0000-0000-0000-000000000000" // Prevents collisions with user-created schemes. 18 19 func (a *App) ResetPermissionsSystem() *model.AppError { 20 // Reset all Teams to not have a scheme. 21 if result := <-a.Srv.Store.Team().ResetAllTeamSchemes(); result.Err != nil { 22 return result.Err 23 } 24 25 // Reset all Channels to not have a scheme. 26 if result := <-a.Srv.Store.Channel().ResetAllChannelSchemes(); result.Err != nil { 27 return result.Err 28 } 29 30 // Reset all Custom Role assignments to Users. 31 if result := <-a.Srv.Store.User().ClearAllCustomRoleAssignments(); result.Err != nil { 32 return result.Err 33 } 34 35 // Reset all Custom Role assignments to TeamMembers. 36 if result := <-a.Srv.Store.Team().ClearAllCustomRoleAssignments(); result.Err != nil { 37 return result.Err 38 } 39 40 // Reset all Custom Role assignments to ChannelMembers. 41 if result := <-a.Srv.Store.Channel().ClearAllCustomRoleAssignments(); result.Err != nil { 42 return result.Err 43 } 44 45 // Purge all schemes from the database. 46 if result := <-a.Srv.Store.Scheme().PermanentDeleteAll(); result.Err != nil { 47 return result.Err 48 } 49 50 // Purge all roles from the database. 51 if result := <-a.Srv.Store.Role().PermanentDeleteAll(); result.Err != nil { 52 return result.Err 53 } 54 55 // Remove the "System" table entry that marks the advanced permissions migration as done. 56 if result := <-a.Srv.Store.System().PermanentDeleteByName(ADVANCED_PERMISSIONS_MIGRATION_KEY); result.Err != nil { 57 return result.Err 58 } 59 60 // Now that the permissions system has been reset, re-run the migration to reinitialise it. 61 a.DoAdvancedPermissionsMigration() 62 a.DoEmojisPermissionsMigration() 63 64 return nil 65 } 66 67 func (a *App) ExportPermissions(w io.Writer) error { 68 69 next := a.SchemesIterator(permissionsExportBatchSize) 70 var schemeBatch []*model.Scheme 71 72 for schemeBatch = next(); len(schemeBatch) > 0; schemeBatch = next() { 73 74 for _, scheme := range schemeBatch { 75 76 roleNames := []string{ 77 scheme.DefaultTeamAdminRole, 78 scheme.DefaultTeamUserRole, 79 scheme.DefaultChannelAdminRole, 80 scheme.DefaultChannelUserRole, 81 } 82 83 roles := []*model.Role{} 84 for _, roleName := range roleNames { 85 if len(roleName) == 0 { 86 continue 87 } 88 role, err := a.GetRoleByName(roleName) 89 if err != nil { 90 return err 91 } 92 roles = append(roles, role) 93 } 94 95 schemeExport, err := json.Marshal(&model.SchemeConveyor{ 96 Name: scheme.Name, 97 DisplayName: scheme.DisplayName, 98 Description: scheme.Description, 99 Scope: scheme.Scope, 100 TeamAdmin: scheme.DefaultTeamAdminRole, 101 TeamUser: scheme.DefaultTeamUserRole, 102 ChannelAdmin: scheme.DefaultChannelAdminRole, 103 ChannelUser: scheme.DefaultChannelUserRole, 104 Roles: roles, 105 }) 106 if err != nil { 107 return err 108 } 109 110 schemeExport = append(schemeExport, []byte("\n")...) 111 112 _, err = w.Write(schemeExport) 113 if err != nil { 114 return err 115 } 116 } 117 118 } 119 120 defaultRoleNames := []string{} 121 for _, dr := range model.MakeDefaultRoles() { 122 defaultRoleNames = append(defaultRoleNames, dr.Name) 123 } 124 125 roles, appErr := a.GetRolesByNames(defaultRoleNames) 126 if appErr != nil { 127 return errors.New(appErr.Message) 128 } 129 130 schemeExport, err := json.Marshal(&model.SchemeConveyor{ 131 Name: systemSchemeName, 132 Roles: roles, 133 }) 134 if err != nil { 135 return err 136 } 137 138 schemeExport = append(schemeExport, []byte("\n")...) 139 140 _, err = w.Write(schemeExport) 141 return err 142 } 143 144 func (a *App) ImportPermissions(jsonl io.Reader) error { 145 createdSchemeIDs := []string{} 146 147 scanner := bufio.NewScanner(jsonl) 148 149 for scanner.Scan() { 150 var schemeConveyor *model.SchemeConveyor 151 err := json.Unmarshal(scanner.Bytes(), &schemeConveyor) 152 if err != nil { 153 rollback(a, createdSchemeIDs) 154 return err 155 } 156 157 if schemeConveyor.Name == systemSchemeName { 158 for _, roleIn := range schemeConveyor.Roles { 159 dbRole, err := a.GetRoleByName(roleIn.Name) 160 if err != nil { 161 rollback(a, createdSchemeIDs) 162 return errors.New(err.Message) 163 } 164 _, err = a.PatchRole(dbRole, &model.RolePatch{ 165 Permissions: &roleIn.Permissions, 166 }) 167 if err != nil { 168 rollback(a, createdSchemeIDs) 169 return err 170 } 171 } 172 continue 173 } 174 175 // Create the new Scheme. The new Roles are created automatically. 176 var appErr *model.AppError 177 schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme()) 178 if appErr != nil { 179 rollback(a, createdSchemeIDs) 180 return errors.New(appErr.Message) 181 } 182 createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id) 183 184 schemeIn := schemeConveyor.Scheme() 185 roleNameTuples := [][]string{ 186 {schemeCreated.DefaultTeamAdminRole, schemeIn.DefaultTeamAdminRole}, 187 {schemeCreated.DefaultTeamUserRole, schemeIn.DefaultTeamUserRole}, 188 {schemeCreated.DefaultChannelAdminRole, schemeIn.DefaultChannelAdminRole}, 189 {schemeCreated.DefaultChannelUserRole, schemeIn.DefaultChannelUserRole}, 190 } 191 for _, roleNameTuple := range roleNameTuples { 192 if len(roleNameTuple[0]) == 0 || len(roleNameTuple[1]) == 0 { 193 continue 194 } 195 196 err = updateRole(a, schemeConveyor, roleNameTuple[0], roleNameTuple[1]) 197 if err != nil { 198 // Delete the new Schemes. The new Roles are deleted automatically. 199 rollback(a, createdSchemeIDs) 200 return err 201 } 202 } 203 } 204 205 if err := scanner.Err(); err != nil { 206 rollback(a, createdSchemeIDs) 207 return err 208 } 209 210 return nil 211 } 212 213 func rollback(a *App, createdSchemeIDs []string) { 214 for _, schemeID := range createdSchemeIDs { 215 a.DeleteScheme(schemeID) 216 } 217 } 218 219 func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedName, defaultRoleName string) error { 220 var err *model.AppError 221 222 roleCreated, err := a.GetRoleByName(roleCreatedName) 223 if err != nil { 224 return errors.New(err.Message) 225 } 226 227 var roleIn *model.Role 228 for _, role := range sc.Roles { 229 if role.Name == defaultRoleName { 230 roleIn = role 231 break 232 } 233 } 234 235 roleCreated.DisplayName = roleIn.DisplayName 236 roleCreated.Description = roleIn.Description 237 roleCreated.Permissions = roleIn.Permissions 238 239 _, err = a.UpdateRole(roleCreated) 240 if err != nil { 241 return errors.New(fmt.Sprintf("%v: %v\n", err.Message, err.DetailedError)) 242 } 243 244 return nil 245 }