github.com/mattermosttest/mattermost-server/v5@v5.0.0-20200917143240-9dfa12e121f9/app/app_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package app 5 6 import ( 7 "fmt" 8 "sort" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/mock" 13 14 "github.com/mattermost/mattermost-server/v5/model" 15 "github.com/mattermost/mattermost-server/v5/services/searchengine/bleveengine" 16 "github.com/mattermost/mattermost-server/v5/store/storetest/mocks" 17 ) 18 19 /* Temporarily comment out until MM-11108 20 func TestAppRace(t *testing.T) { 21 for i := 0; i < 10; i++ { 22 a, err := New() 23 require.NoError(t, err) 24 a.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ListenAddress = ":0" }) 25 serverErr := a.StartServer() 26 require.NoError(t, serverErr) 27 a.Srv().Shutdown() 28 } 29 } 30 */ 31 32 func TestUnitUpdateConfig(t *testing.T) { 33 th := SetupWithStoreMock(t) 34 defer th.TearDown() 35 bleveEngine := bleveengine.NewBleveEngine(th.App.Config(), th.App.Srv().Jobs) 36 _ = bleveEngine.Start() 37 th.App.Srv().SearchEngine.RegisterBleveEngine(bleveEngine) 38 39 mockStore := th.App.Srv().Store.(*mocks.Store) 40 mockUserStore := mocks.UserStore{} 41 mockUserStore.On("Count", mock.Anything).Return(int64(10), nil) 42 mockPostStore := mocks.PostStore{} 43 mockPostStore.On("GetMaxPostSize").Return(65535, nil) 44 mockSystemStore := mocks.SystemStore{} 45 mockSystemStore.On("GetByName", "InstallationDate").Return(&model.System{Name: "InstallationDate", Value: "10"}, nil) 46 mockSystemStore.On("GetByName", "FirstServerRunTimestamp").Return(&model.System{Name: "FirstServerRunTimestamp", Value: "10"}, nil) 47 mockSystemStore.On("Get").Return(make(model.StringMap), nil) 48 mockLicenseStore := mocks.LicenseStore{} 49 mockLicenseStore.On("Get", "").Return(&model.LicenseRecord{}, nil) 50 mockStore.On("User").Return(&mockUserStore) 51 mockStore.On("Post").Return(&mockPostStore) 52 mockStore.On("System").Return(&mockSystemStore) 53 mockStore.On("License").Return(&mockLicenseStore) 54 55 prev := *th.App.Config().ServiceSettings.SiteURL 56 57 th.App.AddConfigListener(func(old, current *model.Config) { 58 assert.Equal(t, prev, *old.ServiceSettings.SiteURL) 59 assert.Equal(t, "http://foo.com", *current.ServiceSettings.SiteURL) 60 }) 61 62 th.App.UpdateConfig(func(cfg *model.Config) { 63 *cfg.ServiceSettings.SiteURL = "http://foo.com" 64 }) 65 } 66 67 func TestDoAdvancedPermissionsMigration(t *testing.T) { 68 th := Setup(t) 69 defer th.TearDown() 70 71 th.ResetRoleMigration() 72 73 th.App.DoAdvancedPermissionsMigration() 74 75 roleNames := []string{ 76 "system_user", 77 "system_admin", 78 "team_user", 79 "team_admin", 80 "channel_user", 81 "channel_admin", 82 "system_post_all", 83 "system_post_all_public", 84 "system_user_access_token", 85 "team_post_all", 86 "team_post_all_public", 87 } 88 89 roles1, err1 := th.App.GetRolesByNames(roleNames) 90 assert.Nil(t, err1) 91 assert.Equal(t, len(roles1), len(roleNames)) 92 93 expected1 := map[string][]string{ 94 "channel_user": { 95 model.PERMISSION_READ_CHANNEL.Id, 96 model.PERMISSION_ADD_REACTION.Id, 97 model.PERMISSION_REMOVE_REACTION.Id, 98 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 99 model.PERMISSION_UPLOAD_FILE.Id, 100 model.PERMISSION_GET_PUBLIC_LINK.Id, 101 model.PERMISSION_CREATE_POST.Id, 102 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 103 model.PERMISSION_USE_SLASH_COMMANDS.Id, 104 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 105 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 106 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 107 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 108 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 109 model.PERMISSION_DELETE_POST.Id, 110 model.PERMISSION_EDIT_POST.Id, 111 }, 112 "channel_admin": { 113 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 114 model.PERMISSION_USE_GROUP_MENTIONS.Id, 115 }, 116 "team_user": { 117 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 118 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 119 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 120 model.PERMISSION_VIEW_TEAM.Id, 121 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 122 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 123 model.PERMISSION_INVITE_USER.Id, 124 model.PERMISSION_ADD_USER_TO_TEAM.Id, 125 }, 126 "team_post_all": { 127 model.PERMISSION_CREATE_POST.Id, 128 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 129 }, 130 "team_post_all_public": { 131 model.PERMISSION_CREATE_POST_PUBLIC.Id, 132 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 133 }, 134 "team_admin": { 135 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 136 model.PERMISSION_MANAGE_TEAM.Id, 137 model.PERMISSION_IMPORT_TEAM.Id, 138 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 139 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 140 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 141 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 142 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 143 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 144 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 145 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 146 model.PERMISSION_DELETE_POST.Id, 147 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 148 }, 149 "system_user": { 150 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 151 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 152 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 153 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 154 model.PERMISSION_VIEW_MEMBERS.Id, 155 model.PERMISSION_CREATE_TEAM.Id, 156 }, 157 "system_post_all": { 158 model.PERMISSION_CREATE_POST.Id, 159 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 160 }, 161 "system_post_all_public": { 162 model.PERMISSION_CREATE_POST_PUBLIC.Id, 163 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 164 }, 165 "system_user_access_token": { 166 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 167 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 168 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 169 }, 170 "system_admin": { 171 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 172 model.PERMISSION_MANAGE_SYSTEM.Id, 173 model.PERMISSION_MANAGE_ROLES.Id, 174 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 175 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 176 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 177 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 178 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 179 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 180 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 181 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 182 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 183 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 184 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 185 model.PERMISSION_EDIT_OTHER_USERS.Id, 186 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 187 model.PERMISSION_MANAGE_OAUTH.Id, 188 model.PERMISSION_INVITE_USER.Id, 189 model.PERMISSION_INVITE_GUEST.Id, 190 model.PERMISSION_PROMOTE_GUEST.Id, 191 model.PERMISSION_DEMOTE_TO_GUEST.Id, 192 model.PERMISSION_DELETE_POST.Id, 193 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 194 model.PERMISSION_CREATE_TEAM.Id, 195 model.PERMISSION_ADD_USER_TO_TEAM.Id, 196 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 197 model.PERMISSION_MANAGE_JOBS.Id, 198 model.PERMISSION_CREATE_POST_PUBLIC.Id, 199 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 200 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 201 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 202 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 203 model.PERMISSION_CREATE_BOT.Id, 204 model.PERMISSION_READ_BOTS.Id, 205 model.PERMISSION_READ_OTHERS_BOTS.Id, 206 model.PERMISSION_MANAGE_BOTS.Id, 207 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 208 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 209 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 210 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 211 model.PERMISSION_VIEW_MEMBERS.Id, 212 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 213 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 214 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 215 model.PERMISSION_VIEW_TEAM.Id, 216 model.PERMISSION_READ_CHANNEL.Id, 217 model.PERMISSION_ADD_REACTION.Id, 218 model.PERMISSION_REMOVE_REACTION.Id, 219 model.PERMISSION_UPLOAD_FILE.Id, 220 model.PERMISSION_GET_PUBLIC_LINK.Id, 221 model.PERMISSION_CREATE_POST.Id, 222 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 223 model.PERMISSION_USE_SLASH_COMMANDS.Id, 224 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 225 model.PERMISSION_MANAGE_TEAM.Id, 226 model.PERMISSION_IMPORT_TEAM.Id, 227 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 228 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 229 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 230 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 231 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 232 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 233 model.PERMISSION_USE_GROUP_MENTIONS.Id, 234 model.PERMISSION_EDIT_POST.Id, 235 }, 236 } 237 238 // Check the migration matches what's expected. 239 for name, permissions := range expected1 { 240 role, err := th.App.GetRoleByName(name) 241 assert.Nil(t, err) 242 assert.Equal(t, role.Permissions, permissions) 243 } 244 // Add a license and change the policy config. 245 restrictPublicChannel := *th.App.Config().TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement 246 restrictPrivateChannel := *th.App.Config().TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement 247 248 defer func() { 249 th.App.UpdateConfig(func(cfg *model.Config) { 250 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement = restrictPublicChannel 251 }) 252 th.App.UpdateConfig(func(cfg *model.Config) { 253 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement = restrictPrivateChannel 254 }) 255 }() 256 257 th.App.UpdateConfig(func(cfg *model.Config) { 258 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN 259 }) 260 th.App.UpdateConfig(func(cfg *model.Config) { 261 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN 262 }) 263 th.App.Srv().SetLicense(model.NewTestLicense()) 264 265 // Check the migration doesn't change anything if run again. 266 th.App.DoAdvancedPermissionsMigration() 267 268 roles2, err2 := th.App.GetRolesByNames(roleNames) 269 assert.Nil(t, err2) 270 assert.Equal(t, len(roles2), len(roleNames)) 271 272 for name, permissions := range expected1 { 273 role, err := th.App.GetRoleByName(name) 274 assert.Nil(t, err) 275 assert.Equal(t, permissions, role.Permissions) 276 } 277 278 // Reset the database 279 th.ResetRoleMigration() 280 281 // Do the migration again with different policy config settings and a license. 282 th.App.DoAdvancedPermissionsMigration() 283 284 // Check the role permissions. 285 expected2 := map[string][]string{ 286 "channel_user": { 287 model.PERMISSION_READ_CHANNEL.Id, 288 model.PERMISSION_ADD_REACTION.Id, 289 model.PERMISSION_REMOVE_REACTION.Id, 290 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 291 model.PERMISSION_UPLOAD_FILE.Id, 292 model.PERMISSION_GET_PUBLIC_LINK.Id, 293 model.PERMISSION_CREATE_POST.Id, 294 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 295 model.PERMISSION_USE_SLASH_COMMANDS.Id, 296 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 297 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 298 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 299 model.PERMISSION_DELETE_POST.Id, 300 model.PERMISSION_EDIT_POST.Id, 301 }, 302 "channel_admin": { 303 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 304 model.PERMISSION_USE_GROUP_MENTIONS.Id, 305 }, 306 "team_user": { 307 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 308 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 309 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 310 model.PERMISSION_VIEW_TEAM.Id, 311 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 312 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 313 model.PERMISSION_INVITE_USER.Id, 314 model.PERMISSION_ADD_USER_TO_TEAM.Id, 315 }, 316 "team_post_all": { 317 model.PERMISSION_CREATE_POST.Id, 318 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 319 }, 320 "team_post_all_public": { 321 model.PERMISSION_CREATE_POST_PUBLIC.Id, 322 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 323 }, 324 "team_admin": { 325 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 326 model.PERMISSION_MANAGE_TEAM.Id, 327 model.PERMISSION_IMPORT_TEAM.Id, 328 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 329 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 330 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 331 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 332 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 333 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 334 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 335 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 336 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 337 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 338 model.PERMISSION_DELETE_POST.Id, 339 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 340 }, 341 "system_user": { 342 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 343 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 344 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 345 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 346 model.PERMISSION_VIEW_MEMBERS.Id, 347 model.PERMISSION_CREATE_TEAM.Id, 348 }, 349 "system_post_all": { 350 model.PERMISSION_CREATE_POST.Id, 351 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 352 }, 353 "system_post_all_public": { 354 model.PERMISSION_CREATE_POST_PUBLIC.Id, 355 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 356 }, 357 "system_user_access_token": { 358 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 359 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 360 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 361 }, 362 "system_admin": { 363 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 364 model.PERMISSION_MANAGE_SYSTEM.Id, 365 model.PERMISSION_MANAGE_ROLES.Id, 366 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 367 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 368 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 369 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 370 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 371 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 372 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 373 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 374 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 375 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 376 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 377 model.PERMISSION_EDIT_OTHER_USERS.Id, 378 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 379 model.PERMISSION_MANAGE_OAUTH.Id, 380 model.PERMISSION_INVITE_USER.Id, 381 model.PERMISSION_INVITE_GUEST.Id, 382 model.PERMISSION_PROMOTE_GUEST.Id, 383 model.PERMISSION_DEMOTE_TO_GUEST.Id, 384 model.PERMISSION_DELETE_POST.Id, 385 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 386 model.PERMISSION_CREATE_TEAM.Id, 387 model.PERMISSION_ADD_USER_TO_TEAM.Id, 388 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 389 model.PERMISSION_MANAGE_JOBS.Id, 390 model.PERMISSION_CREATE_POST_PUBLIC.Id, 391 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 392 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 393 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 394 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 395 model.PERMISSION_CREATE_BOT.Id, 396 model.PERMISSION_READ_BOTS.Id, 397 model.PERMISSION_READ_OTHERS_BOTS.Id, 398 model.PERMISSION_MANAGE_BOTS.Id, 399 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 400 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 401 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 402 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 403 model.PERMISSION_VIEW_MEMBERS.Id, 404 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 405 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 406 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 407 model.PERMISSION_VIEW_TEAM.Id, 408 model.PERMISSION_READ_CHANNEL.Id, 409 model.PERMISSION_ADD_REACTION.Id, 410 model.PERMISSION_REMOVE_REACTION.Id, 411 model.PERMISSION_UPLOAD_FILE.Id, 412 model.PERMISSION_GET_PUBLIC_LINK.Id, 413 model.PERMISSION_CREATE_POST.Id, 414 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 415 model.PERMISSION_USE_SLASH_COMMANDS.Id, 416 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 417 model.PERMISSION_MANAGE_TEAM.Id, 418 model.PERMISSION_IMPORT_TEAM.Id, 419 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 420 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 421 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 422 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 423 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 424 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 425 model.PERMISSION_USE_GROUP_MENTIONS.Id, 426 model.PERMISSION_EDIT_POST.Id, 427 }, 428 } 429 430 roles3, err3 := th.App.GetRolesByNames(roleNames) 431 assert.Nil(t, err3) 432 assert.Equal(t, len(roles3), len(roleNames)) 433 434 for name, permissions := range expected2 { 435 role, err := th.App.GetRoleByName(name) 436 assert.Nil(t, err) 437 assert.Equal(t, permissions, role.Permissions, fmt.Sprintf("'%v' did not have expected permissions", name)) 438 } 439 440 // Remove the license. 441 th.App.Srv().SetLicense(nil) 442 443 // Do the migration again. 444 th.ResetRoleMigration() 445 th.App.DoAdvancedPermissionsMigration() 446 447 // Check the role permissions. 448 roles4, err4 := th.App.GetRolesByNames(roleNames) 449 assert.Nil(t, err4) 450 assert.Equal(t, len(roles4), len(roleNames)) 451 452 for name, permissions := range expected1 { 453 role, err := th.App.GetRoleByName(name) 454 assert.Nil(t, err) 455 assert.Equal(t, permissions, role.Permissions) 456 } 457 458 // Check that the config setting for "always" and "time_limit" edit posts is updated correctly. 459 th.ResetRoleMigration() 460 461 allowEditPost := *th.App.Config().ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost 462 postEditTimeLimit := *th.App.Config().ServiceSettings.PostEditTimeLimit 463 464 defer func() { 465 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = allowEditPost }) 466 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = postEditTimeLimit }) 467 }() 468 469 th.App.UpdateConfig(func(cfg *model.Config) { 470 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = "always" 471 *cfg.ServiceSettings.PostEditTimeLimit = 300 472 }) 473 474 th.App.DoAdvancedPermissionsMigration() 475 476 config := th.App.Config() 477 assert.Equal(t, -1, *config.ServiceSettings.PostEditTimeLimit) 478 479 th.ResetRoleMigration() 480 481 th.App.UpdateConfig(func(cfg *model.Config) { 482 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = "time_limit" 483 *cfg.ServiceSettings.PostEditTimeLimit = 300 484 }) 485 486 th.App.DoAdvancedPermissionsMigration() 487 config = th.App.Config() 488 assert.Equal(t, 300, *config.ServiceSettings.PostEditTimeLimit) 489 } 490 491 func TestDoEmojisPermissionsMigration(t *testing.T) { 492 th := Setup(t) 493 defer th.TearDown() 494 495 // Add a license and change the policy config. 496 restrictCustomEmojiCreation := *th.App.Config().ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation 497 498 defer func() { 499 th.App.UpdateConfig(func(cfg *model.Config) { 500 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = restrictCustomEmojiCreation 501 }) 502 }() 503 504 th.App.UpdateConfig(func(cfg *model.Config) { 505 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_SYSTEM_ADMIN 506 }) 507 508 th.ResetEmojisMigration() 509 th.App.DoEmojisPermissionsMigration() 510 511 expectedSystemAdmin := []string{ 512 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 513 model.PERMISSION_MANAGE_SYSTEM.Id, 514 model.PERMISSION_MANAGE_ROLES.Id, 515 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 516 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 517 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 518 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 519 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 520 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 521 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 522 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 523 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 524 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 525 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 526 model.PERMISSION_EDIT_OTHER_USERS.Id, 527 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 528 model.PERMISSION_MANAGE_OAUTH.Id, 529 model.PERMISSION_INVITE_USER.Id, 530 model.PERMISSION_INVITE_GUEST.Id, 531 model.PERMISSION_PROMOTE_GUEST.Id, 532 model.PERMISSION_DEMOTE_TO_GUEST.Id, 533 model.PERMISSION_DELETE_POST.Id, 534 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 535 model.PERMISSION_CREATE_TEAM.Id, 536 model.PERMISSION_ADD_USER_TO_TEAM.Id, 537 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 538 model.PERMISSION_MANAGE_JOBS.Id, 539 model.PERMISSION_CREATE_POST_PUBLIC.Id, 540 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 541 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 542 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 543 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 544 model.PERMISSION_CREATE_BOT.Id, 545 model.PERMISSION_READ_BOTS.Id, 546 model.PERMISSION_READ_OTHERS_BOTS.Id, 547 model.PERMISSION_MANAGE_BOTS.Id, 548 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 549 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 550 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 551 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 552 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 553 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 554 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 555 model.PERMISSION_VIEW_TEAM.Id, 556 model.PERMISSION_READ_CHANNEL.Id, 557 model.PERMISSION_ADD_REACTION.Id, 558 model.PERMISSION_REMOVE_REACTION.Id, 559 model.PERMISSION_UPLOAD_FILE.Id, 560 model.PERMISSION_GET_PUBLIC_LINK.Id, 561 model.PERMISSION_CREATE_POST.Id, 562 model.PERMISSION_USE_SLASH_COMMANDS.Id, 563 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 564 model.PERMISSION_MANAGE_TEAM.Id, 565 model.PERMISSION_IMPORT_TEAM.Id, 566 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 567 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 568 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 569 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 570 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 571 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 572 model.PERMISSION_EDIT_POST.Id, 573 model.PERMISSION_CREATE_EMOJIS.Id, 574 model.PERMISSION_DELETE_EMOJIS.Id, 575 model.PERMISSION_DELETE_OTHERS_EMOJIS.Id, 576 model.PERMISSION_VIEW_MEMBERS.Id, 577 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 578 model.PERMISSION_USE_GROUP_MENTIONS.Id, 579 } 580 sort.Strings(expectedSystemAdmin) 581 582 role1, err1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 583 assert.Nil(t, err1) 584 sort.Strings(role1.Permissions) 585 assert.Equal(t, expectedSystemAdmin, role1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 586 587 th.App.UpdateConfig(func(cfg *model.Config) { 588 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ADMIN 589 }) 590 591 th.ResetEmojisMigration() 592 th.App.DoEmojisPermissionsMigration() 593 594 role2, err2 := th.App.GetRoleByName(model.TEAM_ADMIN_ROLE_ID) 595 assert.Nil(t, err2) 596 expected2 := []string{ 597 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 598 model.PERMISSION_MANAGE_TEAM.Id, 599 model.PERMISSION_IMPORT_TEAM.Id, 600 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 601 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 602 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 603 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 604 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 605 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 606 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 607 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 608 model.PERMISSION_DELETE_POST.Id, 609 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 610 model.PERMISSION_CREATE_EMOJIS.Id, 611 model.PERMISSION_DELETE_EMOJIS.Id, 612 model.PERMISSION_ADD_REACTION.Id, 613 model.PERMISSION_CREATE_POST.Id, 614 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 615 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 616 model.PERMISSION_REMOVE_REACTION.Id, 617 model.PERMISSION_USE_CHANNEL_MENTIONS.Id, 618 model.PERMISSION_USE_GROUP_MENTIONS.Id, 619 } 620 sort.Strings(expected2) 621 sort.Strings(role2.Permissions) 622 assert.Equal(t, expected2, role2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.TEAM_ADMIN_ROLE_ID)) 623 624 systemAdmin1, systemAdminErr1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 625 assert.Nil(t, systemAdminErr1) 626 sort.Strings(systemAdmin1.Permissions) 627 assert.Equal(t, expectedSystemAdmin, systemAdmin1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 628 629 th.App.UpdateConfig(func(cfg *model.Config) { 630 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ALL 631 }) 632 633 th.ResetEmojisMigration() 634 th.App.DoEmojisPermissionsMigration() 635 636 role3, err3 := th.App.GetRoleByName(model.SYSTEM_USER_ROLE_ID) 637 assert.Nil(t, err3) 638 expected3 := []string{ 639 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 640 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 641 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 642 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 643 model.PERMISSION_CREATE_TEAM.Id, 644 model.PERMISSION_CREATE_EMOJIS.Id, 645 model.PERMISSION_DELETE_EMOJIS.Id, 646 model.PERMISSION_VIEW_MEMBERS.Id, 647 } 648 sort.Strings(expected3) 649 sort.Strings(role3.Permissions) 650 assert.Equal(t, expected3, role3.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_USER_ROLE_ID)) 651 652 systemAdmin2, systemAdminErr2 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 653 assert.Nil(t, systemAdminErr2) 654 sort.Strings(systemAdmin2.Permissions) 655 assert.Equal(t, expectedSystemAdmin, systemAdmin2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 656 }