github.com/vnforks/kid/v5@v5.22.1-0.20200408055009-b89d99c65676/model/permission.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package model 5 6 const ( 7 PERMISSION_SCOPE_SYSTEM = "system_scope" 8 PERMISSION_SCOPE_BRANCH = "branch_scope" 9 PERMISSION_SCOPE_CLASS = "class_scope" 10 ) 11 12 type Permission struct { 13 Id string `json:"id"` 14 Name string `json:"name"` 15 Description string `json:"description"` 16 Scope string `json:"scope"` 17 } 18 19 var PERMISSION_ADD_USER_TO_BRANCH *Permission 20 var PERMISSION_USE_SLASH_COMMANDS *Permission 21 var PERMISSION_MANAGE_SLASH_COMMANDS *Permission 22 var PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS *Permission 23 var PERMISSION_CREATE_CLASS *Permission 24 var PERMISSION_MANAGE_CLASS_MEMBERS *Permission 25 var PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE *Permission 26 var PERMISSION_MANAGE_ROLES *Permission 27 var PERMISSION_MANAGE_BRANCH_ROLES *Permission 28 var PERMISSION_MANAGE_CLASS_ROLES *Permission 29 var PERMISSION_MANAGE_CLASS *Permission 30 var PERMISSION_LIST_BRANCHES *Permission 31 var PERMISSION_LIST_BRANCH_CLASSES *Permission 32 var PERMISSION_DELETE_CLASS *Permission 33 var PERMISSION_EDIT_OTHER_USERS *Permission 34 var PERMISSION_READ_CLASS *Permission 35 var PERMISSION_ADD_REACTION *Permission 36 var PERMISSION_REMOVE_REACTION *Permission 37 var PERMISSION_REMOVE_OTHERS_REACTIONS *Permission 38 var PERMISSION_PERMANENT_DELETE_USER *Permission 39 var PERMISSION_UPLOAD_FILE *Permission 40 var PERMISSION_GET_PUBLIC_LINK *Permission 41 var PERMISSION_MANAGE_WEBHOOKS *Permission 42 var PERMISSION_MANAGE_OTHERS_WEBHOOKS *Permission 43 var PERMISSION_MANAGE_INCOMING_WEBHOOKS *Permission 44 var PERMISSION_MANAGE_OUTGOING_WEBHOOKS *Permission 45 var PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS *Permission 46 var PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS *Permission 47 var PERMISSION_MANAGE_OAUTH *Permission 48 var PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH *Permission 49 var PERMISSION_MANAGE_EMOJIS *Permission 50 var PERMISSION_MANAGE_OTHERS_EMOJIS *Permission 51 var PERMISSION_CREATE_EMOJIS *Permission 52 var PERMISSION_DELETE_EMOJIS *Permission 53 var PERMISSION_DELETE_OTHERS_EMOJIS *Permission 54 var PERMISSION_CREATE_POST *Permission 55 var PERMISSION_CREATE_POST_EPHEMERAL *Permission 56 var PERMISSION_EDIT_POST *Permission 57 var PERMISSION_EDIT_OTHERS_POSTS *Permission 58 var PERMISSION_DELETE_POST *Permission 59 var PERMISSION_DELETE_OTHERS_POSTS *Permission 60 var PERMISSION_REMOVE_USER_FROM_BRANCH *Permission 61 var PERMISSION_CREATE_BRANCH *Permission 62 var PERMISSION_MANAGE_BRANCH *Permission 63 var PERMISSION_VIEW_BRANCH *Permission 64 var PERMISSION_LIST_USERS_WITHOUT_BRANCH *Permission 65 var PERMISSION_MANAGE_JOBS *Permission 66 var PERMISSION_CREATE_USER_ACCESS_TOKEN *Permission 67 var PERMISSION_READ_USER_ACCESS_TOKEN *Permission 68 var PERMISSION_REVOKE_USER_ACCESS_TOKEN *Permission 69 var PERMISSION_VIEW_MEMBERS *Permission 70 var PERMISSION_USE_CLASS_MENTIONS *Permission 71 72 // General permission that encompasses all system admin functions 73 // in the future this could be broken up to allow access to some 74 // admin functions but not others 75 var PERMISSION_MANAGE_SYSTEM *Permission 76 77 var ALL_PERMISSIONS []*Permission 78 79 var CLASS_MODERATED_PERMISSIONS []string 80 var CLASS_MODERATED_PERMISSIONS_MAP map[string]string 81 82 func initializePermissions() { 83 PERMISSION_ADD_USER_TO_BRANCH = &Permission{ 84 "add_user_to_branch", 85 "authentication.permissions.add_user_to_branch.name", 86 "authentication.permissions.add_user_to_branch.description", 87 PERMISSION_SCOPE_BRANCH, 88 } 89 PERMISSION_USE_SLASH_COMMANDS = &Permission{ 90 "use_slash_commands", 91 "authentication.permissions.branch_use_slash_commands.name", 92 "authentication.permissions.branch_use_slash_commands.description", 93 PERMISSION_SCOPE_CLASS, 94 } 95 PERMISSION_MANAGE_SLASH_COMMANDS = &Permission{ 96 "manage_slash_commands", 97 "authentication.permissions.manage_slash_commands.name", 98 "authentication.permissions.manage_slash_commands.description", 99 PERMISSION_SCOPE_BRANCH, 100 } 101 PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS = &Permission{ 102 "manage_others_slash_commands", 103 "authentication.permissions.manage_others_slash_commands.name", 104 "authentication.permissions.manage_others_slash_commands.description", 105 PERMISSION_SCOPE_BRANCH, 106 } 107 PERMISSION_CREATE_CLASS = &Permission{ 108 "create_class", 109 "authentication.permissions.create_class.name", 110 "authentication.permissions.create_class.description", 111 PERMISSION_SCOPE_BRANCH, 112 } 113 PERMISSION_MANAGE_CLASS_MEMBERS = &Permission{ 114 "manage_class_members", 115 "authentication.permissions.manage_class_members.name", 116 "authentication.permissions.manage_class_members.description", 117 PERMISSION_SCOPE_CLASS, 118 } 119 PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE = &Permission{ 120 "assign_system_admin_role", 121 "authentication.permissions.assign_system_admin_role.name", 122 "authentication.permissions.assign_system_admin_role.description", 123 PERMISSION_SCOPE_SYSTEM, 124 } 125 PERMISSION_MANAGE_ROLES = &Permission{ 126 "manage_roles", 127 "authentication.permissions.manage_roles.name", 128 "authentication.permissions.manage_roles.description", 129 PERMISSION_SCOPE_SYSTEM, 130 } 131 PERMISSION_MANAGE_BRANCH_ROLES = &Permission{ 132 "manage_branch_roles", 133 "authentication.permissions.manage_branch_roles.name", 134 "authentication.permissions.manage_branch_roles.description", 135 PERMISSION_SCOPE_BRANCH, 136 } 137 PERMISSION_MANAGE_CLASS_ROLES = &Permission{ 138 "manage_class_roles", 139 "authentication.permissions.manage_class_roles.name", 140 "authentication.permissions.manage_class_roles.description", 141 PERMISSION_SCOPE_CLASS, 142 } 143 PERMISSION_MANAGE_SYSTEM = &Permission{ 144 "manage_system", 145 "authentication.permissions.manage_system.name", 146 "authentication.permissions.manage_system.description", 147 PERMISSION_SCOPE_SYSTEM, 148 } 149 PERMISSION_MANAGE_CLASS = &Permission{ 150 "manage_class_properties", 151 "authentication.permissions.manage_class_properties.name", 152 "authentication.permissions.manage_class_properties.description", 153 PERMISSION_SCOPE_CLASS, 154 } 155 PERMISSION_LIST_BRANCHES = &Permission{ 156 "list_branches", 157 "authentication.permissions.list_branches.name", 158 "authentication.permissions.list_branches.description", 159 PERMISSION_SCOPE_SYSTEM, 160 } 161 PERMISSION_LIST_BRANCH_CLASSES = &Permission{ 162 "list_branch_classes", 163 "authentication.permissions.list_branch_classes.name", 164 "authentication.permissions.list_branch_classes.description", 165 PERMISSION_SCOPE_BRANCH, 166 } 167 PERMISSION_DELETE_CLASS = &Permission{ 168 "delete_class", 169 "authentication.permissions.delete_class.name", 170 "authentication.permissions.delete_class.description", 171 PERMISSION_SCOPE_CLASS, 172 } 173 PERMISSION_EDIT_OTHER_USERS = &Permission{ 174 "edit_other_users", 175 "authentication.permissions.edit_other_users.name", 176 "authentication.permissions.edit_other_users.description", 177 PERMISSION_SCOPE_SYSTEM, 178 } 179 PERMISSION_READ_CLASS = &Permission{ 180 "read_class", 181 "authentication.permissions.read_class.name", 182 "authentication.permissions.read_class.description", 183 PERMISSION_SCOPE_CLASS, 184 } 185 PERMISSION_ADD_REACTION = &Permission{ 186 "add_reaction", 187 "authentication.permissions.add_reaction.name", 188 "authentication.permissions.add_reaction.description", 189 PERMISSION_SCOPE_CLASS, 190 } 191 PERMISSION_REMOVE_REACTION = &Permission{ 192 "remove_reaction", 193 "authentication.permissions.remove_reaction.name", 194 "authentication.permissions.remove_reaction.description", 195 PERMISSION_SCOPE_CLASS, 196 } 197 PERMISSION_REMOVE_OTHERS_REACTIONS = &Permission{ 198 "remove_others_reactions", 199 "authentication.permissions.remove_others_reactions.name", 200 "authentication.permissions.remove_others_reactions.description", 201 PERMISSION_SCOPE_CLASS, 202 } 203 // DEPRECATED 204 PERMISSION_PERMANENT_DELETE_USER = &Permission{ 205 "permanent_delete_user", 206 "authentication.permissions.permanent_delete_user.name", 207 "authentication.permissions.permanent_delete_user.description", 208 PERMISSION_SCOPE_SYSTEM, 209 } 210 PERMISSION_UPLOAD_FILE = &Permission{ 211 "upload_file", 212 "authentication.permissions.upload_file.name", 213 "authentication.permissions.upload_file.description", 214 PERMISSION_SCOPE_CLASS, 215 } 216 PERMISSION_GET_PUBLIC_LINK = &Permission{ 217 "get_public_link", 218 "authentication.permissions.get_public_link.name", 219 "authentication.permissions.get_public_link.description", 220 PERMISSION_SCOPE_SYSTEM, 221 } 222 // DEPRECATED 223 PERMISSION_MANAGE_WEBHOOKS = &Permission{ 224 "manage_webhooks", 225 "authentication.permissions.manage_webhooks.name", 226 "authentication.permissions.manage_webhooks.description", 227 PERMISSION_SCOPE_BRANCH, 228 } 229 // DEPRECATED 230 PERMISSION_MANAGE_OTHERS_WEBHOOKS = &Permission{ 231 "manage_others_webhooks", 232 "authentication.permissions.manage_others_webhooks.name", 233 "authentication.permissions.manage_others_webhooks.description", 234 PERMISSION_SCOPE_BRANCH, 235 } 236 PERMISSION_MANAGE_INCOMING_WEBHOOKS = &Permission{ 237 "manage_incoming_webhooks", 238 "authentication.permissions.manage_incoming_webhooks.name", 239 "authentication.permissions.manage_incoming_webhooks.description", 240 PERMISSION_SCOPE_BRANCH, 241 } 242 PERMISSION_MANAGE_OUTGOING_WEBHOOKS = &Permission{ 243 "manage_outgoing_webhooks", 244 "authentication.permissions.manage_outgoing_webhooks.name", 245 "authentication.permissions.manage_outgoing_webhooks.description", 246 PERMISSION_SCOPE_BRANCH, 247 } 248 PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS = &Permission{ 249 "manage_others_incoming_webhooks", 250 "authentication.permissions.manage_others_incoming_webhooks.name", 251 "authentication.permissions.manage_others_incoming_webhooks.description", 252 PERMISSION_SCOPE_BRANCH, 253 } 254 PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS = &Permission{ 255 "manage_others_outgoing_webhooks", 256 "authentication.permissions.manage_others_outgoing_webhooks.name", 257 "authentication.permissions.manage_others_outgoing_webhooks.description", 258 PERMISSION_SCOPE_BRANCH, 259 } 260 PERMISSION_MANAGE_OAUTH = &Permission{ 261 "manage_oauth", 262 "authentication.permissions.manage_oauth.name", 263 "authentication.permissions.manage_oauth.description", 264 PERMISSION_SCOPE_SYSTEM, 265 } 266 PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH = &Permission{ 267 "manage_system_wide_oauth", 268 "authentication.permissions.manage_system_wide_oauth.name", 269 "authentication.permissions.manage_system_wide_oauth.description", 270 PERMISSION_SCOPE_SYSTEM, 271 } 272 // DEPRECATED 273 PERMISSION_MANAGE_EMOJIS = &Permission{ 274 "manage_emojis", 275 "authentication.permissions.manage_emojis.name", 276 "authentication.permissions.manage_emojis.description", 277 PERMISSION_SCOPE_BRANCH, 278 } 279 // DEPRECATED 280 PERMISSION_MANAGE_OTHERS_EMOJIS = &Permission{ 281 "manage_others_emojis", 282 "authentication.permissions.manage_others_emojis.name", 283 "authentication.permissions.manage_others_emojis.description", 284 PERMISSION_SCOPE_BRANCH, 285 } 286 PERMISSION_CREATE_EMOJIS = &Permission{ 287 "create_emojis", 288 "authentication.permissions.create_emojis.name", 289 "authentication.permissions.create_emojis.description", 290 PERMISSION_SCOPE_BRANCH, 291 } 292 PERMISSION_DELETE_EMOJIS = &Permission{ 293 "delete_emojis", 294 "authentication.permissions.delete_emojis.name", 295 "authentication.permissions.delete_emojis.description", 296 PERMISSION_SCOPE_BRANCH, 297 } 298 PERMISSION_DELETE_OTHERS_EMOJIS = &Permission{ 299 "delete_others_emojis", 300 "authentication.permissions.delete_others_emojis.name", 301 "authentication.permissions.delete_others_emojis.description", 302 PERMISSION_SCOPE_BRANCH, 303 } 304 PERMISSION_CREATE_POST = &Permission{ 305 "create_post", 306 "authentication.permissions.create_post.name", 307 "authentication.permissions.create_post.description", 308 PERMISSION_SCOPE_CLASS, 309 } 310 PERMISSION_CREATE_POST_EPHEMERAL = &Permission{ 311 "create_post_ephemeral", 312 "authentication.permissions.create_post_ephemeral.name", 313 "authentication.permissions.create_post_ephemeral.description", 314 PERMISSION_SCOPE_CLASS, 315 } 316 PERMISSION_EDIT_POST = &Permission{ 317 "edit_post", 318 "authentication.permissions.edit_post.name", 319 "authentication.permissions.edit_post.description", 320 PERMISSION_SCOPE_CLASS, 321 } 322 PERMISSION_EDIT_OTHERS_POSTS = &Permission{ 323 "edit_others_posts", 324 "authentication.permissions.edit_others_posts.name", 325 "authentication.permissions.edit_others_posts.description", 326 PERMISSION_SCOPE_CLASS, 327 } 328 PERMISSION_DELETE_POST = &Permission{ 329 "delete_post", 330 "authentication.permissions.delete_post.name", 331 "authentication.permissions.delete_post.description", 332 PERMISSION_SCOPE_CLASS, 333 } 334 PERMISSION_DELETE_OTHERS_POSTS = &Permission{ 335 "delete_others_posts", 336 "authentication.permissions.delete_others_posts.name", 337 "authentication.permissions.delete_others_posts.description", 338 PERMISSION_SCOPE_CLASS, 339 } 340 PERMISSION_REMOVE_USER_FROM_BRANCH = &Permission{ 341 "remove_user_from_branch", 342 "authentication.permissions.remove_user_from_branch.name", 343 "authentication.permissions.remove_user_from_branch.description", 344 PERMISSION_SCOPE_BRANCH, 345 } 346 PERMISSION_CREATE_BRANCH = &Permission{ 347 "create_branch", 348 "authentication.permissions.create_branch.name", 349 "authentication.permissions.create_branch.description", 350 PERMISSION_SCOPE_SYSTEM, 351 } 352 PERMISSION_MANAGE_BRANCH = &Permission{ 353 "manage_branch", 354 "authentication.permissions.manage_branch.name", 355 "authentication.permissions.manage_branch.description", 356 PERMISSION_SCOPE_BRANCH, 357 } 358 PERMISSION_VIEW_BRANCH = &Permission{ 359 "view_branch", 360 "authentication.permissions.view_branch.name", 361 "authentication.permissions.view_branch.description", 362 PERMISSION_SCOPE_BRANCH, 363 } 364 PERMISSION_LIST_USERS_WITHOUT_BRANCH = &Permission{ 365 "list_users_without_branch", 366 "authentication.permissions.list_users_without_branch.name", 367 "authentication.permissions.list_users_without_branch.description", 368 PERMISSION_SCOPE_SYSTEM, 369 } 370 PERMISSION_CREATE_USER_ACCESS_TOKEN = &Permission{ 371 "create_user_access_token", 372 "authentication.permissions.create_user_access_token.name", 373 "authentication.permissions.create_user_access_token.description", 374 PERMISSION_SCOPE_SYSTEM, 375 } 376 PERMISSION_READ_USER_ACCESS_TOKEN = &Permission{ 377 "read_user_access_token", 378 "authentication.permissions.read_user_access_token.name", 379 "authentication.permissions.read_user_access_token.description", 380 PERMISSION_SCOPE_SYSTEM, 381 } 382 PERMISSION_REVOKE_USER_ACCESS_TOKEN = &Permission{ 383 "revoke_user_access_token", 384 "authentication.permissions.revoke_user_access_token.name", 385 "authentication.permissions.revoke_user_access_token.description", 386 PERMISSION_SCOPE_SYSTEM, 387 } 388 PERMISSION_MANAGE_JOBS = &Permission{ 389 "manage_jobs", 390 "authentication.permisssions.manage_jobs.name", 391 "authentication.permisssions.manage_jobs.description", 392 PERMISSION_SCOPE_SYSTEM, 393 } 394 PERMISSION_VIEW_MEMBERS = &Permission{ 395 "view_members", 396 "authentication.permisssions.view_members.name", 397 "authentication.permisssions.view_members.description", 398 PERMISSION_SCOPE_BRANCH, 399 } 400 PERMISSION_USE_CLASS_MENTIONS = &Permission{ 401 "use_class_mentions", 402 "authentication.permissions.use_class_mentions.name", 403 "authentication.permissions.use_class_mentions.description", 404 PERMISSION_SCOPE_CLASS, 405 } 406 407 ALL_PERMISSIONS = []*Permission{ 408 PERMISSION_ADD_USER_TO_BRANCH, 409 PERMISSION_USE_SLASH_COMMANDS, 410 PERMISSION_MANAGE_SLASH_COMMANDS, 411 PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS, 412 PERMISSION_CREATE_CLASS, 413 PERMISSION_MANAGE_CLASS_MEMBERS, 414 PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE, 415 PERMISSION_MANAGE_ROLES, 416 PERMISSION_MANAGE_BRANCH_ROLES, 417 PERMISSION_MANAGE_CLASS_ROLES, 418 PERMISSION_MANAGE_CLASS, 419 PERMISSION_LIST_BRANCHES, 420 PERMISSION_LIST_BRANCH_CLASSES, 421 PERMISSION_DELETE_CLASS, 422 PERMISSION_EDIT_OTHER_USERS, 423 PERMISSION_READ_CLASS, 424 PERMISSION_ADD_REACTION, 425 PERMISSION_REMOVE_REACTION, 426 PERMISSION_REMOVE_OTHERS_REACTIONS, 427 PERMISSION_PERMANENT_DELETE_USER, 428 PERMISSION_UPLOAD_FILE, 429 PERMISSION_GET_PUBLIC_LINK, 430 PERMISSION_MANAGE_WEBHOOKS, 431 PERMISSION_MANAGE_OTHERS_WEBHOOKS, 432 PERMISSION_MANAGE_INCOMING_WEBHOOKS, 433 PERMISSION_MANAGE_OUTGOING_WEBHOOKS, 434 PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS, 435 PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS, 436 PERMISSION_MANAGE_OAUTH, 437 PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH, 438 PERMISSION_MANAGE_EMOJIS, 439 PERMISSION_MANAGE_OTHERS_EMOJIS, 440 PERMISSION_CREATE_EMOJIS, 441 PERMISSION_DELETE_EMOJIS, 442 PERMISSION_DELETE_OTHERS_EMOJIS, 443 PERMISSION_CREATE_POST, 444 PERMISSION_CREATE_POST_EPHEMERAL, 445 PERMISSION_EDIT_POST, 446 PERMISSION_EDIT_OTHERS_POSTS, 447 PERMISSION_DELETE_POST, 448 PERMISSION_DELETE_OTHERS_POSTS, 449 PERMISSION_REMOVE_USER_FROM_BRANCH, 450 PERMISSION_CREATE_BRANCH, 451 PERMISSION_MANAGE_BRANCH, 452 PERMISSION_VIEW_BRANCH, 453 PERMISSION_LIST_USERS_WITHOUT_BRANCH, 454 PERMISSION_MANAGE_JOBS, 455 PERMISSION_CREATE_USER_ACCESS_TOKEN, 456 PERMISSION_READ_USER_ACCESS_TOKEN, 457 PERMISSION_REVOKE_USER_ACCESS_TOKEN, 458 PERMISSION_MANAGE_SYSTEM, 459 PERMISSION_VIEW_MEMBERS, 460 PERMISSION_USE_CLASS_MENTIONS, 461 } 462 463 CLASS_MODERATED_PERMISSIONS = []string{ 464 PERMISSION_CREATE_POST.Id, 465 "create_reactions", 466 "manage_members", 467 PERMISSION_USE_CLASS_MENTIONS.Id, 468 } 469 470 CLASS_MODERATED_PERMISSIONS_MAP = map[string]string{ 471 PERMISSION_CREATE_POST.Id: CLASS_MODERATED_PERMISSIONS[0], 472 PERMISSION_ADD_REACTION.Id: CLASS_MODERATED_PERMISSIONS[1], 473 PERMISSION_REMOVE_REACTION.Id: CLASS_MODERATED_PERMISSIONS[1], 474 PERMISSION_MANAGE_CLASS_MEMBERS.Id: CLASS_MODERATED_PERMISSIONS[2], 475 PERMISSION_USE_CLASS_MENTIONS.Id: CLASS_MODERATED_PERMISSIONS[3], 476 } 477 } 478 479 func init() { 480 initializePermissions() 481 }