github.com/vnforks/kid@v5.11.1+incompatible/app/app_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "fmt" 8 "sort" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 13 "github.com/mattermost/mattermost-server/model" 14 ) 15 16 /* Temporarily comment out until MM-11108 17 func TestAppRace(t *testing.T) { 18 for i := 0; i < 10; i++ { 19 a, err := New() 20 require.NoError(t, err) 21 a.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ListenAddress = ":0" }) 22 serverErr := a.StartServer() 23 require.NoError(t, serverErr) 24 a.Shutdown() 25 } 26 } 27 */ 28 29 func TestUpdateConfig(t *testing.T) { 30 th := Setup(t) 31 defer th.TearDown() 32 33 prev := *th.App.Config().ServiceSettings.SiteURL 34 35 th.App.AddConfigListener(func(old, current *model.Config) { 36 assert.Equal(t, prev, *old.ServiceSettings.SiteURL) 37 assert.Equal(t, "foo", *current.ServiceSettings.SiteURL) 38 }) 39 40 th.App.UpdateConfig(func(cfg *model.Config) { 41 *cfg.ServiceSettings.SiteURL = "foo" 42 }) 43 } 44 45 func TestDoAdvancedPermissionsMigration(t *testing.T) { 46 th := Setup(t) 47 defer th.TearDown() 48 49 th.ResetRoleMigration() 50 51 th.App.DoAdvancedPermissionsMigration() 52 53 roleNames := []string{ 54 "system_user", 55 "system_admin", 56 "team_user", 57 "team_admin", 58 "channel_user", 59 "channel_admin", 60 "system_post_all", 61 "system_post_all_public", 62 "system_user_access_token", 63 "team_post_all", 64 "team_post_all_public", 65 } 66 67 roles1, err1 := th.App.GetRolesByNames(roleNames) 68 assert.Nil(t, err1) 69 assert.Equal(t, len(roles1), len(roleNames)) 70 71 expected1 := map[string][]string{ 72 "channel_user": []string{ 73 model.PERMISSION_READ_CHANNEL.Id, 74 model.PERMISSION_ADD_REACTION.Id, 75 model.PERMISSION_REMOVE_REACTION.Id, 76 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 77 model.PERMISSION_UPLOAD_FILE.Id, 78 model.PERMISSION_GET_PUBLIC_LINK.Id, 79 model.PERMISSION_CREATE_POST.Id, 80 model.PERMISSION_USE_SLASH_COMMANDS.Id, 81 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 82 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 83 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 84 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 85 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 86 model.PERMISSION_DELETE_POST.Id, 87 model.PERMISSION_EDIT_POST.Id, 88 }, 89 "channel_admin": []string{ 90 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 91 }, 92 "team_user": []string{ 93 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 94 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 95 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 96 model.PERMISSION_VIEW_TEAM.Id, 97 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 98 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 99 model.PERMISSION_INVITE_USER.Id, 100 model.PERMISSION_ADD_USER_TO_TEAM.Id, 101 }, 102 "team_post_all": []string{ 103 model.PERMISSION_CREATE_POST.Id, 104 }, 105 "team_post_all_public": []string{ 106 model.PERMISSION_CREATE_POST_PUBLIC.Id, 107 }, 108 "team_admin": []string{ 109 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 110 model.PERMISSION_MANAGE_TEAM.Id, 111 model.PERMISSION_IMPORT_TEAM.Id, 112 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 113 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 114 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 115 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 116 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 117 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 118 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 119 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 120 model.PERMISSION_DELETE_POST.Id, 121 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 122 }, 123 "system_user": []string{ 124 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 125 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 126 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 127 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 128 model.PERMISSION_CREATE_TEAM.Id, 129 }, 130 "system_post_all": []string{ 131 model.PERMISSION_CREATE_POST.Id, 132 }, 133 "system_post_all_public": []string{ 134 model.PERMISSION_CREATE_POST_PUBLIC.Id, 135 }, 136 "system_user_access_token": []string{ 137 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 138 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 139 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 140 }, 141 "system_admin": []string{ 142 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 143 model.PERMISSION_MANAGE_SYSTEM.Id, 144 model.PERMISSION_MANAGE_ROLES.Id, 145 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 146 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 147 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 148 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 149 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 150 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 151 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 152 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 153 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 154 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 155 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 156 model.PERMISSION_EDIT_OTHER_USERS.Id, 157 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 158 model.PERMISSION_MANAGE_OAUTH.Id, 159 model.PERMISSION_INVITE_USER.Id, 160 model.PERMISSION_DELETE_POST.Id, 161 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 162 model.PERMISSION_CREATE_TEAM.Id, 163 model.PERMISSION_ADD_USER_TO_TEAM.Id, 164 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 165 model.PERMISSION_MANAGE_JOBS.Id, 166 model.PERMISSION_CREATE_POST_PUBLIC.Id, 167 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 168 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 169 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 170 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 171 model.PERMISSION_CREATE_BOT.Id, 172 model.PERMISSION_READ_BOTS.Id, 173 model.PERMISSION_READ_OTHERS_BOTS.Id, 174 model.PERMISSION_MANAGE_BOTS.Id, 175 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 176 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 177 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 178 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 179 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 180 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 181 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 182 model.PERMISSION_VIEW_TEAM.Id, 183 model.PERMISSION_READ_CHANNEL.Id, 184 model.PERMISSION_ADD_REACTION.Id, 185 model.PERMISSION_REMOVE_REACTION.Id, 186 model.PERMISSION_UPLOAD_FILE.Id, 187 model.PERMISSION_GET_PUBLIC_LINK.Id, 188 model.PERMISSION_CREATE_POST.Id, 189 model.PERMISSION_USE_SLASH_COMMANDS.Id, 190 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 191 model.PERMISSION_MANAGE_TEAM.Id, 192 model.PERMISSION_IMPORT_TEAM.Id, 193 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 194 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 195 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 196 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 197 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 198 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 199 model.PERMISSION_EDIT_POST.Id, 200 }, 201 } 202 203 // Check the migration matches what's expected. 204 for name, permissions := range expected1 { 205 role, err := th.App.GetRoleByName(name) 206 assert.Nil(t, err) 207 assert.Equal(t, role.Permissions, permissions) 208 } 209 210 // Add a license and change the policy config. 211 restrictPublicChannel := *th.App.Config().TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement 212 restrictPrivateChannel := *th.App.Config().TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement 213 214 defer func() { 215 th.App.UpdateConfig(func(cfg *model.Config) { 216 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement = restrictPublicChannel 217 }) 218 th.App.UpdateConfig(func(cfg *model.Config) { 219 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement = restrictPrivateChannel 220 }) 221 }() 222 223 th.App.UpdateConfig(func(cfg *model.Config) { 224 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPublicChannelManagement = model.PERMISSIONS_TEAM_ADMIN 225 }) 226 th.App.UpdateConfig(func(cfg *model.Config) { 227 *cfg.TeamSettings.DEPRECATED_DO_NOT_USE_RestrictPrivateChannelManagement = model.PERMISSIONS_TEAM_ADMIN 228 }) 229 th.App.SetLicense(model.NewTestLicense()) 230 231 // Check the migration doesn't change anything if run again. 232 th.App.DoAdvancedPermissionsMigration() 233 234 roles2, err2 := th.App.GetRolesByNames(roleNames) 235 assert.Nil(t, err2) 236 assert.Equal(t, len(roles2), len(roleNames)) 237 238 for name, permissions := range expected1 { 239 role, err := th.App.GetRoleByName(name) 240 assert.Nil(t, err) 241 assert.Equal(t, permissions, role.Permissions) 242 } 243 244 // Reset the database 245 th.ResetRoleMigration() 246 247 // Do the migration again with different policy config settings and a license. 248 th.App.DoAdvancedPermissionsMigration() 249 250 // Check the role permissions. 251 expected2 := map[string][]string{ 252 "channel_user": []string{ 253 model.PERMISSION_READ_CHANNEL.Id, 254 model.PERMISSION_ADD_REACTION.Id, 255 model.PERMISSION_REMOVE_REACTION.Id, 256 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 257 model.PERMISSION_UPLOAD_FILE.Id, 258 model.PERMISSION_GET_PUBLIC_LINK.Id, 259 model.PERMISSION_CREATE_POST.Id, 260 model.PERMISSION_USE_SLASH_COMMANDS.Id, 261 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 262 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 263 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 264 model.PERMISSION_DELETE_POST.Id, 265 model.PERMISSION_EDIT_POST.Id, 266 }, 267 "channel_admin": []string{ 268 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 269 }, 270 "team_user": []string{ 271 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 272 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 273 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 274 model.PERMISSION_VIEW_TEAM.Id, 275 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 276 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 277 model.PERMISSION_INVITE_USER.Id, 278 model.PERMISSION_ADD_USER_TO_TEAM.Id, 279 }, 280 "team_post_all": []string{ 281 model.PERMISSION_CREATE_POST.Id, 282 }, 283 "team_post_all_public": []string{ 284 model.PERMISSION_CREATE_POST_PUBLIC.Id, 285 }, 286 "team_admin": []string{ 287 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 288 model.PERMISSION_MANAGE_TEAM.Id, 289 model.PERMISSION_IMPORT_TEAM.Id, 290 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 291 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 292 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 293 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 294 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 295 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 296 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 297 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 298 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 299 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 300 model.PERMISSION_DELETE_POST.Id, 301 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 302 }, 303 "system_user": []string{ 304 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 305 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 306 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 307 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 308 model.PERMISSION_CREATE_TEAM.Id, 309 }, 310 "system_post_all": []string{ 311 model.PERMISSION_CREATE_POST.Id, 312 }, 313 "system_post_all_public": []string{ 314 model.PERMISSION_CREATE_POST_PUBLIC.Id, 315 }, 316 "system_user_access_token": []string{ 317 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 318 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 319 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 320 }, 321 "system_admin": []string{ 322 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 323 model.PERMISSION_MANAGE_SYSTEM.Id, 324 model.PERMISSION_MANAGE_ROLES.Id, 325 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 326 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 327 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 328 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 329 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 330 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 331 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 332 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 333 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 334 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 335 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 336 model.PERMISSION_EDIT_OTHER_USERS.Id, 337 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 338 model.PERMISSION_MANAGE_OAUTH.Id, 339 model.PERMISSION_INVITE_USER.Id, 340 model.PERMISSION_DELETE_POST.Id, 341 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 342 model.PERMISSION_CREATE_TEAM.Id, 343 model.PERMISSION_ADD_USER_TO_TEAM.Id, 344 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 345 model.PERMISSION_MANAGE_JOBS.Id, 346 model.PERMISSION_CREATE_POST_PUBLIC.Id, 347 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 348 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 349 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 350 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 351 model.PERMISSION_CREATE_BOT.Id, 352 model.PERMISSION_READ_BOTS.Id, 353 model.PERMISSION_READ_OTHERS_BOTS.Id, 354 model.PERMISSION_MANAGE_BOTS.Id, 355 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 356 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 357 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 358 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 359 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 360 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 361 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 362 model.PERMISSION_VIEW_TEAM.Id, 363 model.PERMISSION_READ_CHANNEL.Id, 364 model.PERMISSION_ADD_REACTION.Id, 365 model.PERMISSION_REMOVE_REACTION.Id, 366 model.PERMISSION_UPLOAD_FILE.Id, 367 model.PERMISSION_GET_PUBLIC_LINK.Id, 368 model.PERMISSION_CREATE_POST.Id, 369 model.PERMISSION_USE_SLASH_COMMANDS.Id, 370 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 371 model.PERMISSION_MANAGE_TEAM.Id, 372 model.PERMISSION_IMPORT_TEAM.Id, 373 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 374 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 375 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 376 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 377 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 378 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 379 model.PERMISSION_EDIT_POST.Id, 380 }, 381 } 382 383 roles3, err3 := th.App.GetRolesByNames(roleNames) 384 assert.Nil(t, err3) 385 assert.Equal(t, len(roles3), len(roleNames)) 386 387 for name, permissions := range expected2 { 388 role, err := th.App.GetRoleByName(name) 389 assert.Nil(t, err) 390 assert.Equal(t, permissions, role.Permissions, fmt.Sprintf("'%v' did not have expected permissions", name)) 391 } 392 393 // Remove the license. 394 th.App.SetLicense(nil) 395 396 // Do the migration again. 397 th.ResetRoleMigration() 398 th.App.DoAdvancedPermissionsMigration() 399 400 // Check the role permissions. 401 roles4, err4 := th.App.GetRolesByNames(roleNames) 402 assert.Nil(t, err4) 403 assert.Equal(t, len(roles4), len(roleNames)) 404 405 for name, permissions := range expected1 { 406 role, err := th.App.GetRoleByName(name) 407 assert.Nil(t, err) 408 assert.Equal(t, permissions, role.Permissions) 409 } 410 411 // Check that the config setting for "always" and "time_limit" edit posts is updated correctly. 412 th.ResetRoleMigration() 413 414 allowEditPost := *th.App.Config().ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost 415 postEditTimeLimit := *th.App.Config().ServiceSettings.PostEditTimeLimit 416 417 defer func() { 418 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = allowEditPost }) 419 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = postEditTimeLimit }) 420 }() 421 422 th.App.UpdateConfig(func(cfg *model.Config) { 423 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = "always" 424 *cfg.ServiceSettings.PostEditTimeLimit = 300 425 }) 426 427 th.App.DoAdvancedPermissionsMigration() 428 429 config := th.App.Config() 430 assert.Equal(t, -1, *config.ServiceSettings.PostEditTimeLimit) 431 432 th.ResetRoleMigration() 433 434 th.App.UpdateConfig(func(cfg *model.Config) { 435 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_AllowEditPost = "time_limit" 436 *cfg.ServiceSettings.PostEditTimeLimit = 300 437 }) 438 439 th.App.DoAdvancedPermissionsMigration() 440 config = th.App.Config() 441 assert.Equal(t, 300, *config.ServiceSettings.PostEditTimeLimit) 442 } 443 444 func TestDoEmojisPermissionsMigration(t *testing.T) { 445 th := Setup(t) 446 defer th.TearDown() 447 448 // Add a license and change the policy config. 449 restrictCustomEmojiCreation := *th.App.Config().ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation 450 451 defer func() { 452 th.App.UpdateConfig(func(cfg *model.Config) { 453 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = restrictCustomEmojiCreation 454 }) 455 }() 456 457 th.App.UpdateConfig(func(cfg *model.Config) { 458 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_SYSTEM_ADMIN 459 }) 460 461 th.ResetEmojisMigration() 462 th.App.DoEmojisPermissionsMigration() 463 464 expectedSystemAdmin := []string{ 465 model.PERMISSION_ASSIGN_SYSTEM_ADMIN_ROLE.Id, 466 model.PERMISSION_MANAGE_SYSTEM.Id, 467 model.PERMISSION_MANAGE_ROLES.Id, 468 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id, 469 model.PERMISSION_MANAGE_PUBLIC_CHANNEL_MEMBERS.Id, 470 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, 471 model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id, 472 model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id, 473 model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id, 474 model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, 475 model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id, 476 model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH.Id, 477 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 478 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 479 model.PERMISSION_EDIT_OTHER_USERS.Id, 480 model.PERMISSION_EDIT_OTHERS_POSTS.Id, 481 model.PERMISSION_MANAGE_OAUTH.Id, 482 model.PERMISSION_INVITE_USER.Id, 483 model.PERMISSION_DELETE_POST.Id, 484 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 485 model.PERMISSION_CREATE_TEAM.Id, 486 model.PERMISSION_ADD_USER_TO_TEAM.Id, 487 model.PERMISSION_LIST_USERS_WITHOUT_TEAM.Id, 488 model.PERMISSION_MANAGE_JOBS.Id, 489 model.PERMISSION_CREATE_POST_PUBLIC.Id, 490 model.PERMISSION_CREATE_POST_EPHEMERAL.Id, 491 model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, 492 model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, 493 model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, 494 model.PERMISSION_CREATE_BOT.Id, 495 model.PERMISSION_READ_BOTS.Id, 496 model.PERMISSION_READ_OTHERS_BOTS.Id, 497 model.PERMISSION_MANAGE_BOTS.Id, 498 model.PERMISSION_MANAGE_OTHERS_BOTS.Id, 499 model.PERMISSION_REMOVE_OTHERS_REACTIONS.Id, 500 model.PERMISSION_LIST_PRIVATE_TEAMS.Id, 501 model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, 502 model.PERMISSION_LIST_TEAM_CHANNELS.Id, 503 model.PERMISSION_JOIN_PUBLIC_CHANNELS.Id, 504 model.PERMISSION_READ_PUBLIC_CHANNEL.Id, 505 model.PERMISSION_VIEW_TEAM.Id, 506 model.PERMISSION_READ_CHANNEL.Id, 507 model.PERMISSION_ADD_REACTION.Id, 508 model.PERMISSION_REMOVE_REACTION.Id, 509 model.PERMISSION_UPLOAD_FILE.Id, 510 model.PERMISSION_GET_PUBLIC_LINK.Id, 511 model.PERMISSION_CREATE_POST.Id, 512 model.PERMISSION_USE_SLASH_COMMANDS.Id, 513 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 514 model.PERMISSION_MANAGE_TEAM.Id, 515 model.PERMISSION_IMPORT_TEAM.Id, 516 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 517 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 518 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 519 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 520 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 521 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 522 model.PERMISSION_EDIT_POST.Id, 523 model.PERMISSION_CREATE_EMOJIS.Id, 524 model.PERMISSION_DELETE_EMOJIS.Id, 525 model.PERMISSION_DELETE_OTHERS_EMOJIS.Id, 526 } 527 sort.Strings(expectedSystemAdmin) 528 529 role1, err1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 530 assert.Nil(t, err1) 531 sort.Strings(role1.Permissions) 532 assert.Equal(t, expectedSystemAdmin, role1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 533 534 th.App.UpdateConfig(func(cfg *model.Config) { 535 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ADMIN 536 }) 537 538 th.ResetEmojisMigration() 539 th.App.DoEmojisPermissionsMigration() 540 541 role2, err2 := th.App.GetRoleByName(model.TEAM_ADMIN_ROLE_ID) 542 assert.Nil(t, err2) 543 expected2 := []string{ 544 model.PERMISSION_REMOVE_USER_FROM_TEAM.Id, 545 model.PERMISSION_MANAGE_TEAM.Id, 546 model.PERMISSION_IMPORT_TEAM.Id, 547 model.PERMISSION_MANAGE_TEAM_ROLES.Id, 548 model.PERMISSION_MANAGE_CHANNEL_ROLES.Id, 549 model.PERMISSION_MANAGE_OTHERS_INCOMING_WEBHOOKS.Id, 550 model.PERMISSION_MANAGE_OTHERS_OUTGOING_WEBHOOKS.Id, 551 model.PERMISSION_MANAGE_SLASH_COMMANDS.Id, 552 model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS.Id, 553 model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, 554 model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, 555 model.PERMISSION_DELETE_POST.Id, 556 model.PERMISSION_DELETE_OTHERS_POSTS.Id, 557 model.PERMISSION_CREATE_EMOJIS.Id, 558 model.PERMISSION_DELETE_EMOJIS.Id, 559 } 560 sort.Strings(expected2) 561 sort.Strings(role2.Permissions) 562 assert.Equal(t, expected2, role2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.TEAM_ADMIN_ROLE_ID)) 563 564 systemAdmin1, systemAdminErr1 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 565 assert.Nil(t, systemAdminErr1) 566 sort.Strings(systemAdmin1.Permissions) 567 assert.Equal(t, expectedSystemAdmin, systemAdmin1.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 568 569 th.App.UpdateConfig(func(cfg *model.Config) { 570 *cfg.ServiceSettings.DEPRECATED_DO_NOT_USE_RestrictCustomEmojiCreation = model.RESTRICT_EMOJI_CREATION_ALL 571 }) 572 573 th.ResetEmojisMigration() 574 th.App.DoEmojisPermissionsMigration() 575 576 role3, err3 := th.App.GetRoleByName(model.SYSTEM_USER_ROLE_ID) 577 assert.Nil(t, err3) 578 expected3 := []string{ 579 model.PERMISSION_LIST_PUBLIC_TEAMS.Id, 580 model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, 581 model.PERMISSION_CREATE_DIRECT_CHANNEL.Id, 582 model.PERMISSION_CREATE_GROUP_CHANNEL.Id, 583 model.PERMISSION_CREATE_TEAM.Id, 584 model.PERMISSION_CREATE_EMOJIS.Id, 585 model.PERMISSION_DELETE_EMOJIS.Id, 586 } 587 sort.Strings(expected3) 588 sort.Strings(role3.Permissions) 589 assert.Equal(t, expected3, role3.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_USER_ROLE_ID)) 590 591 systemAdmin2, systemAdminErr2 := th.App.GetRoleByName(model.SYSTEM_ADMIN_ROLE_ID) 592 assert.Nil(t, systemAdminErr2) 593 sort.Strings(systemAdmin2.Permissions) 594 assert.Equal(t, expectedSystemAdmin, systemAdmin2.Permissions, fmt.Sprintf("'%v' did not have expected permissions", model.SYSTEM_ADMIN_ROLE_ID)) 595 }