diff options
author | George Goldberg <george@gberg.me> | 2018-02-06 15:34:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-06 15:34:08 +0000 |
commit | e1cd64613591cf5a990442a69ebf188258bd0cb5 (patch) | |
tree | ad9f247a2c75b0bc03de93dbbfc038afb6b69545 /api4/apitestlib.go | |
parent | 1c7f25773a77ceb9e84feabe3907e7f93f6870e4 (diff) | |
download | chat-e1cd64613591cf5a990442a69ebf188258bd0cb5.tar.gz chat-e1cd64613591cf5a990442a69ebf188258bd0cb5.tar.bz2 chat-e1cd64613591cf5a990442a69ebf188258bd0cb5.zip |
XYZ-37: Advanced Permissions Phase 1 Backend. (#8159)
* XYZ-13: Update Permission and Role structs to new design.
* XYZ-10: Role store.
* XYZ-9/XYZ-44: Roles API endpoints and WebSocket message.
* XYZ-8: Switch server permissions checks to store backed roles.
* XYZ-58: Proper validation of roles where required.
* XYZ-11/XYZ-55: Migration to store backed roles from policy config.
* XYZ-37: Update unit tests to work with database roles.
* XYZ-56: Remove the "guest" role.
* Changes to SetDefaultRolesFromConfig.
* Short-circuit the store if nothing has changed.
* Address first round of review comments.
* Address second round of review comments.
Diffstat (limited to 'api4/apitestlib.go')
-rw-r--r-- | api4/apitestlib.go | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/api4/apitestlib.go b/api4/apitestlib.go index a7e64ae84..bdca072c5 100644 --- a/api4/apitestlib.go +++ b/api4/apitestlib.go @@ -118,6 +118,7 @@ func setupTestHelper(enterprise bool) *TestHelper { Init(th.App, th.App.Srv.Router, true) wsapi.Init(th.App, th.App.Srv.WebSocketRouter) th.App.Srv.Store.MarkSystemRanUnitTests() + th.App.DoAdvancedPermissionsMigration() th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = true }) @@ -799,3 +800,114 @@ func (me *TestHelper) UpdateUserToNonTeamAdmin(user *model.User, team *model.Tea } utils.EnableDebugLogForTest() } + +func (me *TestHelper) SaveDefaultRolePermissions() map[string][]string { + utils.DisableDebugLogForTest() + + results := make(map[string][]string) + + for _, roleName := range []string{ + "system_user", + "system_admin", + "team_user", + "team_admin", + "channel_user", + "channel_admin", + } { + role, err1 := me.App.GetRoleByName(roleName) + if err1 != nil { + utils.EnableDebugLogForTest() + panic(err1) + } + + results[roleName] = role.Permissions + } + + utils.EnableDebugLogForTest() + return results +} + +func (me *TestHelper) RestoreDefaultRolePermissions(data map[string][]string) { + utils.DisableDebugLogForTest() + + for roleName, permissions := range data { + role, err1 := me.App.GetRoleByName(roleName) + if err1 != nil { + utils.EnableDebugLogForTest() + panic(err1) + } + + if strings.Join(role.Permissions, " ") == strings.Join(permissions, " ") { + continue + } + + role.Permissions = permissions + + _, err2 := me.App.UpdateRole(role) + if err2 != nil { + utils.EnableDebugLogForTest() + panic(err2) + } + } + + utils.EnableDebugLogForTest() +} + +func (me *TestHelper) RemovePermissionFromRole(permission string, roleName string) { + utils.DisableDebugLogForTest() + + role, err1 := me.App.GetRoleByName(roleName) + if err1 != nil { + utils.EnableDebugLogForTest() + panic(err1) + } + + var newPermissions []string + for _, p := range role.Permissions { + if p != permission { + newPermissions = append(newPermissions, p) + } + } + + if strings.Join(role.Permissions, " ") == strings.Join(newPermissions, " ") { + utils.EnableDebugLogForTest() + return + } + + role.Permissions = newPermissions + + _, err2 := me.App.UpdateRole(role) + if err2 != nil { + utils.EnableDebugLogForTest() + panic(err2) + } + + utils.EnableDebugLogForTest() +} + +func (me *TestHelper) AddPermissionToRole(permission string, roleName string) { + utils.DisableDebugLogForTest() + + role, err1 := me.App.GetRoleByName(roleName) + if err1 != nil { + utils.EnableDebugLogForTest() + panic(err1) + } + + for _, existingPermission := range role.Permissions { + if existingPermission == permission { + utils.EnableDebugLogForTest() + return + } + } + + role.Permissions = append(role.Permissions, permission) + + _, err2 := me.App.UpdateRole(role) + if err2 != nil { + utils.EnableDebugLogForTest() + panic(err2) + } + + utils.EnableDebugLogForTest() +} |