diff options
author | George Goldberg <george@gberg.me> | 2017-04-03 18:13:28 +0100 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2017-04-03 13:13:28 -0400 |
commit | e49f5928c55ba57c39efa11c568c66342b962aae (patch) | |
tree | c3199ea07e1c17aebdd77d53ad1397b469a0f963 /utils/authorization.go | |
parent | 232a99f0c7b9364cb4386264f9ff7f97549a4378 (diff) | |
download | chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.gz chat-e49f5928c55ba57c39efa11c568c66342b962aae.tar.bz2 chat-e49f5928c55ba57c39efa11c568c66342b962aae.zip |
PLT-6139 (Server): Private Channel member managing (#5941)
Adds an EE policy feature to allow restricting system-wide which level of
Admins can manage the membership of private channels.
Diffstat (limited to 'utils/authorization.go')
-rw-r--r-- | utils/authorization.go | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 086caa565..8078f4023 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -183,6 +183,39 @@ func SetDefaultRolesBasedOnConfig() { ) } + // Restrict permissions for Private Channel Manage Members + if IsLicensed { + switch *Cfg.TeamSettings.RestrictPrivateChannelManageMembers { + case model.PERMISSIONS_ALL: + model.ROLE_CHANNEL_USER.Permissions = append( + model.ROLE_CHANNEL_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + case model.PERMISSIONS_CHANNEL_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + model.ROLE_CHANNEL_ADMIN.Permissions = append( + model.ROLE_CHANNEL_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + } + } else { + model.ROLE_CHANNEL_USER.Permissions = append( + model.ROLE_CHANNEL_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + } + if !*Cfg.ServiceSettings.EnableOnlyAdminIntegrations { model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, |