diff options
Diffstat (limited to 'app/permissions.go')
-rw-r--r-- | app/permissions.go | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/app/permissions.go b/app/permissions.go index be975e03d..70b8cc689 100644 --- a/app/permissions.go +++ b/app/permissions.go @@ -4,10 +4,33 @@ package app import ( + "bufio" + "encoding/json" + "fmt" + "io" + "github.com/mattermost/mattermost-server/model" + "github.com/pkg/errors" ) +const permissionsExportBatchSize = 100 + func (a *App) ResetPermissionsSystem() *model.AppError { + // Reset all Teams to not have a scheme. + if result := <-a.Srv.Store.Team().ResetAllTeamSchemes(); result.Err != nil { + return result.Err + } + + // Reset all Channels to not have a scheme. + if result := <-a.Srv.Store.Channel().ResetAllChannelSchemes(); result.Err != nil { + return result.Err + } + + // Purge all schemes from the database. + if result := <-a.Srv.Store.Scheme().PermanentDeleteAll(); result.Err != nil { + return result.Err + } + // Purge all roles from the database. if result := <-a.Srv.Store.Role().PermanentDeleteAll(); result.Err != nil { return result.Err @@ -23,3 +46,138 @@ func (a *App) ResetPermissionsSystem() *model.AppError { return nil } + +func (a *App) ExportPermissions(w io.Writer) error { + + next := a.SchemesIterator(permissionsExportBatchSize) + var schemeBatch []*model.Scheme + + for schemeBatch = next(); len(schemeBatch) > 0; schemeBatch = next() { + + for _, scheme := range schemeBatch { + + roleIDs := []string{ + scheme.DefaultTeamAdminRole, + scheme.DefaultTeamUserRole, + scheme.DefaultChannelAdminRole, + scheme.DefaultChannelUserRole, + } + + roles := []*model.Role{} + for _, roleID := range roleIDs { + if len(roleID) == 0 { + continue + } + role, err := a.GetRole(roleID) + if err != nil { + return err + } + roles = append(roles, role) + } + + schemeExport, err := json.Marshal(&model.SchemeConveyor{ + Name: scheme.Name, + DisplayName: scheme.DisplayName, + Description: scheme.Description, + Scope: scheme.Scope, + TeamAdmin: scheme.DefaultTeamAdminRole, + TeamUser: scheme.DefaultTeamUserRole, + ChannelAdmin: scheme.DefaultChannelAdminRole, + ChannelUser: scheme.DefaultChannelUserRole, + Roles: roles, + }) + if err != nil { + return err + } + + schemeExport = append(schemeExport, []byte("\n")...) + + _, err = w.Write(schemeExport) + if err != nil { + return err + } + } + + } + + return nil +} + +func (a *App) ImportPermissions(jsonl io.Reader) error { + createdSchemeIDs := []string{} + + scanner := bufio.NewScanner(jsonl) + + for scanner.Scan() { + var schemeConveyor *model.SchemeConveyor + err := json.Unmarshal(scanner.Bytes(), &schemeConveyor) + if err != nil { + return err + } + + // Create the new Scheme. The new Roles are created automatically. + var appErr *model.AppError + schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme()) + if appErr != nil { + return errors.New(appErr.Message) + } + createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id) + + schemeIn := schemeConveyor.Scheme() + roleIDTuples := [][]string{ + {schemeCreated.DefaultTeamAdminRole, schemeIn.DefaultTeamAdminRole}, + {schemeCreated.DefaultTeamUserRole, schemeIn.DefaultTeamUserRole}, + {schemeCreated.DefaultChannelAdminRole, schemeIn.DefaultChannelAdminRole}, + {schemeCreated.DefaultChannelUserRole, schemeIn.DefaultChannelUserRole}, + } + for _, roleIDTuple := range roleIDTuples { + if len(roleIDTuple[0]) == 0 || len(roleIDTuple[1]) == 0 { + continue + } + + err = updateRole(a, schemeConveyor, roleIDTuple[0], roleIDTuple[1]) + if err != nil { + // Delete the new Schemes. The new Roles are deleted automatically. + for _, schemeID := range createdSchemeIDs { + a.DeleteScheme(schemeID) + } + return err + } + } + } + + if err := scanner.Err(); err != nil { + return err + } + + return nil +} + +func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedID, defaultRoleID string) error { + var err *model.AppError + + roleCreated, err := a.GetRole(roleCreatedID) + if err != nil { + return errors.New(err.Message) + } + + var roleIn *model.Role + for _, role := range sc.Roles { + if role.Id == defaultRoleID { + roleIn = role + break + } + } + + roleCreated.Name = roleIn.Name + roleCreated.DisplayName = roleIn.DisplayName + roleCreated.Description = roleIn.Description + roleCreated.Permissions = roleIn.Permissions + + _, err = a.UpdateRole(roleCreated) + if err != nil { + return errors.New(fmt.Sprintf("%v: %v\n", err.Message, err.DetailedError)) + } + + return nil +} |