diff options
Diffstat (limited to 'utils')
-rw-r--r-- | utils/authorization.go | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/utils/authorization.go b/utils/authorization.go index 2c7f35164..086caa565 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -195,17 +195,26 @@ func SetDefaultRolesBasedOnConfig() { ) } - // If team admins are given permission - if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN { - model.ROLE_TEAM_ADMIN.Permissions = append( - model.ROLE_TEAM_ADMIN.Permissions, - model.PERMISSION_INVITE_USER.Id, - ) - // If it's not restricted to system admin or team admin, then give all users permission - } else if *Cfg.TeamSettings.RestrictTeamInvite != model.PERMISSIONS_SYSTEM_ADMIN { - model.ROLE_SYSTEM_USER.Permissions = append( - model.ROLE_SYSTEM_USER.Permissions, + // Grant permissions for inviting and adding users to a team. + if IsLicensed { + if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_TEAM_ADMIN { + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_INVITE_USER.Id, + model.PERMISSION_ADD_USER_TO_TEAM.Id, + ) + } else if *Cfg.TeamSettings.RestrictTeamInvite == model.PERMISSIONS_ALL { + model.ROLE_SYSTEM_USER.Permissions = append( + model.ROLE_SYSTEM_USER.Permissions, + model.PERMISSION_INVITE_USER.Id, + model.PERMISSION_ADD_USER_TO_TEAM.Id, + ) + } + } else { + model.ROLE_TEAM_USER.Permissions = append( + model.ROLE_TEAM_USER.Permissions, model.PERMISSION_INVITE_USER.Id, + model.PERMISSION_ADD_USER_TO_TEAM.Id, ) } |