2 files changed, 60 insertions, 10 deletions

diff --git a/utils/authorization.go b/utils/authorization.go
index 23a7673fe..75f92062d 100644
--- a/utils/authorization.go
+++ b/utils/authorization.go
@@ -9,46 +9,92 @@ func SetDefaultRolesBasedOnConfig() {
 	// Reset the roles to default to make this logic easier
 	model.InitalizeRoles()
 
+	switch *Cfg.TeamSettings.RestrictPublicChannelCreation {
+	case model.PERMISSIONS_ALL:
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+		)
+		break
+	}
+
 	switch *Cfg.TeamSettings.RestrictPublicChannelManagement {
 	case model.PERMISSIONS_ALL:
-		model.ROLE_CHANNEL_USER.Permissions = append(
-			model.ROLE_CHANNEL_USER.Permissions,
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
 			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 		)
+		break
+	}
+
+	switch *Cfg.TeamSettings.RestrictPublicChannelDeletion {
+	case model.PERMISSIONS_ALL:
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
 		)
 		break
 	case model.PERMISSIONS_TEAM_ADMIN:
 		model.ROLE_TEAM_ADMIN.Permissions = append(
 			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PUBLIC_CHANNEL_PROPERTIES.Id,
 			model.PERMISSION_DELETE_PUBLIC_CHANNEL.Id,
-			model.PERMISSION_CREATE_PUBLIC_CHANNEL.Id,
+		)
+		break
+	}
+
+	switch *Cfg.TeamSettings.RestrictPrivateChannelCreation {
+	case model.PERMISSIONS_ALL:
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
+			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 		break
 	}
 
 	switch *Cfg.TeamSettings.RestrictPrivateChannelManagement {
 	case model.PERMISSIONS_ALL:
-		model.ROLE_CHANNEL_USER.Permissions = append(
-			model.ROLE_CHANNEL_USER.Permissions,
+		model.ROLE_TEAM_USER.Permissions = append(
+			model.ROLE_TEAM_USER.Permissions,
+			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
+		)
+		break
+	case model.PERMISSIONS_TEAM_ADMIN:
+		model.ROLE_TEAM_ADMIN.Permissions = append(
+			model.ROLE_TEAM_ADMIN.Permissions,
 			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 		)
+		break
+	}
+
+	switch *Cfg.TeamSettings.RestrictPrivateChannelDeletion {
+	case model.PERMISSIONS_ALL:
 		model.ROLE_TEAM_USER.Permissions = append(
 			model.ROLE_TEAM_USER.Permissions,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 		break
 	case model.PERMISSIONS_TEAM_ADMIN:
 		model.ROLE_TEAM_ADMIN.Permissions = append(
 			model.ROLE_TEAM_ADMIN.Permissions,
-			model.PERMISSION_MANAGE_PRIVATE_CHANNEL_PROPERTIES.Id,
 			model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id,
-			model.PERMISSION_CREATE_PRIVATE_CHANNEL.Id,
 		)
 		break
 	}
diff --git a/utils/config.go b/utils/config.go
index c06223e6c..ab149d55f 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -238,8 +238,12 @@ func getClientConfig(c *model.Config) map[string]string {
 	props["EnableOpenServer"] = strconv.FormatBool(*c.TeamSettings.EnableOpenServer)
 	props["RestrictDirectMessage"] = *c.TeamSettings.RestrictDirectMessage
 	props["RestrictTeamInvite"] = *c.TeamSettings.RestrictTeamInvite
+	props["RestrictPublicChannelCreation"] = *c.TeamSettings.RestrictPublicChannelCreation
+	props["RestrictPrivateChannelCreation"] = *c.TeamSettings.RestrictPrivateChannelCreation
 	props["RestrictPublicChannelManagement"] = *c.TeamSettings.RestrictPublicChannelManagement
 	props["RestrictPrivateChannelManagement"] = *c.TeamSettings.RestrictPrivateChannelManagement
+	props["RestrictPublicChannelDeletion"] = *c.TeamSettings.RestrictPublicChannelDeletion
+	props["RestrictPrivateChannelDeletion"] = *c.TeamSettings.RestrictPrivateChannelDeletion
 
 	props["EnableOAuthServiceProvider"] = strconv.FormatBool(c.ServiceSettings.EnableOAuthServiceProvider)
 	props["SegmentDeveloperKey"] = c.ServiceSettings.SegmentDeveloperKey