From 06ec648cf30e3968c0fdb2514c8d59dff97c757c Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 31 Oct 2017 12:00:21 -0400
Subject: PLT-7978 Add websocket event for user role update (#7745)

* Add websocket event for user role update

* Fix tests

* More test fixes
---
 api/apitestlib.go          |  4 ++--
 api/oauth_test.go          |  6 +++---
 api/team_test.go           |  2 +-
 api/user.go                |  2 +-
 api/user_test.go           |  2 +-
 api4/apitestlib.go         |  6 +++---
 api4/post_test.go          |  8 ++++----
 api4/user.go               |  2 +-
 api4/user_test.go          | 14 +++++++-------
 app/import.go              |  2 +-
 app/user.go                |  9 ++++++++-
 cmd/platform/roles.go      |  4 ++--
 cmd/platform/user.go       |  2 +-
 model/websocket_message.go |  1 +
 web/web_test.go            |  2 +-
 15 files changed, 37 insertions(+), 29 deletions(-)

diff --git a/api/apitestlib.go b/api/apitestlib.go
index 0548f7843..52e6f300e 100644
--- a/api/apitestlib.go
+++ b/api/apitestlib.go
@@ -115,7 +115,7 @@ func (me *TestHelper) InitBasic() *TestHelper {
 
 	me.BasicClient = me.CreateClient()
 	me.BasicUser = me.CreateUser(me.BasicClient)
-	me.App.UpdateUserRoles(me.BasicUser.Id, model.ROLE_SYSTEM_USER.Id)
+	me.App.UpdateUserRoles(me.BasicUser.Id, model.ROLE_SYSTEM_USER.Id, false)
 	me.LoginBasic()
 	me.BasicTeam = me.CreateTeam(me.BasicClient)
 	me.LinkUserToTeam(me.BasicUser, me.BasicTeam)
@@ -142,7 +142,7 @@ func (me *TestHelper) InitSystemAdmin() *TestHelper {
 	me.SystemAdminTeam = me.CreateTeam(me.SystemAdminClient)
 	me.LinkUserToTeam(me.SystemAdminUser, me.SystemAdminTeam)
 	me.SystemAdminClient.SetTeamId(me.SystemAdminTeam.Id)
-	me.App.UpdateUserRoles(me.SystemAdminUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_ADMIN.Id)
+	me.App.UpdateUserRoles(me.SystemAdminUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_ADMIN.Id, false)
 	me.SystemAdminChannel = me.CreateChannel(me.SystemAdminClient, me.SystemAdminTeam)
 
 	return me
diff --git a/api/oauth_test.go b/api/oauth_test.go
index 0b18a4e47..395eaade7 100644
--- a/api/oauth_test.go
+++ b/api/oauth_test.go
@@ -78,7 +78,7 @@ func TestOAuthRegisterApp(t *testing.T) {
 	user := &model.User{Email: strings.ToLower("test+"+model.NewId()) + "@simulator.amazonses.com", Password: "hello1", Username: "n" + model.NewId(), EmailVerified: true}
 
 	ruser := Client.Must(Client.CreateUser(user, "")).Data.(*model.User)
-	th.App.UpdateUserRoles(ruser.Id, "")
+	th.App.UpdateUserRoles(ruser.Id, "", false)
 
 	Client.Logout()
 	Client.Login(user.Email, user.Password)
@@ -257,7 +257,7 @@ func TestOAuthGetAppsByUser(t *testing.T) {
 
 	user := &model.User{Email: strings.ToLower("test+"+model.NewId()) + "@simulator.amazonses.com", Password: "hello1", Username: "n" + model.NewId(), EmailVerified: true}
 	ruser := Client.Must(AdminClient.CreateUser(user, "")).Data.(*model.User)
-	th.App.UpdateUserRoles(ruser.Id, "")
+	th.App.UpdateUserRoles(ruser.Id, "", false)
 
 	Client.Logout()
 	Client.Login(user.Email, user.Password)
@@ -480,7 +480,7 @@ func TestOAuthDeleteApp(t *testing.T) {
 
 	user := &model.User{Email: strings.ToLower("test+"+model.NewId()) + "@simulator.amazonses.com", Password: "hello1", Username: "n" + model.NewId(), EmailVerified: true}
 	ruser := Client.Must(AdminClient.CreateUser(user, "")).Data.(*model.User)
-	th.App.UpdateUserRoles(ruser.Id, "")
+	th.App.UpdateUserRoles(ruser.Id, "", false)
 
 	Client.Logout()
 	Client.Login(user.Email, user.Password)
diff --git a/api/team_test.go b/api/team_test.go
index 680bd7ea7..8aa8a32de 100644
--- a/api/team_test.go
+++ b/api/team_test.go
@@ -395,7 +395,7 @@ func TestGetAllTeamListings(t *testing.T) {
 		}
 	}
 
-	th.App.UpdateUserRoles(user.Id, model.ROLE_SYSTEM_ADMIN.Id)
+	th.App.UpdateUserRoles(user.Id, model.ROLE_SYSTEM_ADMIN.Id, false)
 
 	Client.Login(user.Email, "passwd1")
 	Client.SetTeamId(team.Id)
diff --git a/api/user.go b/api/user.go
index e1fa63bfa..4a3b52417 100644
--- a/api/user.go
+++ b/api/user.go
@@ -699,7 +699,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if _, err := c.App.UpdateUserRoles(userId, newRoles); err != nil {
+	if _, err := c.App.UpdateUserRoles(userId, newRoles, true); err != nil {
 		return
 	} else {
 		c.LogAuditWithUserId(userId, "roles="+newRoles)
diff --git a/api/user_test.go b/api/user_test.go
index 05b6a844f..27408f292 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -483,7 +483,7 @@ func TestGetUser(t *testing.T) {
 		t.Fatal("shouldn't have accss")
 	}
 
-	th.App.UpdateUserRoles(ruser.Data.(*model.User).Id, model.ROLE_SYSTEM_ADMIN.Id)
+	th.App.UpdateUserRoles(ruser.Data.(*model.User).Id, model.ROLE_SYSTEM_ADMIN.Id, false)
 
 	Client.Login(user.Email, "passwd1")
 
diff --git a/api4/apitestlib.go b/api4/apitestlib.go
index b7d07e89e..d777f8c19 100644
--- a/api4/apitestlib.go
+++ b/api4/apitestlib.go
@@ -194,7 +194,7 @@ func (me *TestHelper) InitBasic() *TestHelper {
 	me.waitForConnectivity()
 
 	me.TeamAdminUser = me.CreateUser()
-	me.App.UpdateUserRoles(me.TeamAdminUser.Id, model.ROLE_SYSTEM_USER.Id)
+	me.App.UpdateUserRoles(me.TeamAdminUser.Id, model.ROLE_SYSTEM_USER.Id, false)
 	me.LoginTeamAdmin()
 	me.BasicTeam = me.CreateTeam()
 	me.BasicChannel = me.CreatePublicChannel()
@@ -211,7 +211,7 @@ func (me *TestHelper) InitBasic() *TestHelper {
 	me.App.AddUserToChannel(me.BasicUser2, me.BasicChannel2)
 	me.App.AddUserToChannel(me.BasicUser, me.BasicPrivateChannel)
 	me.App.AddUserToChannel(me.BasicUser2, me.BasicPrivateChannel)
-	me.App.UpdateUserRoles(me.BasicUser.Id, model.ROLE_SYSTEM_USER.Id)
+	me.App.UpdateUserRoles(me.BasicUser.Id, model.ROLE_SYSTEM_USER.Id, false)
 	me.LoginBasic()
 
 	return me
@@ -221,7 +221,7 @@ func (me *TestHelper) InitSystemAdmin() *TestHelper {
 	me.waitForConnectivity()
 
 	me.SystemAdminUser = me.CreateUser()
-	me.App.UpdateUserRoles(me.SystemAdminUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_ADMIN.Id)
+	me.App.UpdateUserRoles(me.SystemAdminUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_ADMIN.Id, false)
 	me.LoginSystemAdmin()
 
 	return me
diff --git a/api4/post_test.go b/api4/post_test.go
index 6f195296a..15553137a 100644
--- a/api4/post_test.go
+++ b/api4/post_test.go
@@ -292,7 +292,7 @@ func TestCreatePostPublic(t *testing.T) {
 	_, resp = Client.CreatePost(post)
 	CheckForbiddenStatus(t, resp)
 
-	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_POST_ALL_PUBLIC.Id)
+	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_POST_ALL_PUBLIC.Id, false)
 	th.App.InvalidateAllCaches()
 
 	Client.Login(user.Email, user.Password)
@@ -304,7 +304,7 @@ func TestCreatePostPublic(t *testing.T) {
 	_, resp = Client.CreatePost(post)
 	CheckForbiddenStatus(t, resp)
 
-	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id)
+	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id, false)
 	th.App.JoinUserToTeam(th.BasicTeam, ruser, "")
 	th.App.UpdateTeamMemberRoles(th.BasicTeam.Id, ruser.Id, model.ROLE_TEAM_USER.Id+" "+model.ROLE_TEAM_POST_ALL_PUBLIC.Id)
 	th.App.InvalidateAllCaches()
@@ -339,7 +339,7 @@ func TestCreatePostAll(t *testing.T) {
 	_, resp = Client.CreatePost(post)
 	CheckForbiddenStatus(t, resp)
 
-	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_POST_ALL.Id)
+	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_POST_ALL.Id, false)
 	th.App.InvalidateAllCaches()
 
 	Client.Login(user.Email, user.Password)
@@ -355,7 +355,7 @@ func TestCreatePostAll(t *testing.T) {
 	_, resp = Client.CreatePost(post)
 	CheckNoError(t, resp)
 
-	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id)
+	th.App.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id, false)
 	th.App.JoinUserToTeam(th.BasicTeam, ruser, "")
 	th.App.UpdateTeamMemberRoles(th.BasicTeam.Id, ruser.Id, model.ROLE_TEAM_USER.Id+" "+model.ROLE_TEAM_POST_ALL.Id)
 	th.App.InvalidateAllCaches()
diff --git a/api4/user.go b/api4/user.go
index 2f8e72ad9..7343ce326 100644
--- a/api4/user.go
+++ b/api4/user.go
@@ -651,7 +651,7 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if _, err := c.App.UpdateUserRoles(c.Params.UserId, newRoles); err != nil {
+	if _, err := c.App.UpdateUserRoles(c.Params.UserId, newRoles, true); err != nil {
 		c.Err = err
 		return
 	} else {
diff --git a/api4/user_test.go b/api4/user_test.go
index 0121c71af..98f88ab64 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -2200,7 +2200,7 @@ func TestCreateUserAccessToken(t *testing.T) {
 	_, resp = Client.CreateUserAccessToken(th.BasicUser.Id, "")
 	CheckBadRequestStatus(t, resp)
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = false })
 	_, resp = Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
@@ -2278,7 +2278,7 @@ func TestGetUserAccessToken(t *testing.T) {
 	_, resp = Client.GetUserAccessToken(model.NewId())
 	CheckForbiddenStatus(t, resp)
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 	token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
@@ -2339,7 +2339,7 @@ func TestRevokeUserAccessToken(t *testing.T) {
 
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true })
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 	token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
@@ -2387,7 +2387,7 @@ func TestDisableUserAccessToken(t *testing.T) {
 	}()
 	*utils.Cfg.ServiceSettings.EnableUserAccessTokens = true
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 	token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
@@ -2434,7 +2434,7 @@ func TestEnableUserAccessToken(t *testing.T) {
 	}()
 	*utils.Cfg.ServiceSettings.EnableUserAccessTokens = true
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 	token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
@@ -2476,7 +2476,7 @@ func TestUserAccessTokenInactiveUser(t *testing.T) {
 
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true })
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 	token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
@@ -2499,7 +2499,7 @@ func TestUserAccessTokenDisableConfig(t *testing.T) {
 
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true })
 
-	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id)
+	th.App.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_USER_ACCESS_TOKEN.Id, false)
 	token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
diff --git a/app/import.go b/app/import.go
index b98128fb5..21ce0ba53 100644
--- a/app/import.go
+++ b/app/import.go
@@ -657,7 +657,7 @@ func (a *App) ImportUser(data *UserImportData, dryRun bool) *model.AppError {
 			}
 		}
 		if hasUserRolesChanged {
-			if savedUser, err = a.UpdateUserRoles(user.Id, roles); err != nil {
+			if savedUser, err = a.UpdateUserRoles(user.Id, roles, false); err != nil {
 				return err
 			}
 		}
diff --git a/app/user.go b/app/user.go
index e6ae7f174..a4513af9a 100644
--- a/app/user.go
+++ b/app/user.go
@@ -1188,7 +1188,7 @@ func (a *App) DeleteToken(token *model.Token) *model.AppError {
 	return nil
 }
 
-func (a *App) UpdateUserRoles(userId string, newRoles string) (*model.User, *model.AppError) {
+func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent bool) (*model.User, *model.AppError) {
 	var user *model.User
 	var err *model.AppError
 	if user, err = a.GetUser(userId); err != nil {
@@ -1214,6 +1214,13 @@ func (a *App) UpdateUserRoles(userId string, newRoles string) (*model.User, *mod
 
 	a.ClearSessionCacheForUser(user.Id)
 
+	if sendWebSocketEvent {
+		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ROLE_UPDATED, "", "", user.Id, nil)
+		message.Add("user_id", user.Id)
+		message.Add("roles", newRoles)
+		a.Publish(message)
+	}
+
 	return ruser, nil
 }
 
diff --git a/cmd/platform/roles.go b/cmd/platform/roles.go
index 7939dc5c7..e7a1c1a0e 100644
--- a/cmd/platform/roles.go
+++ b/cmd/platform/roles.go
@@ -52,7 +52,7 @@ func makeSystemAdminCmdF(cmd *cobra.Command, args []string) error {
 			return errors.New("Unable to find user '" + args[i] + "'")
 		}
 
-		if _, err := a.UpdateUserRoles(user.Id, "system_admin system_user"); err != nil {
+		if _, err := a.UpdateUserRoles(user.Id, "system_admin system_user", true); err != nil {
 			return err
 		}
 	}
@@ -76,7 +76,7 @@ func makeMemberCmdF(cmd *cobra.Command, args []string) error {
 			return errors.New("Unable to find user '" + args[i] + "'")
 		}
 
-		if _, err := a.UpdateUserRoles(user.Id, "system_user"); err != nil {
+		if _, err := a.UpdateUserRoles(user.Id, "system_user", true); err != nil {
 			return err
 		}
 	}
diff --git a/cmd/platform/user.go b/cmd/platform/user.go
index 66b0f2223..ea654f89f 100644
--- a/cmd/platform/user.go
+++ b/cmd/platform/user.go
@@ -246,7 +246,7 @@ func userCreateCmdF(cmd *cobra.Command, args []string) error {
 	if ruser, err := a.CreateUser(user); err != nil {
 		return errors.New("Unable to create user. Error: " + err.Error())
 	} else if systemAdmin {
-		a.UpdateUserRoles(ruser.Id, "system_user system_admin")
+		a.UpdateUserRoles(ruser.Id, "system_user system_admin", false)
 	}
 
 	CommandPrettyPrintln("Created User")
diff --git a/model/websocket_message.go b/model/websocket_message.go
index 6c55da6f0..bf2535dc3 100644
--- a/model/websocket_message.go
+++ b/model/websocket_message.go
@@ -24,6 +24,7 @@ const (
 	WEBSOCKET_EVENT_UPDATE_TEAM         = "update_team"
 	WEBSOCKET_EVENT_USER_ADDED          = "user_added"
 	WEBSOCKET_EVENT_USER_UPDATED        = "user_updated"
+	WEBSOCKET_EVENT_USER_ROLE_UPDATED   = "user_role_updated"
 	WEBSOCKET_EVENT_MEMBERROLE_UPDATED  = "memberrole_updated"
 	WEBSOCKET_EVENT_USER_REMOVED        = "user_removed"
 	WEBSOCKET_EVENT_PREFERENCE_CHANGED  = "preference_changed"
diff --git a/web/web_test.go b/web/web_test.go
index 52ba89933..a9cf4a7ed 100644
--- a/web/web_test.go
+++ b/web/web_test.go
@@ -98,7 +98,7 @@ func TestIncomingWebhook(t *testing.T) {
 
 	a.JoinUserToTeam(team, user, "")
 
-	a.UpdateUserRoles(user.Id, model.ROLE_SYSTEM_ADMIN.Id)
+	a.UpdateUserRoles(user.Id, model.ROLE_SYSTEM_ADMIN.Id, false)
 	ApiClient.SetTeamId(team.Id)
 
 	channel1 := &model.Channel{DisplayName: "Test API Name", Name: "zz" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
-- 
cgit v1.2.3-1-g7c22