From 566539bc67c8e467f88401551f999436e27fe70a Mon Sep 17 00:00:00 2001 From: Martin Kraft Date: Fri, 8 Jun 2018 09:07:15 -0400 Subject: MM-10264: Adds system scheme to permissions import/export. (#8924) * MM-10264: Adds system scheme to permissions import/export. * MM-10264: Switches to more likely unique name. * MM-10264: Changed collision prevention string. * MM-10264: Rolls back created schemes in all error cases. * MM-10264: Test fix for more rollback cases. --- app/permissions.go | 57 ++++++++++++++++++++++++++++++++++++++++++++++--- app/permissions_test.go | 2 +- 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/app/permissions.go b/app/permissions.go index 5b1b49de2..d86ceab5d 100644 --- a/app/permissions.go +++ b/app/permissions.go @@ -14,6 +14,7 @@ import ( ) const permissionsExportBatchSize = 100 +const systemSchemeName = "00000000-0000-0000-0000-000000000000" // Prevents collisions with user-created schemes. func (a *App) ResetPermissionsSystem() *model.AppError { // Reset all Teams to not have a scheme. @@ -101,6 +102,31 @@ func (a *App) ExportPermissions(w io.Writer) error { } + defaultRoleNames := []string{} + for _, dr := range model.MakeDefaultRoles() { + defaultRoleNames = append(defaultRoleNames, dr.Name) + } + + roles, appErr := a.GetRolesByNames(defaultRoleNames) + if appErr != nil { + return errors.New(appErr.Message) + } + + schemeExport, err := json.Marshal(&model.SchemeConveyor{ + Name: systemSchemeName, + Roles: roles, + }) + if err != nil { + return err + } + + schemeExport = append(schemeExport, []byte("\n")...) + + _, err = w.Write(schemeExport) + if err != nil { + return err + } + return nil } @@ -113,13 +139,33 @@ func (a *App) ImportPermissions(jsonl io.Reader) error { var schemeConveyor *model.SchemeConveyor err := json.Unmarshal(scanner.Bytes(), &schemeConveyor) if err != nil { + rollback(a, createdSchemeIDs) return err } + if schemeConveyor.Name == systemSchemeName { + for _, roleIn := range schemeConveyor.Roles { + dbRole, err := a.GetRoleByName(roleIn.Name) + if err != nil { + rollback(a, createdSchemeIDs) + return errors.New(err.Message) + } + _, err = a.PatchRole(dbRole, &model.RolePatch{ + Permissions: &roleIn.Permissions, + }) + if err != nil { + rollback(a, createdSchemeIDs) + return err + } + } + continue + } + // Create the new Scheme. The new Roles are created automatically. var appErr *model.AppError schemeCreated, appErr := a.CreateScheme(schemeConveyor.Scheme()) if appErr != nil { + rollback(a, createdSchemeIDs) return errors.New(appErr.Message) } createdSchemeIDs = append(createdSchemeIDs, schemeCreated.Id) @@ -139,21 +185,26 @@ func (a *App) ImportPermissions(jsonl io.Reader) error { err = updateRole(a, schemeConveyor, roleNameTuple[0], roleNameTuple[1]) if err != nil { // Delete the new Schemes. The new Roles are deleted automatically. - for _, schemeID := range createdSchemeIDs { - a.DeleteScheme(schemeID) - } + rollback(a, createdSchemeIDs) return err } } } if err := scanner.Err(); err != nil { + rollback(a, createdSchemeIDs) return err } return nil } +func rollback(a *App, createdSchemeIDs []string) { + for _, schemeID := range createdSchemeIDs { + a.DeleteScheme(schemeID) + } +} + func updateRole(a *App, sc *model.SchemeConveyor, roleCreatedName, defaultRoleName string) error { var err *model.AppError diff --git a/app/permissions_test.go b/app/permissions_test.go index 3c70dc026..ca98461e7 100644 --- a/app/permissions_test.go +++ b/app/permissions_test.go @@ -179,7 +179,7 @@ func TestImportPermissions_idempotentScheme(t *testing.T) { if appErr != nil { panic(appErr) } - expected = len(results) + 1 + expected = len(results) err := th.App.ImportPermissions(r) if err == nil { -- cgit v1.2.3-1-g7c22