From e49f5928c55ba57c39efa11c568c66342b962aae Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Mon, 3 Apr 2017 18:13:28 +0100 Subject: PLT-6139 (Server): Private Channel member managing (#5941) Adds an EE policy feature to allow restricting system-wide which level of Admins can manage the membership of private channels. --- utils/authorization.go | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'utils/authorization.go') diff --git a/utils/authorization.go b/utils/authorization.go index 086caa565..8078f4023 100644 --- a/utils/authorization.go +++ b/utils/authorization.go @@ -183,6 +183,39 @@ func SetDefaultRolesBasedOnConfig() { ) } + // Restrict permissions for Private Channel Manage Members + if IsLicensed { + switch *Cfg.TeamSettings.RestrictPrivateChannelManageMembers { + case model.PERMISSIONS_ALL: + model.ROLE_CHANNEL_USER.Permissions = append( + model.ROLE_CHANNEL_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + case model.PERMISSIONS_CHANNEL_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + model.ROLE_CHANNEL_ADMIN.Permissions = append( + model.ROLE_CHANNEL_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + case model.PERMISSIONS_TEAM_ADMIN: + model.ROLE_TEAM_ADMIN.Permissions = append( + model.ROLE_TEAM_ADMIN.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + break + } + } else { + model.ROLE_CHANNEL_USER.Permissions = append( + model.ROLE_CHANNEL_USER.Permissions, + model.PERMISSION_MANAGE_PRIVATE_CHANNEL_MEMBERS.Id, + ) + } + if !*Cfg.ServiceSettings.EnableOnlyAdminIntegrations { model.ROLE_TEAM_USER.Permissions = append( model.ROLE_TEAM_USER.Permissions, -- cgit v1.2.3-1-g7c22