luisgulo/focalboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
focalboard/server/services/permissions/mmpermissions/mmpermissions.go
Jesús Espino a4ef8ec6bc
Permissions integration tests (#2697) 
* Initial permissions review infrastructure

* Adding more tests cases

* Modifying a bit the tests approach and adding more tests

* Adding more tests

* Adding more tests for permissions

* Adding more tests

* Adding more permissions tests

* Adding more tests

* Adding more permission checks

* Adding more permissions tests

* Adding more permission tests

* Adding more tests

* Adding subscriptions tests

* Adding more permissions tests

* Adding tests for read tokens in the files

* Update APIs and fix unit tests

* Fix linter errors

* Auto-assign category id from the database (as expected because is serial/auto_increment integer field)

* Revert "Auto-assign category id from the database (as expected because is serial/auto_increment integer field)"

This reverts commit 5c98fd76a3.

* Fixing Category scheme in postgres and MySQL

* Removing restriction about the channel_id and add it to all the databases

* Moving everything to a new migration

* Fix bad merge (?)

* Update 000021_fix_categories.up.sql

Fix Postgres ALTER COLUMN syntax

* Update 000021_fix_categories.down.sql

Fix Postgres ALTER COLUMN syntax

* Update 000021_fix_categories.up.sql

Remove unnecessary, and unsupported MODIFY COLUMNs for SQLite.

* Update 000021_fix_categories.up.sql

Remove not null from categories.channel_id

* Update 000021_fix_categories.down.sql

Migrate down removing not null from categories.channel_id

* Update 000021_fix_categories.up.sql

Fix drop not null on categories.channel_id

* Update 000021_fix_categories.down.sql

Fix down migration of drop not null from categories.channel_id.

* Restore default notification level to debug

Co-authored-by: Chen-I Lim <chenilim@gmail.com>
Co-authored-by: Chen-I Lim <46905241+chenilim@users.noreply.github.com>
2022-04-05 08:00:04 -07:00

87 lines
2.2 KiB
Go
Raw Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package mmpermissions
import (
"database/sql"
"errors"
"github.com/mattermost/focalboard/server/model"
"github.com/mattermost/focalboard/server/services/permissions"
mmModel "github.com/mattermost/mattermost-server/v6/model"
)
type APIInterface interface {
HasPermissionToTeam(userID string, teamID string, permission *mmModel.Permission) bool
LogError(string, ...interface{})
}
type Service struct {
store permissions.Store
api APIInterface
}
func New(store permissions.Store, api APIInterface) *Service {
return &Service{
store: store,
api: api,
}
}
func (s *Service) HasPermissionToTeam(userID, teamID string, permission *mmModel.Permission) bool {
if userID == "" || teamID == "" || permission == nil {
return false
}
return s.api.HasPermissionToTeam(userID, teamID, permission)
}
func (s *Service) HasPermissionToBoard(userID, boardID string, permission *mmModel.Permission) bool {
if userID == "" || boardID == "" || permission == nil {
return false
}
board, err := s.store.GetBoard(boardID)
if errors.Is(err, sql.ErrNoRows) {
return false
}
if err != nil {
s.api.LogError("error getting board",
"boardID", boardID,
"userID", userID,
"error", err,
)
return false
}
// we need to check that the user has permission to see the team
// regardless of its local permissions to the board
if !s.HasPermissionToTeam(userID, board.TeamID, model.PermissionViewTeam) {
return false
}
member, err := s.store.GetMemberForBoard(boardID, userID)
if errors.Is(err, sql.ErrNoRows) {
return false
}
if err != nil {
s.api.LogError("error getting member for board",
"boardID", boardID,
"userID", userID,
"error", err,
)
return false
}
switch permission {
case model.PermissionManageBoardType, model.PermissionDeleteBoard, model.PermissionManageBoardRoles, model.PermissionShareBoard:
return member.SchemeAdmin
case model.PermissionManageBoardCards, model.PermissionManageBoardProperties:
return member.SchemeAdmin || member.SchemeEditor
case model.PermissionViewBoard:
return member.SchemeAdmin || member.SchemeEditor || member.SchemeCommenter || member.SchemeViewer
default:
return false
}
}
Reference in a new issue View git blame Copy permalink