diff --git a/api4/post_test.go b/api4/post_test.go index 53babc6e6fe..f136ba676f0 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -302,6 +302,61 @@ func TestCreatePostPublic(t *testing.T) { CheckNoError(t, resp) } +func TestCreatePostAll(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + post := &model.Post{ChannelId: th.BasicChannel.Id, Message: "#hashtag a" + model.NewId() + "a"} + + user := model.User{Email: GenerateTestEmail(), Nickname: "Joram Wilander", Password: "hello1", Username: GenerateTestUsername(), Roles: model.ROLE_SYSTEM_USER.Id} + + directChannel, _ := app.CreateDirectChannel(th.BasicUser.Id, th.BasicUser2.Id) + + ruser, resp := Client.CreateUser(&user) + CheckNoError(t, resp) + + Client.Login(user.Email, user.Password) + + _, resp = Client.CreatePost(post) + CheckForbiddenStatus(t, resp) + + app.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_POST_ALL.Id) + app.InvalidateAllCaches() + + Client.Login(user.Email, user.Password) + + _, resp = Client.CreatePost(post) + CheckNoError(t, resp) + + post.ChannelId = th.BasicPrivateChannel.Id + _, resp = Client.CreatePost(post) + CheckNoError(t, resp) + + post.ChannelId = directChannel.Id + _, resp = Client.CreatePost(post) + CheckNoError(t, resp) + + app.UpdateUserRoles(ruser.Id, model.ROLE_SYSTEM_USER.Id) + app.JoinUserToTeam(th.BasicTeam, ruser, "") + app.UpdateTeamMemberRoles(th.BasicTeam.Id, ruser.Id, model.ROLE_TEAM_USER.Id+" "+model.ROLE_TEAM_POST_ALL.Id) + app.InvalidateAllCaches() + + Client.Login(user.Email, user.Password) + + post.ChannelId = th.BasicPrivateChannel.Id + _, resp = Client.CreatePost(post) + CheckNoError(t, resp) + + post.ChannelId = th.BasicChannel.Id + _, resp = Client.CreatePost(post) + CheckNoError(t, resp) + + post.ChannelId = directChannel.Id + _, resp = Client.CreatePost(post) + CheckForbiddenStatus(t, resp) +} + func TestUpdatePost(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() diff --git a/app/authorization.go b/app/authorization.go index 9fc2edfb91e..28f968f682d 100644 --- a/app/authorization.go +++ b/app/authorization.go @@ -48,7 +48,7 @@ func SessionHasPermissionToChannel(session model.Session, channelId string, perm } channel, err := GetChannel(channelId) - if err == nil { + if err == nil && channel.TeamId != "" { return SessionHasPermissionToTeam(session, channel.TeamId, permission) } diff --git a/app/diagnostics.go b/app/diagnostics.go index 54fe843ac02..603ceb8a5e7 100644 --- a/app/diagnostics.go +++ b/app/diagnostics.go @@ -165,6 +165,7 @@ func trackConfig() { "enable_post_username_override": utils.Cfg.ServiceSettings.EnablePostUsernameOverride, "enable_post_icon_override": utils.Cfg.ServiceSettings.EnablePostIconOverride, "enable_apiv3": *utils.Cfg.ServiceSettings.EnableAPIv3, + "enable_user_access_tokens": *utils.Cfg.ServiceSettings.EnableUserAccessTokens, "enable_custom_emoji": *utils.Cfg.ServiceSettings.EnableCustomEmoji, "enable_emoji_picker": *utils.Cfg.ServiceSettings.EnableEmojiPicker, "restrict_custom_emoji_creation": *utils.Cfg.ServiceSettings.RestrictCustomEmojiCreation, diff --git a/i18n/en.json b/i18n/en.json index c4940295b79..3287af260a9 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -3503,6 +3503,14 @@ "id": "app.import.validate_user_teams_import_data.team_name_missing.error", "translation": "Team name missing from User's Team Membership." }, + { + "id": "authentication.roles.system_post_all.name", + "translation": "Post in Public, Private and Direct Channels" + }, + { + "id": "authentication.roles.system_post_all.description", + "translation": "A role with the permission to post in any public, private or direct channel on the system" + }, { "id": "authentication.roles.system_post_all_public.name", "translation": "Post in Public Channels" @@ -3511,6 +3519,14 @@ "id": "authentication.roles.system_post_all_public.description", "translation": "A role with the permission to post in any public channel on the system" }, + { + "id": "authentication.roles.team_post_all.name", + "translation": "Post in Public and Private Channels" + }, + { + "id": "authentication.roles.team_post_all.description", + "translation": "A role with the permission to post in any public or private channel on the team" + }, { "id": "authentication.roles.team_post_all_public.name", "translation": "Post in Public Channels" diff --git a/model/authorization.go b/model/authorization.go index cf7e2b4818c..d413e294c2e 100644 --- a/model/authorization.go +++ b/model/authorization.go @@ -71,11 +71,13 @@ var PERMISSION_MANAGE_SYSTEM *Permission var ROLE_SYSTEM_USER *Role var ROLE_SYSTEM_ADMIN *Role +var ROLE_SYSTEM_POST_ALL *Role var ROLE_SYSTEM_POST_ALL_PUBLIC *Role var ROLE_SYSTEM_USER_ACCESS_TOKEN *Role var ROLE_TEAM_USER *Role var ROLE_TEAM_ADMIN *Role +var ROLE_TEAM_POST_ALL *Role var ROLE_TEAM_POST_ALL_PUBLIC *Role var ROLE_CHANNEL_USER *Role @@ -376,6 +378,16 @@ func InitalizeRoles() { } BuiltInRoles[ROLE_TEAM_USER.Id] = ROLE_TEAM_USER + ROLE_TEAM_POST_ALL = &Role{ + "team_post_all", + "authentication.roles.team_post_all.name", + "authentication.roles.team_post_all.description", + []string{ + PERMISSION_CREATE_POST.Id, + }, + } + BuiltInRoles[ROLE_TEAM_POST_ALL.Id] = ROLE_TEAM_POST_ALL + ROLE_TEAM_POST_ALL_PUBLIC = &Role{ "team_post_all_public", "authentication.roles.team_post_all_public.name", @@ -417,6 +429,16 @@ func InitalizeRoles() { } BuiltInRoles[ROLE_SYSTEM_USER.Id] = ROLE_SYSTEM_USER + ROLE_SYSTEM_POST_ALL = &Role{ + "system_post_all", + "authentication.roles.system_post_all.name", + "authentication.roles.system_post_all.description", + []string{ + PERMISSION_CREATE_POST.Id, + }, + } + BuiltInRoles[ROLE_SYSTEM_POST_ALL.Id] = ROLE_SYSTEM_POST_ALL + ROLE_SYSTEM_POST_ALL_PUBLIC = &Role{ "system_post_all_public", "authentication.roles.system_post_all_public.name", diff --git a/store/sql_upgrade.go b/store/sql_upgrade.go index a7b72124e3f..157a85507ee 100644 --- a/store/sql_upgrade.go +++ b/store/sql_upgrade.go @@ -282,6 +282,12 @@ func UpgradeDatabaseToVersion40(sqlStore SqlStore) { func UpgradeDatabaseToVersion41(sqlStore SqlStore) { // TODO: Uncomment following condition when version 4.1.0 is released // if shouldPerformUpgrade(sqlStore, VERSION_4_0_0, VERSION_4_1_0) { + + // Increase maximum length of the Users table Roles column. + if sqlStore.GetMaxLengthOfColumnIfExists("Users", "Roles") != "256" { + sqlStore.AlterColumnTypeIfExists("Users", "Roles", "varchar(256)", "varchar(256)") + } + sqlStore.RemoveTableIfExists("JobStatuses") // saveSchemaVersion(sqlStore, VERSION_4_1_0) // } diff --git a/store/sql_user_store.go b/store/sql_user_store.go index ab031ea19b2..64079c8d35d 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -62,7 +62,7 @@ func NewSqlUserStore(sqlStore SqlStore) UserStore { table.ColMap("Nickname").SetMaxSize(64) table.ColMap("FirstName").SetMaxSize(64) table.ColMap("LastName").SetMaxSize(64) - table.ColMap("Roles").SetMaxSize(64) + table.ColMap("Roles").SetMaxSize(256) table.ColMap("Props").SetMaxSize(4000) table.ColMap("NotifyProps").SetMaxSize(2000) table.ColMap("Locale").SetMaxSize(5) diff --git a/webapp/components/admin_console/custom_integrations_settings.jsx b/webapp/components/admin_console/custom_integrations_settings.jsx index 18fdd22fd85..3b5c511718c 100644 --- a/webapp/components/admin_console/custom_integrations_settings.jsx +++ b/webapp/components/admin_console/custom_integrations_settings.jsx @@ -25,6 +25,7 @@ export default class WebhookSettings extends AdminSettings { config.ServiceSettings.EnablePostUsernameOverride = this.state.enablePostUsernameOverride; config.ServiceSettings.EnablePostIconOverride = this.state.enablePostIconOverride; config.ServiceSettings.EnableOAuthServiceProvider = this.state.enableOAuthServiceProvider; + config.ServiceSettings.EnableUserAccessTokens = this.state.enableUserAccessTokens; return config; } @@ -37,7 +38,8 @@ export default class WebhookSettings extends AdminSettings { enableOnlyAdminIntegrations: config.ServiceSettings.EnableOnlyAdminIntegrations, enablePostUsernameOverride: config.ServiceSettings.EnablePostUsernameOverride, enablePostIconOverride: config.ServiceSettings.EnablePostIconOverride, - enableOAuthServiceProvider: config.ServiceSettings.EnableOAuthServiceProvider + enableOAuthServiceProvider: config.ServiceSettings.EnableOAuthServiceProvider, + enableUserAccessTokens: config.ServiceSettings.EnableUserAccessTokens }; } @@ -172,6 +174,23 @@ export default class WebhookSettings extends AdminSettings { value={this.state.enablePostIconOverride} onChange={this.handleChange} /> + + } + helpText={ + + } + value={this.state.enableUserAccessTokens} + onChange={this.handleChange} + /> ); } diff --git a/webapp/components/admin_console/manage_roles_modal/index.js b/webapp/components/admin_console/manage_roles_modal/index.js new file mode 100644 index 00000000000..1ca243621f8 --- /dev/null +++ b/webapp/components/admin_console/manage_roles_modal/index.js @@ -0,0 +1,25 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +import {connect} from 'react-redux'; +import {bindActionCreators} from 'redux'; +import {updateUserRoles} from 'mattermost-redux/actions/users'; + +import ManageRolesModal from './manage_roles_modal.jsx'; + +function mapStateToProps(state, ownProps) { + return { + ...ownProps, + userAccessTokensEnabled: state.entities.admin.config.ServiceSettings.EnableUserAccessTokens + }; +} + +function mapDispatchToProps(dispatch) { + return { + actions: bindActionCreators({ + updateUserRoles + }, dispatch) + }; +} + +export default connect(mapStateToProps, mapDispatchToProps)(ManageRolesModal); diff --git a/webapp/components/admin_console/manage_roles_modal/manage_roles_modal.jsx b/webapp/components/admin_console/manage_roles_modal/manage_roles_modal.jsx new file mode 100644 index 00000000000..2358f0241ff --- /dev/null +++ b/webapp/components/admin_console/manage_roles_modal/manage_roles_modal.jsx @@ -0,0 +1,349 @@ +// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +import * as UserUtils from 'mattermost-redux/utils/user_utils'; +import {Client4} from 'mattermost-redux/client'; +import {General} from 'mattermost-redux/constants'; + +import {trackEvent} from 'actions/diagnostics_actions.jsx'; + +import React from 'react'; +import {Modal} from 'react-bootstrap'; +import PropTypes from 'prop-types'; +import {FormattedMessage, FormattedHTMLMessage} from 'react-intl'; + +function getStateFromProps(props) { + const roles = props.user && props.user.roles ? props.user.roles : ''; + + return { + error: null, + hasPostAllRole: UserUtils.hasPostAllRole(roles), + hasPostAllPublicRole: UserUtils.hasPostAllPublicRole(roles), + hasUserAccessTokenRole: UserUtils.hasUserAccessTokenRole(roles), + isSystemAdmin: UserUtils.isSystemAdmin(roles) + }; +} + +export default class ManageRolesModal extends React.PureComponent { + static propTypes = { + + /** + * Set to render the modal + */ + show: PropTypes.bool.isRequired, + + /** + * The user the roles are being managed for + */ + user: PropTypes.object, + + /** + * Set if user access tokens are enabled + */ + userAccessTokensEnabled: PropTypes.bool.isRequired, + + /** + * Function called when modal is dismissed + */ + onModalDismissed: PropTypes.func.isRequired, + + actions: PropTypes.shape({ + + /** + * Function to update a user's roles + */ + updateUserRoles: PropTypes.func.isRequired + }).isRequired + }; + + constructor(props) { + super(props); + this.state = getStateFromProps(props); + } + + componentWillReceiveProps(nextProps) { + const user = this.props.user || {}; + const nextUser = nextProps.user || {}; + if (user.id !== nextUser.id) { + this.setState(getStateFromProps(nextProps)); + } + } + + handleError = (error) => { + this.setState({ + error + }); + } + + handleSystemAdminChange = (e) => { + if (e.target.name === 'systemadmin') { + this.setState({isSystemAdmin: true}); + } else if (e.target.name === 'systemmember') { + this.setState({isSystemAdmin: false}); + } + }; + + handleUserAccessTokenChange = (e) => { + this.setState({ + hasUserAccessTokenRole: e.target.checked + }); + }; + + handlePostAllChange = (e) => { + this.setState({ + hasPostAllRole: e.target.checked + }); + }; + + handlePostAllPublicChange = (e) => { + this.setState({ + hasPostAllPublicRole: e.target.checked + }); + }; + + trackRoleChanges = (roles, oldRoles) => { + if (UserUtils.hasUserAccessTokenRole(roles) && !UserUtils.hasUserAccessTokenRole(oldRoles)) { + trackEvent('actions', 'add_roles', {role: General.SYSTEM_USER_ACCESS_TOKEN_ROLE}); + } else if (!UserUtils.hasUserAccessTokenRole(roles) && UserUtils.hasUserAccessTokenRole(oldRoles)) { + trackEvent('actions', 'remove_roles', {role: General.SYSTEM_USER_ACCESS_TOKEN_ROLE}); + } + + if (UserUtils.hasPostAllRole(roles) && !UserUtils.hasPostAllRole(oldRoles)) { + trackEvent('actions', 'add_roles', {role: General.SYSTEM_POST_ALL_ROLE}); + } else if (!UserUtils.hasPostAllRole(roles) && UserUtils.hasPostAllRole(oldRoles)) { + trackEvent('actions', 'remove_roles', {role: General.SYSTEM_POST_ALL_ROLE}); + } + + if (UserUtils.hasPostAllPublicRole(roles) && !UserUtils.hasPostAllPublicRole(oldRoles)) { + trackEvent('actions', 'add_roles', {role: General.SYSTEM_POST_ALL_PUBLIC_ROLE}); + } else if (!UserUtils.hasPostAllPublicRole(roles) && UserUtils.hasPostAllPublicRole(oldRoles)) { + trackEvent('actions', 'remove_roles', {role: General.SYSTEM_POST_ALL_PUBLIC_ROLE}); + } + } + + handleSave = async () => { + this.setState({error: null}); + + let roles = General.SYSTEM_USER_ROLE; + + if (this.state.isSystemAdmin) { + roles += ' ' + General.SYSTEM_ADMIN_ROLE; + } else if (this.state.hasUserAccessTokenRole) { + roles += ' ' + General.SYSTEM_USER_ACCESS_TOKEN_ROLE; + if (this.state.hasPostAllRole) { + roles += ' ' + General.SYSTEM_POST_ALL_ROLE; + } else if (this.state.hasPostAllPublicRole) { + roles += ' ' + General.SYSTEM_POST_ALL_PUBLIC_ROLE; + } + } + + const data = await this.props.actions.updateUserRoles(this.props.user.id, roles); + + this.trackRoleChanges(roles, this.props.user.roles); + + if (data) { + this.props.onModalDismissed(); + } else { + this.handleError( + + ); + } + } + + renderContents = () => { + const {user} = this.props; + + if (user == null) { + return
; + } + + let name = UserUtils.getFullName(user); + if (name) { + name += ` (@${user.username})`; + } else { + name = `@${user.username}`; + } + + let additionalRoles; + if (this.state.hasUserAccessTokenRole || this.state.isSystemAdmin) { + additionalRoles = ( +
+

+ +

+
+ +
+
+ +
+
+ ); + } + + let userAccessTokenContent; + if (this.props.userAccessTokensEnabled) { + userAccessTokenContent = ( +
+
+ +
+
+ {additionalRoles} +
+
+ ); + } + + return ( +
+
+ +
+
+ {name} +
+
+ {user.email} +
+
+
+
+
+
+ +
+
+ +
+
+ {userAccessTokenContent} +
+
+ ); + } + + render() { + return ( + + + + + + + + {this.renderContents()} + {this.state.error} + + + + + + + ); + } +} diff --git a/webapp/components/admin_console/manage_teams_modal/manage_teams_modal.jsx b/webapp/components/admin_console/manage_teams_modal/manage_teams_modal.jsx index a579ab03c44..21f9d762d32 100644 --- a/webapp/components/admin_console/manage_teams_modal/manage_teams_modal.jsx +++ b/webapp/components/admin_console/manage_teams_modal/manage_teams_modal.jsx @@ -1,11 +1,10 @@ -import PropTypes from 'prop-types'; - // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. // See License.txt for license information. import React from 'react'; import {Modal} from 'react-bootstrap'; import {FormattedMessage} from 'react-intl'; +import PropTypes from 'prop-types'; import * as TeamActions from 'actions/team_actions.jsx'; @@ -29,14 +28,6 @@ export default class ManageTeamsModal extends React.Component { constructor(props) { super(props); - this.loadTeamsAndTeamMembers = this.loadTeamsAndTeamMembers.bind(this); - - this.handleError = this.handleError.bind(this); - this.handleMemberChange = this.handleMemberChange.bind(this); - this.handleMemberRemove = this.handleMemberRemove.bind(this); - - this.renderContents = this.renderContents.bind(this); - this.state = { error: null, teams: null, @@ -66,7 +57,7 @@ export default class ManageTeamsModal extends React.Component { } } - loadTeamsAndTeamMembers(user = this.props.user) { + loadTeamsAndTeamMembers = (user = this.props.user) => { TeamActions.getTeamsForUser(user.id, (teams) => { this.setState({ teams: teams.sort(sortTeamsByDisplayName) @@ -80,13 +71,13 @@ export default class ManageTeamsModal extends React.Component { }); } - handleError(error) { + handleError = (error) => { this.setState({ error }); } - handleMemberChange() { + handleMemberChange = () => { TeamActions.getTeamMembersForUser(this.props.user.id, (teamMembers) => { this.setState({ teamMembers @@ -94,14 +85,14 @@ export default class ManageTeamsModal extends React.Component { }); } - handleMemberRemove(teamId) { + handleMemberRemove = (teamId) => { this.setState({ teams: this.state.teams.filter((team) => team.id !== teamId), teamMembers: this.state.teamMembers.filter((teamMember) => teamMember.team_id !== teamId) }); } - renderContents() { + renderContents = () => { const {user} = this.props; const {teams, teamMembers} = this.state; diff --git a/webapp/components/admin_console/manage_teams_modal/remove_from_team_button.jsx b/webapp/components/admin_console/manage_teams_modal/remove_from_team_button.jsx index 28e9fde8f35..69579d46fd4 100644 --- a/webapp/components/admin_console/manage_teams_modal/remove_from_team_button.jsx +++ b/webapp/components/admin_console/manage_teams_modal/remove_from_team_button.jsx @@ -41,7 +41,7 @@ export default class RemoveFromTeamButton extends React.PureComponent { render() { return ( + ); + } +} diff --git a/webapp/components/admin_console/system_users/index.js b/webapp/components/admin_console/system_users/index.js index 8f1c0dc3515..261a11d7efa 100644 --- a/webapp/components/admin_console/system_users/index.js +++ b/webapp/components/admin_console/system_users/index.js @@ -4,7 +4,7 @@ import {connect} from 'react-redux'; import {bindActionCreators} from 'redux'; import {getTeams, getTeamStats} from 'mattermost-redux/actions/teams'; -import {getUser} from 'mattermost-redux/actions/users'; +import {getUser, getUserAccessToken} from 'mattermost-redux/actions/users'; import {getTeamsList} from 'mattermost-redux/selectors/entities/teams'; @@ -22,7 +22,8 @@ function mapDispatchToProps(dispatch) { actions: bindActionCreators({ getTeams, getTeamStats, - getUser + getUser, + getUserAccessToken }, dispatch) }; } diff --git a/webapp/components/admin_console/system_users/system_users.jsx b/webapp/components/admin_console/system_users/system_users.jsx index 5c8aa9bfd7d..4fbdc26d88d 100644 --- a/webapp/components/admin_console/system_users/system_users.jsx +++ b/webapp/components/admin_console/system_users/system_users.jsx @@ -54,7 +54,12 @@ export default class SystemUsers extends React.Component { /* * Function to get a user */ - getUser: PropTypes.func.isRequired + getUser: PropTypes.func.isRequired, + + /* + * Function to get a user access token + */ + getUserAccessToken: PropTypes.func.isRequired }).isRequired } @@ -240,7 +245,7 @@ export default class SystemUsers extends React.Component { (users) => { if (users.length === 0 && term.length === USER_ID_LENGTH) { // This term didn't match any users name, but it does look like it might be a user's ID - this.getUserById(term); + this.getUserByTokenOrId(term); } else { this.setState({loading: false}); } @@ -269,6 +274,22 @@ export default class SystemUsers extends React.Component { ); } + getUserByTokenOrId = async (id) => { + if (global.window.mm_config.EnableUserAccessTokens === 'true') { + const {data} = await this.props.actions.getUserAccessToken(id); + + if (data) { + this.term = data.user_id; + this.setState({term: data.user_id}); + this.updateUsersFromStore(this.state.teamId, data.user_id); + this.getUserById(data.user_id); + return; + } + } + + this.getUserById(id); + } + renderFilterRow(doSearch) { const teams = this.props.teams.map((team) => { return ( diff --git a/webapp/components/admin_console/system_users/system_users_dropdown.jsx b/webapp/components/admin_console/system_users/system_users_dropdown.jsx index fe53ade4432..1dbb6b325a7 100644 --- a/webapp/components/admin_console/system_users/system_users_dropdown.jsx +++ b/webapp/components/admin_console/system_users/system_users_dropdown.jsx @@ -8,7 +8,7 @@ import UserStore from 'stores/user_store.jsx'; import Constants from 'utils/constants.jsx'; import * as Utils from 'utils/utils.jsx'; -import {updateUserRoles, updateActive} from 'actions/user_actions.jsx'; +import {updateActive} from 'actions/user_actions.jsx'; import {adminResetMfa} from 'actions/admin_actions.jsx'; import {FormattedMessage} from 'react-intl'; @@ -19,28 +19,36 @@ import React from 'react'; export default class SystemUsersDropdown extends React.Component { static propTypes = { + + /* + * User to manage with dropdown + */ user: PropTypes.object.isRequired, + + /* + * Function to open password reset, takes user as an argument + */ doPasswordReset: PropTypes.func.isRequired, - doManageTeams: PropTypes.func.isRequired + + /* + * Function to open manage teams, takes user as an argument + */ + doManageTeams: PropTypes.func.isRequired, + + /* + * Function to open manage roles, takes user as an argument + */ + doManageRoles: PropTypes.func.isRequired, + + /* + * Function to open manage tokens, takes user as an argument + */ + doManageTokens: PropTypes.func.isRequired }; constructor(props) { super(props); - this.handleMakeMember = this.handleMakeMember.bind(this); - this.handleMakeActive = this.handleMakeActive.bind(this); - this.handleShowDeactivateMemberModal = this.handleShowDeactivateMemberModal.bind(this); - this.handleDeactivateMember = this.handleDeactivateMember.bind(this); - this.handleDeactivateCancel = this.handleDeactivateCancel.bind(this); - this.handleMakeSystemAdmin = this.handleMakeSystemAdmin.bind(this); - this.handleManageTeams = this.handleManageTeams.bind(this); - this.handleResetPassword = this.handleResetPassword.bind(this); - this.handleResetMfa = this.handleResetMfa.bind(this); - this.handleDemoteSystemAdmin = this.handleDemoteSystemAdmin.bind(this); - this.handleDemoteSubmit = this.handleDemoteSubmit.bind(this); - this.handleDemoteCancel = this.handleDemoteCancel.bind(this); - this.renderDeactivateMemberModal = this.renderDeactivateMemberModal.bind(this); - this.state = { serverError: null, showDemoteModal: false, @@ -50,28 +58,7 @@ export default class SystemUsersDropdown extends React.Component { }; } - doMakeMember() { - updateUserRoles( - this.props.user.id, - 'system_user', - null, - (err) => { - this.setState({serverError: err.message}); - } - ); - } - - handleMakeMember(e) { - e.preventDefault(); - const me = UserStore.getCurrentUser(); - if (this.props.user.id === me.id && me.roles.includes('system_admin')) { - this.handleDemoteSystemAdmin(this.props.user, 'member'); - } else { - this.doMakeMember(); - } - } - - handleMakeActive(e) { + handleMakeActive = (e) => { e.preventDefault(); updateActive(this.props.user.id, true, null, (err) => { @@ -80,31 +67,30 @@ export default class SystemUsersDropdown extends React.Component { ); } - handleMakeSystemAdmin(e) { - e.preventDefault(); - - updateUserRoles( - this.props.user.id, - 'system_user system_admin', - null, - (err) => { - this.setState({serverError: err.message}); - } - ); - } - - handleManageTeams(e) { + handleManageTeams = (e) => { e.preventDefault(); this.props.doManageTeams(this.props.user); } - handleResetPassword(e) { + handleManageRoles = (e) => { + e.preventDefault(); + + this.props.doManageRoles(this.props.user); + } + + handleManageTokens = (e) => { + e.preventDefault(); + + this.props.doManageTokens(this.props.user); + } + + handleResetPassword = (e) => { e.preventDefault(); this.props.doPasswordReset(this.props.user); } - handleResetMfa(e) { + handleResetMfa = (e) => { e.preventDefault(); adminResetMfa(this.props.user.id, @@ -115,7 +101,7 @@ export default class SystemUsersDropdown extends React.Component { ); } - handleDemoteSystemAdmin(user, role) { + handleDemoteSystemAdmin = (user, role) => { this.setState({ serverError: this.state.serverError, showDemoteModal: true, @@ -124,7 +110,7 @@ export default class SystemUsersDropdown extends React.Component { }); } - handleDemoteCancel() { + handleDemoteCancel = () => { this.setState({ serverError: null, showDemoteModal: false, @@ -133,7 +119,7 @@ export default class SystemUsersDropdown extends React.Component { }); } - handleDemoteSubmit() { + handleDemoteSubmit = () => { if (this.state.role === 'member') { this.doMakeMember(); } @@ -147,13 +133,13 @@ export default class SystemUsersDropdown extends React.Component { } } - handleShowDeactivateMemberModal(e) { + handleShowDeactivateMemberModal = (e) => { e.preventDefault(); this.setState({showDeactivateMemberModal: true}); } - handleDeactivateMember() { + handleDeactivateMember = () => { updateActive(this.props.user.id, false, null, (err) => { this.setState({serverError: err.message}); @@ -163,11 +149,11 @@ export default class SystemUsersDropdown extends React.Component { this.setState({showDeactivateMemberModal: false}); } - handleDeactivateCancel() { + handleDeactivateCancel = () => { this.setState({showDeactivateMemberModal: false}); } - renderDeactivateMemberModal() { + renderDeactivateMemberModal = () => { const title = ( ); - showMakeMember = false; - showMakeSystemAdmin = false; showMakeActive = true; showMakeNotActive = false; showManageTeams = false; @@ -267,44 +249,6 @@ export default class SystemUsersDropdown extends React.Component { disableActivationToggle = true; } - let makeSystemAdmin = null; - if (showMakeSystemAdmin) { - makeSystemAdmin = ( -
  • - - - -
    • - ); - } - - let makeMember = null; - if (showMakeMember) { - makeMember = ( -
  • - - - -
    • - ); - } - let menuClass = ''; if (disableActivationToggle) { menuClass = 'disabled'; @@ -427,6 +371,25 @@ export default class SystemUsersDropdown extends React.Component { ); } + let manageTokens; + if (global.window.mm_config.EnableUserAccessTokens === 'true') { + manageTokens = ( +
  • + + + +
    • + ); + } + let makeDemoteModal = null; if (this.props.user.id === me.id) { const title = ( @@ -498,11 +461,23 @@ export default class SystemUsersDropdown extends React.Component { className='dropdown-menu member-menu' role='menu' > - {makeMember} {makeActive} {makeNotActive} - {makeSystemAdmin} +
  • + + + +
    • {manageTeams} + {manageTokens} {mfaReset} {passwordReset} diff --git a/webapp/components/admin_console/system_users/system_users_list.jsx b/webapp/components/admin_console/system_users/system_users_list.jsx index 6d58137ff74..2863f9cec92 100644 --- a/webapp/components/admin_console/system_users/system_users_list.jsx +++ b/webapp/components/admin_console/system_users/system_users_list.jsx @@ -6,6 +6,8 @@ import PropTypes from 'prop-types'; import {FormattedMessage, FormattedHTMLMessage} from 'react-intl'; import ManageTeamsModal from 'components/admin_console/manage_teams_modal/manage_teams_modal.jsx'; +import ManageRolesModal from 'components/admin_console/manage_roles_modal'; +import ManageTokensModal from 'components/admin_console/manage_tokens_modal'; import ResetPasswordModal from 'components/admin_console/reset_password_modal.jsx'; import SearchableUserList from 'components/searchable_user_list/searchable_user_list.jsx'; @@ -14,6 +16,7 @@ const dispatch = store.dispatch; const getState = store.getState; import {getUser} from 'mattermost-redux/actions/users'; +import * as UserUtils from 'mattermost-redux/utils/user_utils'; import {Constants} from 'utils/constants.jsx'; import * as Utils from 'utils/utils.jsx'; @@ -37,21 +40,12 @@ export default class SystemUsersList extends React.Component { constructor(props) { super(props); - this.nextPage = this.nextPage.bind(this); - this.previousPage = this.previousPage.bind(this); - this.search = this.search.bind(this); - - this.doManageTeams = this.doManageTeams.bind(this); - this.doManageTeamsDismiss = this.doManageTeamsDismiss.bind(this); - - this.doPasswordReset = this.doPasswordReset.bind(this); - this.doPasswordResetDismiss = this.doPasswordResetDismiss.bind(this); - this.doPasswordResetSubmit = this.doPasswordResetSubmit.bind(this); - this.state = { page: 0, showManageTeamsModal: false, + showManageRolesModal: false, + showManageTokensModal: false, showPasswordModal: false, user: null }; @@ -63,17 +57,17 @@ export default class SystemUsersList extends React.Component { } } - nextPage() { + nextPage = () => { this.setState({page: this.state.page + 1}); this.props.nextPage(this.state.page + 1); } - previousPage() { + previousPage = () => { this.setState({page: this.state.page - 1}); } - search(term) { + search = (term) => { this.props.search(term); if (term !== '') { @@ -81,35 +75,63 @@ export default class SystemUsersList extends React.Component { } } - doManageTeams(user) { + doManageTeams = (user) => { this.setState({ showManageTeamsModal: true, user }); } - doManageTeamsDismiss() { + doManageRoles = (user) => { + this.setState({ + showManageRolesModal: true, + user + }); + } + + doManageTokens = (user) => { + this.setState({ + showManageTokensModal: true, + user + }); + } + + doManageTeamsDismiss = () => { this.setState({ showManageTeamsModal: false, user: null }); } - doPasswordReset(user) { + doManageRolesDismiss = () => { + this.setState({ + showManageRolesModal: false, + user: null + }); + } + + doManageTokensDismiss = () => { + this.setState({ + showManageTokensModal: false, + user: null + }); + } + + doPasswordReset = (user) => { this.setState({ showPasswordModal: true, user }); } - doPasswordResetDismiss() { + doPasswordResetDismiss = () => { this.setState({ showPasswordModal: false, user: null }); } - doPasswordResetSubmit(user) { + doPasswordResetSubmit = (user) => { getUser(user.id)(dispatch, getState); this.setState({ @@ -174,6 +196,35 @@ export default class SystemUsersList extends React.Component { } } + const userAccessTokensEnabled = global.window.mm_config.EnableUserAccessTokens === 'true'; + if (userAccessTokensEnabled) { + const hasPostAllRole = UserUtils.hasPostAllRole(user.roles); + const hasPostAllPublicRole = UserUtils.hasPostAllPublicRole(user.roles); + const hasUserAccessTokenRole = UserUtils.hasUserAccessTokenRole(user.roles); + const isSystemAdmin = UserUtils.isSystemAdmin(user.roles); + + let messageId = 'admin.user_item.userAccessTokenNo'; + if (hasUserAccessTokenRole || isSystemAdmin) { + if (isSystemAdmin) { + messageId = 'admin.user_item.userAccessTokenAdmin'; + } else if (hasPostAllRole) { + messageId = 'admin.user_item.userAccessTokenPostAll'; + } else if (hasPostAllPublicRole) { + messageId = 'admin.user_item.userAccessTokenPostAllPublic'; + } else { + messageId = 'admin.user_item.userAccessTokenYes'; + } + } + + info.push(', '); + info.push( + + ); + } + return info; } @@ -236,7 +287,9 @@ export default class SystemUsersList extends React.Component { actions={[SystemUsersDropdown]} actionProps={{ doPasswordReset: this.doPasswordReset, - doManageTeams: this.doManageTeams + doManageTeams: this.doManageTeams, + doManageRoles: this.doManageRoles, + doManageTokens: this.doManageTokens }} nextPage={this.nextPage} previousPage={this.previousPage} @@ -250,6 +303,16 @@ export default class SystemUsersList extends React.Component { show={this.state.showManageTeamsModal} onModalDismissed={this.doManageTeamsDismiss} /> + + {this.props.extraInfo}
    ); + extraInfo = (
    {this.props.extraInfo}
    ); } var submit = ''; @@ -95,15 +100,40 @@ export default class SettingItemMax extends React.Component { titleProp = this.props.title; } + let listContent = ( +
  • + {inputs} + {extraInfo} +
    • + ); + + if (this.props.infoPosition === 'top') { + listContent = ( +
  • + {extraInfo} + {inputs} +
    • + ); + } + + let cancelButtonText; + if (this.props.cancelButtonText) { + cancelButtonText = this.props.cancelButtonText; + } else { + cancelButtonText = ( + + ); + } + return (
      {title}
      • -
      • - {inputs} - {extraInfo} -
        • + {listContent}
      • {this.props.submitExtra} @@ -116,10 +146,7 @@ export default class SettingItemMax extends React.Component { href='#' onClick={this.props.updateSection} > - + {cancelButtonText}
      @@ -134,9 +161,15 @@ SettingItemMax.propTypes = { client_error: PropTypes.string, server_error: PropTypes.string, extraInfo: PropTypes.element, + infoPosition: PropTypes.string, updateSection: PropTypes.func, submit: PropTypes.func, title: PropTypes.node, width: PropTypes.string, - submitExtra: PropTypes.node + submitExtra: PropTypes.node, + cancelButtonText: PropTypes.node +}; + +SettingItemMax.defaultProps = { + infoPosition: 'bottom' }; diff --git a/webapp/components/user_settings/user_settings_security/index.js b/webapp/components/user_settings/user_settings_security/index.js index cdbabd05506..a3e83d7de17 100644 --- a/webapp/components/user_settings/user_settings_security/index.js +++ b/webapp/components/user_settings/user_settings_security/index.js @@ -3,20 +3,30 @@ import {connect} from 'react-redux'; import {bindActionCreators} from 'redux'; -import {getMe} from 'mattermost-redux/actions/users'; +import {getMe, getUserAccessTokensForUser, createUserAccessToken, revokeUserAccessToken, clearUserAccessTokens} from 'mattermost-redux/actions/users'; +import * as UserUtils from 'mattermost-redux/utils/user_utils'; import SecurityTab from './user_settings_security.jsx'; function mapStateToProps(state, ownProps) { + const tokensEnabled = state.entities.general.config.EnableUserAccessTokens === 'true'; + const userHasTokenRole = UserUtils.hasUserAccessTokenRole(ownProps.user.roles) || UserUtils.isSystemAdmin(ownProps.user.roles); + return { - ...ownProps + ...ownProps, + userAccessTokens: state.entities.users.myUserAccessTokens, + canUseAccessTokens: tokensEnabled && userHasTokenRole }; } function mapDispatchToProps(dispatch) { return { actions: bindActionCreators({ - getMe + getMe, + getUserAccessTokensForUser, + createUserAccessToken, + revokeUserAccessToken, + clearUserAccessTokens }, dispatch) }; } diff --git a/webapp/components/user_settings/user_settings_security/user_settings_security.jsx b/webapp/components/user_settings/user_settings_security/user_settings_security.jsx index b8ec690a489..5c9ad67e341 100644 --- a/webapp/components/user_settings/user_settings_security/user_settings_security.jsx +++ b/webapp/components/user_settings/user_settings_security/user_settings_security.jsx @@ -6,6 +6,7 @@ import SettingItemMax from 'components/setting_item_max.jsx'; import AccessHistoryModal from 'components/access_history_modal'; import ActivityLogModal from 'components/activity_log_modal'; import ToggleModalButton from 'components/toggle_modal_button.jsx'; +import ConfirmModal from 'components/confirm_modal.jsx'; import PreferenceStore from 'stores/preference_store.jsx'; @@ -13,15 +14,22 @@ import * as Utils from 'utils/utils.jsx'; import Constants from 'utils/constants.jsx'; import {updatePassword, getAuthorizedApps, deactivateMfa, deauthorizeOAuthApp} from 'actions/user_actions.jsx'; +import {trackEvent} from 'actions/diagnostics_actions.jsx'; +import {isMobile} from 'utils/user_agent.jsx'; import $ from 'jquery'; import PropTypes from 'prop-types'; import React from 'react'; -import {FormattedMessage, FormattedTime, FormattedDate} from 'react-intl'; +import * as UserUtils from 'mattermost-redux/utils/user_utils'; +import {FormattedMessage, FormattedTime, FormattedDate, FormattedHTMLMessage} from 'react-intl'; import {browserHistory, Link} from 'react-router/es6'; import icon50 from 'images/icon50x50.png'; +const TOKEN_CREATING = 'creating'; +const TOKEN_CREATED = 'created'; +const TOKEN_NOT_CREATING = 'not_creating'; + export default class SecurityTab extends React.Component { static propTypes = { user: PropTypes.object, @@ -31,26 +39,45 @@ export default class SecurityTab extends React.Component { closeModal: PropTypes.func.isRequired, collapseModal: PropTypes.func.isRequired, setEnforceFocus: PropTypes.func.isRequired, + + /* + * The user access tokens for the user + */ + userAccessTokens: PropTypes.object, + + /* + * Set if access tokens are enabled and this user can use them + */ + canUseAccessTokens: PropTypes.bool, + actions: PropTypes.shape({ - getMe: PropTypes.func.isRequired + getMe: PropTypes.func.isRequired, + + /* + * Function to get user access tokens for a user + */ + getUserAccessTokensForUser: PropTypes.func.isRequired, + + /* + * Function to create a user access token + */ + createUserAccessToken: PropTypes.func.isRequired, + + /* + * Function to revoke a user access token + */ + revokeUserAccessToken: PropTypes.func.isRequired, + + /* + * Function to clear user access tokens locally + */ + clearUserAccessTokens: PropTypes.func.isRequired }).isRequired } constructor(props) { super(props); - this.submitPassword = this.submitPassword.bind(this); - this.setupMfa = this.setupMfa.bind(this); - this.removeMfa = this.removeMfa.bind(this); - this.updateCurrentPassword = this.updateCurrentPassword.bind(this); - this.updateNewPassword = this.updateNewPassword.bind(this); - this.updateConfirmPassword = this.updateConfirmPassword.bind(this); - this.getDefaultState = this.getDefaultState.bind(this); - this.createPasswordSection = this.createPasswordSection.bind(this); - this.createSignInSection = this.createSignInSection.bind(this); - this.createOAuthAppsSection = this.createOAuthAppsSection.bind(this); - this.deauthorizeApp = this.deauthorizeApp.bind(this); - this.state = this.getDefaultState(); } @@ -61,6 +88,8 @@ export default class SecurityTab extends React.Component { confirmPassword: '', passwordError: '', serverError: '', + tokenError: '', + showConfirmModal: false, authService: this.props.user.auth_service }; } @@ -73,11 +102,18 @@ export default class SecurityTab extends React.Component { }, (err) => { this.setState({serverError: err.message}); //eslint-disable-line react/no-did-mount-set-state - }); + } + ); + } + + if (this.props.canUseAccessTokens) { + this.props.actions.clearUserAccessTokens(); + const userId = this.props.user ? this.props.user.id : ''; + this.props.actions.getUserAccessTokensForUser(userId, 0, 200); } } - submitPassword(e) { + submitPassword = (e) => { e.preventDefault(); var user = this.props.user; @@ -127,12 +163,12 @@ export default class SecurityTab extends React.Component { ); } - setupMfa(e) { + setupMfa = (e) => { e.preventDefault(); browserHistory.push('/mfa/setup'); } - removeMfa() { + removeMfa = () => { deactivateMfa( () => { if (global.window.mm_license.MFA === 'true' && @@ -157,19 +193,19 @@ export default class SecurityTab extends React.Component { ); } - updateCurrentPassword(e) { + updateCurrentPassword = (e) => { this.setState({currentPassword: e.target.value}); } - updateNewPassword(e) { + updateNewPassword = (e) => { this.setState({newPassword: e.target.value}); } - updateConfirmPassword(e) { + updateConfirmPassword = (e) => { this.setState({confirmPassword: e.target.value}); } - deauthorizeApp(e) { + deauthorizeApp = (e) => { e.preventDefault(); const appId = e.currentTarget.getAttribute('data-app'); deauthorizeOAuthApp( @@ -183,10 +219,11 @@ export default class SecurityTab extends React.Component { }, (err) => { this.setState({serverError: err.message}); - }); + } + ); } - createMfaSection() { + createMfaSection = () => { let updateSectionStatus; let submit; @@ -321,7 +358,7 @@ export default class SecurityTab extends React.Component { ); } - createPasswordSection() { + createPasswordSection = () => { let updateSectionStatus; if (this.props.activeSection === 'password') { @@ -578,7 +615,7 @@ export default class SecurityTab extends React.Component { ); } - createSignInSection() { + createSignInSection = () => { let updateSectionStatus; const user = this.props.user; @@ -793,7 +830,7 @@ export default class SecurityTab extends React.Component { ); } - createOAuthAppsSection() { + createOAuthAppsSection = () => { let updateSectionStatus; if (this.props.activeSection === 'apps') { @@ -929,6 +966,368 @@ export default class SecurityTab extends React.Component { ); } + startCreatingToken = () => { + this.setState({tokenCreationState: TOKEN_CREATING}); + } + + stopCreatingToken = () => { + this.setState({tokenCreationState: TOKEN_NOT_CREATING}); + } + + handleCreateToken = async () => { + this.handleCancelConfirm(); + + const description = this.refs.newtokendescription ? this.refs.newtokendescription.value : ''; + + if (description === '') { + this.setState({tokenError: Utils.localizeMessage('user.settings.tokens.nameRequired', 'Please enter a name.')}); + return; + } + + this.setState({tokenError: ''}); + + const userId = this.props.user ? this.props.user.id : ''; + const {data, error} = await this.props.actions.createUserAccessToken(userId, description); + + if (data) { + this.setState({tokenCreationState: TOKEN_CREATED, newToken: data}); + } else if (error) { + this.setState({serverError: error.message}); + } + } + + handleCancelConfirm = () => { + this.setState({ + showConfirmModal: false, + confirmTitle: null, + confirmMessage: null, + confirmButton: null, + confirmComplete: null + }); + } + + confirmCreateToken = () => { + if (UserUtils.isSystemAdmin(this.props.user.roles)) { + this.setState({ + showConfirmModal: true, + confirmTitle: ( + + ), + confirmMessage: ( +
      + +
      + ), + confirmButton: ( + + ), + confirmComplete: () => { + this.handleCreateToken(); + trackEvent('settings', 'system_admin_create_user_access_token'); + } + }); + + return; + } + + this.handleCreateToken(); + } + + saveTokenKeyPress = (e) => { + if (e.which === Constants.KeyCodes.ENTER) { + this.confirmCreateToken(); + } + } + + confirmRevokeToken = (tokenId) => { + const token = this.props.userAccessTokens[tokenId]; + + this.setState({ + showConfirmModal: true, + confirmTitle: ( + + ), + confirmMessage: ( +
      + +
      + ), + confirmButton: ( + + ), + confirmComplete: () => { + this.revokeToken(tokenId); + trackEvent('settings', 'revoke_user_access_token'); + } + }); + } + + revokeToken = async (tokenId) => { + const {error} = await this.props.actions.revokeUserAccessToken(tokenId); + if (error) { + this.setState({serverError: error.message}); + } + this.handleCancelConfirm(); + } + + createTokensSection = () => { + let updateSectionStatus; + + if (this.props.activeSection === 'tokens') { + const tokenList = []; + Object.values(this.props.userAccessTokens).forEach((token) => { + if (this.state.newToken && this.state.newToken.id === token.id) { + return; + } + + tokenList.push( +
      +
      + {token.description} +
      +
      + + {token.id} +
      + +
      +
      + ); + }); + + if (tokenList.length === 0) { + tokenList.push( + + ); + } + let extraInfo; + + if (isMobile()) { + extraInfo = ( + + + + ); + } else { + extraInfo = ( + + + + ); + } + + let newTokenSection; + if (this.state.tokenCreationState === TOKEN_CREATING) { + newTokenSection = ( +
      +
      + +
      + +
      +
      +
      +
      + +
      +
      + +
      + + +
      +
      + ); + } else if (this.state.tokenCreationState === TOKEN_CREATED) { + newTokenSection = ( +
      + + +
      +
      + + {this.state.newToken.description} +
      + + {this.state.newToken.id} +
      + + + {this.state.newToken.token} + +
      + ); + } else { + newTokenSection = ( + + + + ); + } + + const inputs = []; + inputs.push( +
      +
      +
      + {tokenList} +
      +
      + {newTokenSection} +
      +
      + ); + + updateSectionStatus = function resetSection(e) { + this.props.updateSection(''); + this.setState({newToken: null, tokenCreationState: TOKEN_NOT_CREATING, serverError: null, tokenError: ''}); + e.preventDefault(); + }.bind(this); + + return ( + + } + /> + ); + } + + const describe = Utils.localizeMessage('user.settings.tokens.clickToEdit', "Click 'Edit' to manage your user access tokens"); + + updateSectionStatus = function updateSection() { + this.props.updateSection('tokens'); + }.bind(this); + + return ( + + ); + } + render() { const user = this.props.user; const config = window.mm_config; @@ -959,6 +1358,11 @@ export default class SecurityTab extends React.Component { oauthSection = this.createOAuthAppsSection(); } + let tokensSection; + if (this.props.canUseAccessTokens) { + tokensSection = this.createTokensSection(); + } + return (
      @@ -1001,6 +1405,8 @@ export default class SecurityTab extends React.Component {
      {oauthSection}
      + {tokensSection} +
      {signInSection}

      @@ -1014,7 +1420,7 @@ export default class SecurityTab extends React.Component { defaultMessage='View Access History' /> - +
      + {})} //eslint-disable-line no-empty-function + onCancel={this.handleCancelConfirm} + />
      ); } diff --git a/webapp/i18n/en.json b/webapp/i18n/en.json index 79d291e4756..58674dd3c19 100755 --- a/webapp/i18n/en.json +++ b/webapp/i18n/en.json @@ -745,6 +745,10 @@ "admin.select_team.close": "Close", "admin.select_team.select": "Select", "admin.select_team.selectTeam": "Select Team", + "admin.service.userAccessTokensTitle": "Enable User Access Tokens: ", + "admin.service.userAccessTokensDescription": "When true, users can create user access tokens for integrations in Account Settings > Security. They can be used to authenticate against the API and give full access to the account.

      To manage who can create user access tokens, go to the System Console > Users page.", + "admin.service.userAccessTokensNameLabel": "Name: ", + "admin.service.userAccessTokensIdLabel": "Token ID: ", "admin.service.attemptDescription": "Number of login attempts allowed before a user is locked out and required to reset their password via email.", "admin.service.attemptExample": "E.g.: \"10\"", "admin.service.attemptTitle": "Maximum Login Attempts:", @@ -954,6 +958,26 @@ "admin.team_analytics.activeUsers": "Active Users With Posts", "admin.team_analytics.totalPosts": "Total Posts", "admin.true": "true", + "admin.manage_tokens.userAccessTokensNone": "No user access tokens.", + "admin.manage_tokens.manageTokensTitle": "Manage User Access Tokens", + "admin.manage_tokens.userAccessTokensDescription": "User access tokens function similar to session tokens and can be used by integrations to authenticate against the REST API. Learn more about user access tokens.", + "admin.manage_roles.saveError": "Unable to save roles.", + "admin.manage_roles.additionalRoles": "Select additional permissions for the account. Read more about roles and permissions.", + "admin.manage_roles.postAllRoleTitle": "post:all", + "admin.manage_roles.postAllRole": "Access to post to all Mattermost channels including direct messages.", + "admin.manage_roles.postAllPublicRoleTitle": "post:channels", + "admin.manage_roles.postAllPublicRole": "Access to post to all Mattermost public channels.", + "admin.manage_roles.allowUserAccessTokens": "Allow this account to generate user access tokens.", + "admin.manage_roles.systemAdmin": "System Admin", + "admin.manage_roles.systemMember": "Member", + "admin.manage_roles.manageRolesTitle": "Manage Roles", + "admin.manage_roles.cancel": "Cancel", + "admin.manage_roles.save": "Save", + "admin.user_item.userAccessTokenNo": "User Access Tokens: No", + "admin.user_item.userAccessTokenAdmin": "User Access Tokens: Yes (with system_admin)", + "admin.user_item.userAccessTokenPostAll": "User Access Tokens: Yes (with post:all)", + "admin.user_item.userAccessTokenPostAllPublic": "User Access Tokens: Yes (with post:channels)", + "admin.user_item.userAccessTokenYes": "User Access Tokens: Yes", "admin.user_item.authServiceEmail": "Sign-in Method: Email", "admin.user_item.authServiceNotEmail": "Sign-in Method: {service}", "admin.user_item.confirmDemoteDescription": "If you demote yourself from the System Admin role and there is not another user with System Admin privileges, you'll need to re-assign a System Admin by accessing the Mattermost server through a terminal and running the following command.", @@ -968,6 +992,8 @@ "admin.user_item.makeSysAdmin": "Make System Admin", "admin.user_item.makeTeamAdmin": "Make Team Admin", "admin.user_item.manageTeams": "Manage Teams", + "admin.user_item.manageRoles": "Manage Roles", + "admin.user_item.manageTokens": "Manage Tokens", "admin.user_item.member": "Member", "admin.user_item.mfaNo": "MFA: No", "admin.user_item.mfaYes": "MFA: Yes", @@ -2434,6 +2460,27 @@ "user.settings.push_notification.send": "Send mobile push notifications", "user.settings.push_notification.status": "Trigger push notifications when", "user.settings.push_notification.status_info": "Notification alerts are only pushed to your mobile device when your online status matches the selection above.", + "user.settings.tokens.confirmCreateTitle": "Create System Admin User Access Token", + "user.settings.tokens.confirmCreateMessage": "You are generating a user access token with System Admin permissions. Are you sure want to create this token?", + "user.settings.tokens.confirmCreateButton": "Yes, Create", + "user.settings.tokens.confirmDeleteTitle": "Delete {name} Token?", + "user.settings.tokens.confirmDeleteMessage": "Any integrations using this token will no longer be able to access the Mattermost API. You cannot undo this action. Are you sure want to delete this token?", + "user.settings.tokens.confirmDeleteButton": "Yes, Delete", + "user.settings.tokens.tokenId": "Token ID: ", + "user.settings.tokens.delete": "Delete", + "user.settings.tokens.userAccessTokensNone": "No user access tokens.", + "user.settings.tokens.description": "User access tokens function similar to session tokens and can be used by integrations to authenticate against the REST API.", + "user.settings.tokens.description_mobile": "User access tokens function similar to session tokens and can be used by integrations to authenticate against the REST API. Create new tokens on your desktop.", + "user.settings.tokens.name": "Name: ", + "user.settings.tokens.nameDescription": "Give a name for your token, so you remember what it’s used for. A token is generated after you hit \"Save\".", + "user.settings.tokens.save": "Save", + "user.settings.tokens.cancel": "Cancel", + "user.settings.tokens.id": "ID: ", + "user.settings.tokens.token": "Token: ", + "user.settings.tokens.copy": "Please copy the token below. You won't be able to see it again!", + "user.settings.tokens.create": "Create New Token", + "user.settings.tokens.title": "User Access Tokens", + "user.settings.tokens.clickToEdit": "Click 'Edit' to manage your user access tokens", "user.settings.security.active": "Active", "user.settings.security.close": "Close", "user.settings.security.currentPassword": "Current Password", diff --git a/webapp/sass/components/_alerts.scss b/webapp/sass/components/_alerts.scss index cb4c9c9e19d..e0444de39ad 100644 --- a/webapp/sass/components/_alerts.scss +++ b/webapp/sass/components/_alerts.scss @@ -11,3 +11,4 @@ margin: 1px 0 0 10px; padding: 4px 10px; } + diff --git a/webapp/sass/layout/_content.scss b/webapp/sass/layout/_content.scss index 933f57c3235..7bf6c08ad15 100644 --- a/webapp/sass/layout/_content.scss +++ b/webapp/sass/layout/_content.scss @@ -87,3 +87,9 @@ .delete-message-text { margin-top: 10px; } + +.col-sm-auto { + padding-left: 15px; + padding-right: 15px; +} + diff --git a/webapp/sass/layout/_forms.scss b/webapp/sass/layout/_forms.scss index 143879e2c4e..a49acf3e3a1 100644 --- a/webapp/sass/layout/_forms.scss +++ b/webapp/sass/layout/_forms.scss @@ -91,35 +91,3 @@ } } } - -.padding-top { - padding-top: 7px; - - &.x2 { - padding-top: 14px; - } - - &.x3 { - padding-top: 21px; - } -} - -.padding-bottom { - padding-bottom: 7px; - - &.x2 { - padding-bottom: 14px; - } - - &.x3 { - padding-bottom: 21px; - } - - .control-label { - font-weight: 600; - - &.text-left { - text-align: left; - } - } -} diff --git a/webapp/sass/responsive/_tablet.scss b/webapp/sass/responsive/_tablet.scss index ef4c2e8e5cd..ef68d51751e 100644 --- a/webapp/sass/responsive/_tablet.scss +++ b/webapp/sass/responsive/_tablet.scss @@ -212,12 +212,14 @@ } } } + .post { .attachment { .attachment__image { &.attachment__image--openraph { max-height: 70px; max-width: 300px; + &.loading { height: 70px; } @@ -229,6 +231,10 @@ // Tablet and desktop @media screen and (min-width: 768px) { + .col-sm-auto { + float: left; + } + .second-bar { display: none; } diff --git a/webapp/sass/routes/_admin-console.scss b/webapp/sass/routes/_admin-console.scss index 4fe45d9b878..2d4ca6be139 100644 --- a/webapp/sass/routes/_admin-console.scss +++ b/webapp/sass/routes/_admin-console.scss @@ -78,7 +78,7 @@ .log__panel { background-color: white; - border: 1px solid #ddd; + border: $border-gray; height: calc(100vh - 200px); margin-top: 10px; overflow: scroll; @@ -180,7 +180,7 @@ .banner { background: $white; - border: 1px solid #ddd; + border: $border-gray; font-size: .95em; margin: 2em 0; padding: .8em 1.5rem; @@ -535,11 +535,34 @@ .manage-teams { .manage-teams__user { align-items: center; - border-bottom-color: lightgray; - border-bottom-style: solid; - border-bottom-width: 1px; display: flex; - padding-bottom: 15px; + } + + .manage-teams__teams { + border-top: $border-gray; + margin: 1em 0 .3em; + + .btn-link { + &.danger { + color: #c55151; + } + } + } + + .member-row--padded { + padding-left: 20px; + + strong { + margin-right: 10px; + } + } + + .manage-row--inner { + padding: 15px 0 4px; + + & + div { + border-top: $border-gray; + } } .manage-teams__profile-picture { @@ -573,21 +596,31 @@ padding-right: 10px; } - .manage-teams__team { - align-items: center; - display: flex; - padding: 10px; + .manage-teams__teams { + margin-top: 1em; + + .manage-row__empty { + padding: 9px 0; + } } - .manage-teams__team + .manage-teams__team { - border-top-color: lightgray; - border-top-style: solid; - border-top-width: 1px; + .manage-teams__team { + align-items: center; + border-bottom: $border-gray; + display: flex; + padding: 7px 10px; + + .btn { + font-size: .9em; + } + + .dropdown { + padding: 6px 0; + } } .manage-teams__team-name { flex: 1; - font-weight: bold; overflow: hidden; text-overflow: ellipsis; } diff --git a/webapp/sass/routes/_settings.scss b/webapp/sass/routes/_settings.scss index 3c5565194f3..f3341720032 100644 --- a/webapp/sass/routes/_settings.scss +++ b/webapp/sass/routes/_settings.scss @@ -360,6 +360,22 @@ padding: 0; } + .setting-box__item { + &:first-child { + padding-top: 3px; + } + + &:last-child { + hr { + display: none; + } + } + } + + .setting-box__token-id { + margin: 4px 0; + } + .setting-list__hint { margin-top: 20px; } diff --git a/webapp/sass/utils/_modifiers.scss b/webapp/sass/utils/_modifiers.scss index aa89fc10718..467b9a0868c 100644 --- a/webapp/sass/utils/_modifiers.scss +++ b/webapp/sass/utils/_modifiers.scss @@ -1,33 +1,105 @@ @charset 'UTF-8'; -.margin--right { - margin-right: 5px; +.padding-top { + padding-top: 7px; &.x2 { - margin-right: 10px; + padding-top: 14px; + } + + &.x3 { + padding-top: 21px; } } -.margin--left { - margin-left: 5px; +.padding-bottom { + padding-bottom: 7px; &.x2 { - margin-left: 10px; + padding-bottom: 14px; + } + + &.x3 { + padding-bottom: 21px; + } + + .control-label { + font-weight: 600; + + &.text-left { + text-align: left; + } } } -.padding--right { - padding-right: 5px; +.padding-left { + padding-left: 7px; &.x2 { - padding-right: 10px; + padding-left: 14px; + } + + &.x3 { + padding-left: 21px; } } -.padding--left { - padding-left: 5px; +.padding-right { + padding-right: 7px; &.x2 { - padding-left: 10px; + padding-right: 14px; + } + + &.x3 { + padding-right: 21px; + } +} + +.margin-right { + margin-right: 7px; + + &.x2 { + margin-right: 14px; + } + + &.x3 { + margin-right: 21px; + } +} + +.margin-left { + margin-left: 7px; + + &.x2 { + margin-left: 14px; + } + + &.x3 { + margin-left: 21px; + } +} + +.margin-top { + margin-top: 7px; + + &.x2 { + margin-top: 14px; + } + + &.x3 { + margin-top: 21px; + } +} + +.margin-bottom { + margin-bottom: 7px; + + &.x2 { + margin-bottom: 14px; + } + + &.x3 { + margin-bottom: 21px; } } diff --git a/webapp/utils/utils.jsx b/webapp/utils/utils.jsx index 658ccd74bea..94a2cf2865f 100644 --- a/webapp/utils/utils.jsx +++ b/webapp/utils/utils.jsx @@ -579,7 +579,7 @@ export function applyTheme(theme) { if (theme.centerChannelBg) { changeCss('@media(min-width: 768px){.app__body .post:hover .post__header .col__reply, .app__body .post.post--hovered .post__header .col__reply', 'background:' + theme.centerChannelBg); changeCss('@media(max-width: 320px){.tutorial-steps__container', 'background:' + theme.centerChannelBg); - changeCss('.app__body .status-wrapper .status_dropdown__toggle .status .icon__container:after, .app__body .app__content, .app__body .markdown__table, .app__body .markdown__table tbody tr, .app__body .suggestion-list__content, .app__body .modal .modal-content, .app__body .modal .modal-footer, .app__body .post.post--compact .post-image__column, .app__body .suggestion-list__divider > span, .app__body .status-wrapper .status', 'background:' + theme.centerChannelBg); + changeCss('.app__body .status-wrapper .status_dropdown__toggle .status .icon__container:after, .app__body .app__content, .app__body .markdown__table, .app__body .markdown__table tbody tr, .app__body .suggestion-list__content, .app__body .modal .modal-content, .app__body .modal .modal-footer, .app__body .post.post--compact .post-image__column, .app__body .suggestion-list__divider > span, .app__body .status-wrapper .status, .app__body .alert.alert-transparent', 'background:' + theme.centerChannelBg); changeCss('#post-list .post-list-holder-by-time, .app__body .post .dropdown-menu a', 'background:' + theme.centerChannelBg); changeCss('#post-create', 'background:' + theme.centerChannelBg); changeCss('.app__body .date-separator .separator__text, .app__body .new-separator .separator__text', 'background:' + theme.centerChannelBg); @@ -601,7 +601,7 @@ export function applyTheme(theme) { if (theme.centerChannelColor) { changeCss('.app__body .mentions__name .status.status--group, .app__body .multi-select__note', 'background:' + changeOpacity(theme.centerChannelColor, 0.12)); - changeCss('.app__body .channel-header .channel-header__icon, .app__body .search-bar__container .search__form', 'border-color:' + changeOpacity(theme.centerChannelColor, 0.12)); + changeCss('.app__body .alert.alert-transparent, .app__body .channel-header .channel-header__icon, .app__body .search-bar__container .search__form', 'border-color:' + changeOpacity(theme.centerChannelColor, 0.12)); changeCss('.app__body .post-list__arrows, .app__body .post .flag-icon__container', 'fill:' + changeOpacity(theme.centerChannelColor, 0.3)); changeCss('@media(min-width: 768px){.app__body .search__icon svg', 'stroke:' + changeOpacity(theme.centerChannelColor, 0.4)); changeCss('.app__body .channel-header__icon svg', 'fill:' + changeOpacity(theme.centerChannelColor, 0.4)); diff --git a/webapp/yarn.lock b/webapp/yarn.lock index 50d83248ba7..13d9c630cac 100644 --- a/webapp/yarn.lock +++ b/webapp/yarn.lock @@ -5004,7 +5004,7 @@ math-expression-evaluator@^1.2.14: mattermost-redux@mattermost/mattermost-redux#master: version "0.0.1" - resolved "https://codeload.github.com/mattermost/mattermost-redux/tar.gz/9797cb8bd8fa61252336a7c6150bd364f7ca28b1" + resolved "https://codeload.github.com/mattermost/mattermost-redux/tar.gz/d3a8c94d59a687a957ca8808fbe1b9cb76077bce" dependencies: deep-equal "1.0.1" harmony-reflect "1.5.1"