145 commits

Author	SHA1	Message	Date
Pablo Vélez	b0185d9817	update packages to Fix npm audit vulnerabilities (#35810) ... * Fix npm audit vulnerabilities and replace image-webpack-loader with sharp * remove dead webp config and restore SVG optimization via svgoMinify * fix import order * removed unused gif from testing, and add missing peer dependency * make sure only svgs are parsed * scope svgoMinify to src- SVGs via loader rule * remove redundant npm overrides per review feedback --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-22 17:57:53 +02:00
David Krauser	e8632bd456	[MM-68777] Add admin property field permission level (#36558)	2026-05-22 11:01:41 -04:00
cursor[bot]	6ee3fb9af1	Fix membership policy edit action navigation (#36690) ... Automatic Merge	2026-05-22 01:23:39 +02:00
Ibrahim Serdar Acikgoz	ba1cec51a5	[MM-68693] Resource level permission policies and new simulation (#36472)	2026-05-21 14:40:05 +02:00
Maria A Nunez	c4b36dee16	Add user attribute validation banners (#36595) ... * Add user attribute validation banners Add row-level and banner validation coverage for user attribute names so admins get clearer feedback before saving invalid attributes. Co-authored-by: Cursor <cursoragent@cursor.com> * UX Feedback --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-20 17:23:18 -04:00
Jesse Hallam	41f3b22679	Fix flaky E2E tests (Cypress + Playwright) (#36637) ... * Fix flaky email sort test by ignoring punctuation in localeCompare PostgreSQL's en_US.UTF-8 collation ignores hyphens at the primary sort level, but JS localeCompare() on a C-locale CI runner uses byte order, causing the expected and actual sort orders to diverge for emails containing hyphens. Passing ignorePunctuation:true aligns JS collation with Postgres behavior. * E2E/Cypress: re-enable CYPRESS_* env var overrides allowCypressEnv: false was introduced in the v15.13 upgrade (PR #36091) but broke the existing CYPRESS_adminUsername / CYPRESS_adminPassword override mechanism that local and CI runners depend on. * E2E/Cypress: fix MM-T1508 accessibility image test flakiness The test was failing because the admin user could have a stale compact display mode preference from a previous spec, causing post avatars to render with pointer-events: none and blocking the .status-wrapper click. Two fixes: - resetUserPreference() now resets message_display to 'clean' so compact mode doesn't leak across spec files - accessibility_image_spec before() now runs as a fresh user with default preferences rather than the shared admin account	2026-05-20 10:46:17 +08:00
Andre Vasconcelos	23b4d8275b	MM-68197 Show classification banners in web and desktop apps (#36490) ... * Add Classification Markings admin console page Adds a new admin console page under Site Configuration for managing classification markings. This allows system administrators to define classification levels (e.g., UNCLASSIFIED, SECRET, TOP SECRET) with associated colors and rank ordering, which will be used for system-wide and per-channel classification banners. The page includes: - Enable/disable toggle backed by the property field system (field existence = enabled) - Country preset dropdown (US DoD, NATO, UK GSCP, Canada, Australia PSPF) that auto-fills standard classification levels - Editable classification levels table with drag-and-drop reorder, inline text editing, color picker, and delete - Auto-switch to "Custom" preset when levels are manually modified - Confirmation dialog when switching presets would overwrite custom data Also adds: - ClassificationMarkings feature flag (default off) - Generic property field client methods (get/create/patch/delete) for the /api/v4/properties/ endpoints - Enterprise license + feature flag gating on the admin page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix classification markings: add validation, error handling, and system object type - Add "system" as a valid property field object type so the classification markings API calls succeed - Surface load errors instead of silently swallowing them (only suppress 404 for unconfigured state) - Validate before save: require at least one level, non-empty names, and no duplicates - Default to custom preset with empty levels on first open - Add section strings to searchableStrings for admin console search Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Move classification field to CPA group targeting users Store the classification markings property field in the custom_profile_attributes group with object_type 'user' instead of the attributes group with object_type 'system'. Clear target_id for PSAv2 system target compliance and mark the field as admin-managed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Stabilize preset option IDs and add danger warning on preset switch Hardcode deterministic IDs for all preset classification levels so switching away and back preserves option IDs, preventing orphaned property values. Compare only level data (not preset label) for change detection so cosmetic preset switches don't trigger false save states. Show a danger modal with red confirm button when changing presets on an existing field, warning about system-wide impact on classified resources. The warning appears once per session then allows frictionless switching. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove system object type from property fields Not needed yet — will be added when system/channel banners are implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix ESLint errors in classification markings admin page Fix import ordering and remove unused generateId import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Address CodeRabbit review feedback for classification markings - Register property field API endpoints when ClassificationMarkings flag is enabled (not just IntegratedBoards) to prevent 404s - Preserve preset option IDs when creating a new classification field instead of blanking them with empty strings - Add sysconsole read/write permission constants for classification markings across server and webapp, and wire up resource-level permission checks in the admin definition Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add rank attribute to classification marking options Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add classification markings permissions migration and read-only support Add a permissions migration to grant classification markings sysconsole permissions to existing roles on upgrade. Wire up the disabled prop so read-only users can view but not edit classification settings. Register the permission in the Delegated Granular Administration UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Paginate loadField to find classification field beyond first page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors and warnings in classification markings Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove classification markings sysconsole permissions; gate on sysadmin instead Classification markings admin page no longer uses feature-specific read/write permissions. Visibility is gated on license + feature flag, editing is gated on system admin role. This avoids coupling feature-specific permissions to the generic property service. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Set sysadmin-level permissions on classification markings field creation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Use stable IDs instead of array indices for classification level operations Switch updateLevel/deleteLevel to identify levels by ID rather than index, sort levels by rank on load, and extract i18n strings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor classification markings into extracted helper functions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add tests for classification markings admin console feature Add unit and component tests covering: - Pure function tests for detectPreset, optionsToLevels, levelsToOptions, processClassificationField, and fetchClassificationField pagination logic - React component tests for rendering states, validation, and user interactions - Client4 property field method tests for URL construction and HTTP verbs - Server routing test verifying routes register with ClassificationMarkings flag - Feature flag default and serialization test Export pure functions from classification_markings.tsx to enable direct testing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors in classification markings tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix test compilation error * Fix color input auto-filling after 3 hex characters in classification markings Buffer ColorInput onChange in a LevelColorCell wrapper so the table doesn't re-render mid-typing, preventing the input from losing its focus-guarded local state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fixing style issues with color picker z-index * Added fix to prevent immediate dismissal when clicking inside color picker * Adding E2E test suite for configuration * Removing duplicates * Fixing unrelated linter error * Fixing test linting issues * Updating tests to skip appropriately * Matching configuration to UX specs * Fixing style lint * Added informational banner for presentational nature of markings * Enabling the markings flag on playwright server * Added missing feature flag to e2e test environment in ci * Reverting changes to color_input - Not needed as we're using a custom component * Added and polished global banner configuration * Refactoring webapp for readability - Separating components - Adding unit tests - Isolating helper methods into utilities * Fixing linter errors * linter fix * Manually fixing linter issues * Separating global classification component * Added persistence of classification marking configuration * Changing LevelID with LevelName * Making changes for PR reviews * Changing property object of classification field to template * syncing i18n file * Removing inaccurate note from comments * PR fixes for UX review * Cleaning up unused value * Added GlobalClassificationBanner component - Made sure it syncs on change by using normal configuration values on it - Works with "top" and "top_and_bottom" - Renders on both root and admin_console * Adding E2E test cases for global classification * Linter fixes, i18n extract * PR Fixes * Linter fix * Matching default messages * Fixing type errors * Fixing pipeline and runtime errors * Fixing announcementbar rendering on top of global classifications * Increasing banner & font sizes * Fixing font size to 12px instead of 16px - I read it wrong * Replacing config values with property * Test linter fixes * Fixing type errors and go format error * Making changes needed to align with specs - Ensuring system_classification is a separate linked property that differs from the template - Saving the global classification banner values as a propertyvalue * Added missing arguments in e2e tests * Added missing conditions for useEffect - Also fixing E2E error in pipeline * Fixing issues with V1 and V2 group mismatch * Fixes for linter errors and coderabbit review * Addressing more issues found by coderabbit * Fixing issues found by coderabbit * Migrating to use system properties * Ran all linters and prettier - Resolving coding style drift that happened from not running prettier on the webapp (even though CI doesn't check for this) * Undoing the prettier changes in webapp * Cleaning up unwanted autoformatted changes * Reverting prettier changes to clean diff * Fixing E2E test * Import fixes in test * Applying changes for PR feedback * Fixing issues with failing e2e tests * Changing key of selection from name to id * Replacing field setup in E2E tests to use levelId instead of levelName * Added classification setup per channel on channel creation * WIP: Adding classification banner integrated with channel banners - Using a hook to resolve which values should be evaluated when displaying the banner * Fixing style of dropdown input for classifications * Fixing visual issues with dropdown inputs * Adding E2E Tests and linter fixes * General fixes and improvements * Applying linter fixes * Resolving lingering linter issues * Updated snapshot and extracted i18n * Adding test cleanup to prevent failures due to duplicates * Addressing nitpick comment for test mapping of values * Applying more fixes to E2E tests * Improving test coverage and e2e test cleanup * Resolving type issues * Refactoring classification constant names an documentation * Ensuring propertyvalue only stores single id, storing banner text in banner_info * Fixing issues with linter alongside style issues on header * Updating test assertion to account for fallback * Fixing issues found during testing - Removing custom selection from being an option and turned it into a state - Ensuring only system administrators can set channel classification levels * Fixing z-index issue with color input popover * Setting classification level to lowest available value when switching it on * Updating unit tests to match new spec for preselection --------- Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Krauser <david@kruser.org> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-19 00:05:26 +03:00
Carlos Garcia	548183d748	Mm 68282 admin ephemeral mode (#36194) ... * adds feature flag to enable mattermost ephemeral mode * add ephemeral mode config settings to system console When feature flag is set to true a new section for Mobile Ephemeral Mode settings shows under the Mobile Security section in case a valid Enterprise Advanced License is active. * adds Mobile Ephemeral Mode settings playwright tests * improve descriptions for settings * improves error messages and hints * move validation to common helper and add new tests * reverts package-lock.json changes * proper struct alignment * proper message sorting in json file * use generic doc url for MEM section while docs are not ready * Proper formatting for playwright tests * fixes test	2026-05-18 22:23:58 +02:00
Harshil Sharma	f0360a838a	Data spillage report generation UI (#36340) ... * Added base fr report generation * WIP * implemented UI flow * implemented UI flow * restructured the modal code into sub components * Refactoring and cleanup * lint fixes, added new tests * i18n fix * test fix * Updated test * CI * Several improvements * WIP * Added tests * Addressed some security enhancements * Created zip writer entery later * Improved a test to check for file content * Improved error handling * Made a geneeric function * Updated classes * accepting comment in report API * Added more tests * Integrated new API param * Removed an unnecessary check * Made a geneeric function * Made a geneeric function * Made the comment body not required and updated API docs * Updated report generation API call in download report button * Included decision in report and removed confirmation when keeping message * Updated test * Add explicit wait for removeWithoutReportButton visibility in test Prevent race condition by waiting for the button to be visible after UI transitions to skip-confirm step before clicking it. Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * PR Feedback * explicitelly added return statement * Included actor details in report * Updated tests --------- Co-authored-by: maria.nunez <maria.nunez@mattermost.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-18 20:24:50 +05:30
Maria A Nunez	6aae94f20b	Add Display Name to User Properties in Webapp (#36363) ... * Phase 1: CPA display_name + CEL-safe name validation (server) - Add typed DisplayName field to CPAAttrs + display_name attr key constant. - Add ValidateCPAFieldName helper enforcing CEL IDENTIFIER + reserved-word blacklist. - Wire validation into App.CreateCPAField (always) and App.PatchCPAField (lenient grandfather: skip when Name unchanged). - Trim + 255-rune cap DisplayName in CPAField.SanitizeAndValidate. - Developer-facing godoc note documenting rule, sources of truth, and Option C scoping. - Asserting test for documented Option C plugin-API bypass (closed by PR #36173). Spec: planner/projects/property-display-name/ideas/001-cpa-display-name/spec.md Plan: .planning/phase-1/PLAN.md Made-with: Cursor * Phase 1 (review): address Reza's Major + Minor findings - Rename misleading subtest "empty DisplayName is omitted from attrs" to "empty DisplayName round-trips as empty string" (Major #1). - Add TestCPAAttrs_JSONOmitEmpty pinning the omitempty wire-format contract that PR #36173's typed-attrs strategy relies on (Major #1). - Extend TestValidateCPAFieldName: case-sensitivity (IN/In ok), single-character names (a/_/A ok), missing "as" reserved word (Minor #2). Add whitespace-only DisplayName case (Minor #2). - Document PropertyFieldNameMaxRunes reuse in SanitizeAndValidate to prevent drift (Minor #3). - Replace broken PLAN-server.md reference in bypass-test docstring with in-tree CPAAttrs godoc reference (Minor #4). - Document omitempty semantics on CPAAttrs.DisplayName field to prevent the same misreading caught in review (Minor #5). - Document grouping intent above CPAFieldNameReservedWords (Minor #8). Review: .planning/phase-1/REVIEW.md Made-with: Cursor * Phase 2: in-app backfill migration for CPA display_name - Add cpaDisplayNameBackfillKey + cpaDisplayNameBackfillVersion constants. - Implement (*Server).doSetupCPADisplayNameBackfill: idempotent, cursor-paged scan over CPA group fields; backfill attrs.display_name = name when empty. - Register in m1 migration slice in doAppMigrations (mlog.Fatal on error, matching existing convention). - Three migration tests: NoExistingFields, BackfillsMissing, Idempotent. System-key idempotency + per-field DisplayName-empty check together provide HA-safe behavior on rolling deploys (last-write-wins on the System key; data-level idempotency from the per-field check). Spec: planner/projects/property-display-name/ideas/001-cpa-display-name/spec.md Plan: .planning/phase-2/PLAN.md Made-with: Cursor * Phase 2 (review): document race + harden idempotency test - Document SearchPropertyFields→UpdatePropertyFields rolling-deploy race: stale snapshot can revert concurrent admin CPA rename. Pre- existing systemic shape (no UpdateAt optimistic-lock); narrow window; bounded blast radius (admin re-rename, ABAC ID-keyed). Accepted limitation per spec Out of Scope (Major #1, Option C). - Tighten TestCPADisplayNameBackfill_Idempotent: snapshot UpdateAt before second run; assert no DB write on the System key or the field row (Major #2). - Extract clearCPABackfillMarker helper with explanatory godoc to centralize the 3x-repeated test precondition (Minor #1). - Comment fieldA seed as the "key-present-as-empty-string" idempotency boundary case (Minor #6). - Add godoc to doSetupCPADisplayNameBackfill (Minor #10). Review: .planning/phase-2/REVIEW.md Made-with: Cursor * Linting * Removing unnecessary comments * Clean up tests * Linting * Fix tests * Updated API doc * Phase 3: webapp helper + render-site migration for CPA display_name - Add display_name?: string to UserPropertyField.attrs type. - New getUserPropertyFieldLabel(field) helper: returns attrs.display_name?.trim() || name. Defensive against missing attrs. - Migrate ~10 user-facing CPA-name render sites to the helper: profile popover, user settings general (4 usages incl. line 1673 missed by high-level plan), admin user detail, admin CPA list (2 usages), and ABAC editor's selected-attribute UI (3 usages incl. the button label found in planning-stage research). - CEL paths (table_editor, attribute_selector_menu user.attributes expression construction, ABAC search filters) keep using `name` per spec — display_name is label-only. - Phase 4 boundary marker: TODOs in admin table + delete modal for follow-up admin-edit UX + client-side validator. Spec: planner/projects/property-display-name/ideas/001-cpa-display-name/spec.md Plan: .planning/phase-3/PLAN.md * Phase 3 (review): add Unicode test + correct helper docblock scope Address Reza's Phase 3 review: - Major #1: add missing test case for non-ASCII display_name (Latin-extended + CJK), pinning the trim/passthrough contract. - Nitpick #3: correct the helper's JSDoc to reflect that the delete modal is intentionally not migrated until Phase 4. No production behavior change. No new dependencies. Made-with: Cursor * Phase 4: admin CPA edit UX + client-side identifier validation Made-with: Cursor * docs: append Phase 4 implementation summary Made-with: Cursor * Phase 4: admin CPA edit UX + client-side identifier validation Complete the Phase 4 takeover from the existing dirty worktree and record the verified Stage 2 scope for admin CPA display-name editing, client-side identifier validation, and the required grandfather regression follow-ups. Document the targeted Jest, typecheck, and lint-equivalent validation results in the Phase 4 plan without widening the implementation scope or rewriting the prior in-scope work. Made-with: Cursor * docs: finalize Phase 4 implementation summary Made-with: Cursor * docs: correct Phase 4 summary commit reference Made-with: Cursor * Phase 4 (review): fix empty-name warning precedence Required-name validation now short-circuits before uniqueness checks so empty identifiers keep the correct warning. Add duplicate collision regression coverage for the dot-menu flow and add a stable validation-error testid for Phase 5 automation. Made-with: Cursor * Test updates * Fix merge issue * Fix tests * PR Feedback * Move migration to PropertyService * Updates to UX * Comment cleanup * Add webapp tests for CPA display_name and fix CEL-affected specs Update E2E seeds to use CEL-safe identifiers with display_name, add ABAC selector spec, and extend Jest coverage for label-rendering sites, auto-fill guard rails, and required-warning suppression. Co-authored-by: Cursor <cursoragent@cursor.com> * Remove .planning/phase-4/PLAN.md This planning artifact was committed inadvertently and should not be part of the codebase. Co-authored-by: Cursor <cursoragent@cursor.com> * Address CodeRabbit review comments - Fix e2e test to use display_name in label assertions - Make getIncrementedCELName case-insensitive to prevent collisions - Update tooltip to mention reserved CEL words - Replace hasSpaces check with full CEL identifier validation - Use CPA_FIELD_NAME_MAX_RUNES for consistent maxLength - Fix race condition by removing global cleanupAllFields - Enable IntegratedBoards flag for legacy field seeding - Replace fixed sleeps with state-based waits in tests Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix linting errors in getIncrementedCELName - Use camelCase for destructured delete_at parameter - Place dots on same line for method chaining Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Remove unused imports in user_attributes_display_name.spec.ts - Remove unused deleteCustomProfileAttributes import - Remove unused getFieldsMap function - Remove unused FieldsMap type Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix webapp test failure - remove htmlFor assertion The htmlFor attribute assertion was failing in the test environment, likely due to a testing library issue. The important functionality (displaying display_name in labels) is still properly tested. Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix post-merge CI failures: i18n drift and Playwright Prettier - Re-extract webapp en.json so the identifier tooltip string matches user_properties_table.tsx (source of truth was already shortened in Phase 4; en.json was not regenerated). - Apply Prettier formatting to three CPA display_name Playwright specs (whitespace and import/expression collapsing only). No test logic changes. Co-authored-by: Cursor <cursoragent@cursor.com> * Address CodeRabbit feedback: use stable locators, add reserved words to tooltip, remove regex from hasText Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix i18n drift: align defaultMessage with en.json for identifier tooltip Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Comment cleanup * Slugify CPA duplicate names to snake_case slugifyForCEL now lowercases and inserts underscores at camel/PascalCase boundaries (e.g. MyField -> my_field, XMLParser -> xml_parser) so duplicated CPA fields get conventional snake_case names instead of preserving the source casing. Co-authored-by: Cursor <cursoragent@cursor.com> * UX improvements: CEL identifier tooltip, validation, and attribute picker dual-name display - Add info tooltip to the Attribute column header explaining CEL identifier rules - Add client-side CEL identifier validation (pattern + reserved words) with a descriptive error message - Show both display name and unique identifier in the policy attribute picker - Filter attribute picker search by both display name and unique name - Add display_name to UserPropertyField attrs TypeScript type - Expand "CEL" to "Common Expression Language (CEL)" in the attribute-spaces tooltip Co-authored-by: Cursor <cursoragent@cursor.com> * Linting * PR Feedback * Restore name limit * Fix tests * Revert stray comment block above TestCPADisplayNameBackfill_BackfillsProtectedSourceOnlyField Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Revert extended fieldA comment in TestCPADisplayNameBackfill_BackfillsMissing Co-authored-by: Maria A Nunez <maria.nunez@mattermost.com> * Fix E2E tests * Fix test --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-15 12:18:31 -04:00
Harrison Healey	0c98113a17	MM-65058 Make Direct Messages modal load GMs when needed (#36548) ... * Changed batchGetProfilesInChannel to batchGetProfilesInGroupChannel and have it use bulk API * MM-65058 Add useUserIdsInGroupChannel and use to populate Direct Messages modal * Address feedback * Run Prettier * Fix types	2026-05-14 10:16:48 -04:00
yasser khan	47d4720ff4	chore(ci): consolidate openldap runner prep into a composite action (#36563)	2026-05-14 14:28:51 +05:30
Maria A Nunez	3c39d61544	Fix invite modal autocomplete clipping (#36505) ... * Fix invite modal autocomplete clipping * Preserve invite modal dropdown overflow * Add invite modal layout regression tests * Add additional test --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>	2026-05-11 19:54:23 -04:00
Andre Vasconcelos	6083cc2282	MM-68196 Adding Global Classification configuration and banners (#36231) ... * Add Classification Markings admin console page Adds a new admin console page under Site Configuration for managing classification markings. This allows system administrators to define classification levels (e.g., UNCLASSIFIED, SECRET, TOP SECRET) with associated colors and rank ordering, which will be used for system-wide and per-channel classification banners. The page includes: - Enable/disable toggle backed by the property field system (field existence = enabled) - Country preset dropdown (US DoD, NATO, UK GSCP, Canada, Australia PSPF) that auto-fills standard classification levels - Editable classification levels table with drag-and-drop reorder, inline text editing, color picker, and delete - Auto-switch to "Custom" preset when levels are manually modified - Confirmation dialog when switching presets would overwrite custom data Also adds: - ClassificationMarkings feature flag (default off) - Generic property field client methods (get/create/patch/delete) for the /api/v4/properties/ endpoints - Enterprise license + feature flag gating on the admin page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix classification markings: add validation, error handling, and system object type - Add "system" as a valid property field object type so the classification markings API calls succeed - Surface load errors instead of silently swallowing them (only suppress 404 for unconfigured state) - Validate before save: require at least one level, non-empty names, and no duplicates - Default to custom preset with empty levels on first open - Add section strings to searchableStrings for admin console search Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Move classification field to CPA group targeting users Store the classification markings property field in the custom_profile_attributes group with object_type 'user' instead of the attributes group with object_type 'system'. Clear target_id for PSAv2 system target compliance and mark the field as admin-managed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Stabilize preset option IDs and add danger warning on preset switch Hardcode deterministic IDs for all preset classification levels so switching away and back preserves option IDs, preventing orphaned property values. Compare only level data (not preset label) for change detection so cosmetic preset switches don't trigger false save states. Show a danger modal with red confirm button when changing presets on an existing field, warning about system-wide impact on classified resources. The warning appears once per session then allows frictionless switching. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove system object type from property fields Not needed yet — will be added when system/channel banners are implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix ESLint errors in classification markings admin page Fix import ordering and remove unused generateId import. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Address CodeRabbit review feedback for classification markings - Register property field API endpoints when ClassificationMarkings flag is enabled (not just IntegratedBoards) to prevent 404s - Preserve preset option IDs when creating a new classification field instead of blanking them with empty strings - Add sysconsole read/write permission constants for classification markings across server and webapp, and wire up resource-level permission checks in the admin definition Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add rank attribute to classification marking options Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add classification markings permissions migration and read-only support Add a permissions migration to grant classification markings sysconsole permissions to existing roles on upgrade. Wire up the disabled prop so read-only users can view but not edit classification settings. Register the permission in the Delegated Granular Administration UI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Paginate loadField to find classification field beyond first page Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors and warnings in classification markings Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Remove classification markings sysconsole permissions; gate on sysadmin instead Classification markings admin page no longer uses feature-specific read/write permissions. Visibility is gated on license + feature flag, editing is gated on system admin role. This avoids coupling feature-specific permissions to the generic property service. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Set sysadmin-level permissions on classification markings field creation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Use stable IDs instead of array indices for classification level operations Switch updateLevel/deleteLevel to identify levels by ID rather than index, sort levels by rank on load, and extract i18n strings. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor classification markings into extracted helper functions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add tests for classification markings admin console feature Add unit and component tests covering: - Pure function tests for detectPreset, optionsToLevels, levelsToOptions, processClassificationField, and fetchClassificationField pagination logic - React component tests for rendering states, validation, and user interactions - Client4 property field method tests for URL construction and HTTP verbs - Server routing test verifying routes register with ClassificationMarkings flag - Feature flag default and serialization test Export pure functions from classification_markings.tsx to enable direct testing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix lint errors in classification markings tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix test compilation error * Fix color input auto-filling after 3 hex characters in classification markings Buffer ColorInput onChange in a LevelColorCell wrapper so the table doesn't re-render mid-typing, preventing the input from losing its focus-guarded local state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fixing style issues with color picker z-index * Added fix to prevent immediate dismissal when clicking inside color picker * Adding E2E test suite for configuration * Removing duplicates * Fixing unrelated linter error * Fixing test linting issues * Updating tests to skip appropriately * Matching configuration to UX specs * Fixing style lint * Added informational banner for presentational nature of markings * Enabling the markings flag on playwright server * Added missing feature flag to e2e test environment in ci * Reverting changes to color_input - Not needed as we're using a custom component * Added and polished global banner configuration * Refactoring webapp for readability - Separating components - Adding unit tests - Isolating helper methods into utilities * Fixing linter errors * linter fix * Manually fixing linter issues * Separating global classification component * Added persistence of classification marking configuration * Changing LevelID with LevelName * Making changes for PR reviews * Changing property object of classification field to template * syncing i18n file * Removing inaccurate note from comments * PR fixes for UX review * Cleaning up unused value * Added GlobalClassificationBanner component - Made sure it syncs on change by using normal configuration values on it - Works with "top" and "top_and_bottom" - Renders on both root and admin_console * Adding E2E test cases for global classification * Linter fixes, i18n extract * PR Fixes * Linter fix * Matching default messages * Fixing type errors * Fixing pipeline and runtime errors * Fixing announcementbar rendering on top of global classifications * Increasing banner & font sizes * Fixing font size to 12px instead of 16px - I read it wrong * Replacing config values with property * Test linter fixes * Fixing type errors and go format error * Making changes needed to align with specs - Ensuring system_classification is a separate linked property that differs from the template - Saving the global classification banner values as a propertyvalue * Added missing arguments in e2e tests * Added missing conditions for useEffect - Also fixing E2E error in pipeline * Fixing issues with V1 and V2 group mismatch * Fixes for linter errors and coderabbit review * Addressing more issues found by coderabbit * Fixing issues found by coderabbit * Migrating to use system properties * Ran all linters and prettier - Resolving coding style drift that happened from not running prettier on the webapp (even though CI doesn't check for this) * Undoing the prettier changes in webapp * Cleaning up unwanted autoformatted changes * Reverting prettier changes to clean diff * Fixing E2E test * Import fixes in test * Applying changes for PR feedback * Fixing issues with failing e2e tests * Changing key of selection from name to id * Replacing field setup in E2E tests to use levelId instead of levelName --------- Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Krauser <david@kruser.org> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-11 21:35:38 +03:00
Caleb Roseland	7e1bec4d4f	MM-68233: Fix sidebar icon not updating on channel privacy conversion via WS (#36006) ... * fix(channels): update sidebar icon when channel converted via mmctl The handleChannelConvertedEvent WebSocket handler hardcoded type as PRIVATE_CHANNEL, so private-to-public conversions were silently ignored. Now the server includes channel_type in the channel_converted WS event and the frontend reads it. Ref: MM-68233 * test(channels): add tests for channel_converted WS event Add server-side tests verifying the WebSocket event payload includes channel_type for both private→public and public→private conversions. Add frontend tests for handleChannelConvertedEvent covering both conversion directions, backwards compatibility fallback when channel_type is absent, and edge cases. Ref: MM-68233 * test(channels): add E2E test for channel privacy WS icon update Playwright E2E tests verify that the sidebar channel icon updates in real-time when channel privacy is changed via the API (simulating mmctl). Tests both public→private and private→public directions. Ref: MM-68233 * refactor: review feedback on channel_converted fix Narrow channel_type WS field to 'O' | 'P' union type instead of string. Drop hardcoded channel names in E2E tests to let pw.random.channel() generate unique names and avoid collisions. Ref: MM-68233 * fix(e2e): provide name + unique flag for channel creation pw.random.channel() requires a name field — server rejects channels without a valid lowercase alphanumeric name. Use unique: true to append a random suffix for test isolation. Ref: MM-68233 * refactor(channels): use channel type constants in channel_converted code Address review feedback: replace inlined 'O'/'P' string literals with predefined constants. websocket_messages.ts now types channel_type as ChannelType (already imported); websocket_actions tests use Constants.OPEN_CHANNEL / Constants.PRIVATE_CHANNEL. --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-11 13:37:19 +02:00
sabril	e2700a961a	test: mark autotranslation tests as fixme for quick green in ci and to address those separately (#36492)	2026-05-10 15:33:35 +08:00
yasser khan	b052f3463a	E2E/Playwright: balance shard timing by enabling fullyParallel in CI (#36054)	2026-05-08 21:04:32 +00:00
Pablo Vélez	3c792a0535	MM-68433 - Fix DM/GM menu gating and header save in Channel Settings (#36213) ... * MM-68433 - Fix DM/GM menu gating and header save in Channel Settings * fix linter * Avoid global role mutation in autotranslation DM e2e tests * adjust menu item display based on config * fix e2e tests * Stabilize DM autotranslation Playwright menu/settings tests --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-08 15:37:55 +02:00
Miguel de la Cruz	e7c517bc98	Fix modal title line-height regression (#36452) ... * Fix modal title line-height regression introduced in MM-66442 The current inflated value for the modal's line-height causes multi-line modal titles to overflow or be clipped. Restores the original value and adds an e2e test to prevent future regressions. * Improvements --------- Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>	2026-05-08 13:19:41 +02:00
sabril	91de3d2383	SEC-10179 Integrate test system IO for Playwright and Cypress (#36376) ... * change retry to 1, fixed and disabled failed tests * add v2 templates for Cypress and Playwright E2E tests with test system io integration * add commenting to pr * identify more playwrights to fix separately * disable deletion-report.spec for separate fix --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-08 02:15:49 +00:00
Devin Binnie	69fbaeced9	[MM-68496] Feature flag Managed Categories, expose Default Category Name to UI for channel creation and settings (#36289) ... * [MM-68496] Feature flag Managed Categories, expose Default Category Name to UI for Channels * PR feedback * PR feedback * Fix i18n * Fix test * Fix E2E * Merge'd * Add tests * Re-add old tests (skipped) * Add IncrementVersion to PropertyGroup store, increment version on managed category group * Fix lint * Fix mock * Fix prettier * Add tests * Fixed issue when moving from existing category to existing category * Fix e2e --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-05-07 09:37:53 -04:00
Harrison Healey	357d1ef0bd	MM-67982 Only focus mobile search box when search is opened (#36346) ... * MM-67982 Only focus mobile search box when search is opened * Add E2E tests	2026-05-05 09:21:34 -04:00
Harshil Sharma	d4f147e2da	Data spillage deletion summary (#36018) ... * Report POC * Including more error logs * Added localisationj for each reviewer * Optimisations * Minor tweaks * restored go module files * lint fixes * Added back transslations * Added translations * linter and test fixes * restored go module files * e2e lint fix * lint fixes * AI fixes * fixed typo * fixed nil pointer error * Added more tests * Publish report even if deletion fails * Fixed the e2e test * Distinguished between no data and deleted data * lint fixes * fixed tests * e2e test fix * Updated test to also upload actual file * Removed file name tracking * Text updates * fixed e2e test * lint fix	2026-05-04 06:40:26 +05:30
Pablo Vélez	b0b9f2ee84	MM-68499 - auto run sync jobs on team admin abac policy creation (#36276) ... * MM-68499 - auto run sync jobs on team admin abac policy creation * Use child-policy flow for access-control sync ownership test --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-30 11:43:08 +02:00
Ibrahim Serdar Acikgoz	4da11e81af	[MM-68497] Enables membership policies on public channels with advisory semantics (#36275)	2026-04-30 00:56:32 +02:00
David Krauser	6c0e0fee4a	[MM-68464] Introduce system object type for property fields and values (#36250)	2026-04-29 18:47:34 +00:00
Ibrahim Serdar Acikgoz	641d5a4eb7	[MM-68538] Wrap incoming query from the CEL -> SQL conversion with parentheses (#36293)	2026-04-29 16:22:12 +02:00
Pablo Vélez	320383d894	MM-67326 - add channel settings abac e2e (#36277)	2026-04-29 10:11:49 +02:00
David Krauser	2b7b398a22	[MM-68102] Add Classification Markings admin console page (#35934) ... Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: David Krauser <david@krauser.org> Co-authored-by: avasconcelos114 <andre.onogoro@gmail.com>	2026-04-28 20:02:41 +00:00
Pablo Vélez	dda4bb129c	Mm 68353 show placeholder for redacted files in preview (#36153) ... * MM-68353 - show placeholder for redacted files in preview when permission policies are enabled * add tests for rendering redacted files placeholder in post message preview based on permission policies	2026-04-27 12:39:06 +02:00
David Krauser	6ce4db65dc	Skip sqlstore DB setup during go test -list discovery (#36249) ... sqlstore's TestMain calls sqlstore.InitTest (which opens postgres and drops tables) before mainHelper.Main, so the -test.list bailout added in #36222 never fired and shard-split discovery failed on the GitHub host. Bail out at the top of TestMain instead, and restore HEAVY_MS so sqlstore can still be treated as whole. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-24 01:05:40 +00:00
Andre Vasconcelos	39d25d94dd	MM-68259 Fixing text and emojis being clipped in channel banners (#36076) ... * Fixing text and emojis being clipped in channel banners - Added E2E tests that confirm that emojis respect the correct size and aren't clipping through container * Applying PR feedback * Running prettier on playwright tests * Fixing E2E Tests * Added test case for descending characters * Fixing linter issues * Resolving issue with e2e test failing	2026-04-21 09:33:10 +03:00
Guillermo Vayá	8cd48d4651	[MM-67880] Add /mobile-logs slash command (#35658) ... * [MM-67880] Add /mobile-logs slash command with E2E tests Add a new /mobile-logs slash command that allows users to manage the attach_app_logs preference for themselves or other users (admin-only). Includes unit tests for all code paths and Playwright E2E tests covering self-management, admin cross-user management, permission denial, and error handling. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix i18n error key suffixes and format E2E tests Rename error i18n keys to use .app_error suffix matching upstream convention (no_permission, update_error, user_not_found). Run prettier on the E2E test file to fix formatting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix E2E test type error: use getUserPreferences instead of getMyPreferences The getAttachLogsPreference helper was using getMyPreferences() which returns PreferenceType (not an array), causing TS2345 errors. Switch to getUserPreferences(userId) which returns the expected array type. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * [MM-67880] Move unreachable usage fallback into switch default case The return after the switch was unreachable because action is validated earlier to be "on", "off", or "status". Move it into an explicit default case with a defensive comment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * allow up to 2 arguments * Add audit logging for mobile logs slash command actions Implement a new function to log audit records when users enable or disable the attach_app_logs preference via the /mobile-logs command. This includes capturing relevant metadata such as user IDs, session information, and the action taken. The logging occurs in both the enable and disable command paths, enhancing traceability and accountability for user preference changes. * Enhance mobile logs command to handle cross-user permission checks Add a new response function for cases where a regular user attempts to access mobile log settings for another user, ensuring they receive a neutral error message instead of specific user information. Update the command logic to incorporate this response for both nonexistent users and deactivated accounts. Additionally, modify related tests and internationalization keys to reflect these changes, improving security and user experience. * Update E2E test for /mobile-logs command to verify permission denial for nonexistent users Enhance the existing E2E test for the /mobile-logs command by adding assertions to check that users receive a permission denial message when attempting to change mobile log settings for a nonexistent user. This improves test coverage and ensures proper error handling in the application. * update i18n strings --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-20 12:46:36 +02:00
Dylan Haussermann	0c99cc36cc	Add Playwright E2E tests for demo plugin server-side slash commands (#36146) ... * Add Playwright E2E tests for demo plugin server-side slash commands Adds 7 new spec files covering the remaining demo plugin slash commands: /ephemeral, /ephemeral_override, /dialog (submit, cancel, validation, error, error-no-elements), /dialog date, /dialog field-refresh, /interactive, /show_mentions, and /list_files. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * The 2 CodeRabbit changes seem a bit over cautious in the direction of guarding against false assertions but I did implement them. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-20 12:42:47 +08:00
David Krauser	846e45a114	[MM-68103] Add channel banner to thread view (#35942)	2026-04-16 13:16:32 -04:00
Harshil Sharma	034799c221	Fixed a bug where user profile popover closed automatically when opened for the first time for a user from channel member list in RHS (#35918) ... * Fixed a bug where user profile popover closed automatically when opened for the first time for a user from channel member list in RHS * Added tests * fixed a test	2026-04-16 12:18:48 +05:30
Ibrahim Serdar Acikgoz	beb96185cd	[MM-68183] Permission policies (#36003) ... --------- Co-authored-by: Pablo Vélez <pablovv2012@gmail.com>	2026-04-16 04:02:12 +03:00
Pablo Vélez	80b977807a	Feature mm 64509 team admin abac channels (#36061) ... * MM-67592 - be changes for team admin abac channels (#35353) * MM-67592 - be changes for team admin abac channels * Revert team-scoped API routes, keep app layer business logic * move from config to permission; Add cluster-aware LRU cache for policy team scope lookup * remove unnecessary references to config value * local/remote cache invalidation consistency for policy scope * Replace policy scope cache with store-level team scope query * rename functions and add comments to query --------- Co-authored-by: Mattermost Build <build@mattermost.com> * MM 67594 - policies CUD operations to team settings modal channels ABAC (#35590) * MM-67592 - be changes for team admin abac channels * Revert team-scoped API routes, keep app layer business logic * move from config to permission; Add cluster-aware LRU cache for policy team scope lookup * remove unnecessary references to config value * local/remote cache invalidation consistency for policy scope * Replace policy scope cache with store-level team scope query * format files correctly * fix mock expectations for store-query approach in tests * rename functions and add comments to query * revert error ids to original to prevent break tests * adjust translations * MM-67669 - add tab to team settings modal and basic listing * adjust tests and fix linter * use existing search api logic * fix style and adjust flaky test to clean up and restore orinals * address ai corabbit feedback and fix linter * fix unit tests * MM-67592 - be changes for team admin abac channels (#35353) * MM-67592 - be changes for team admin abac channels * fix linter * fix ts linter for playwright * Revert team-scoped API routes, keep app layer business logic * move from config to permission; Add cluster-aware LRU cache for policy team scope lookup * remove unnecessary references to config value * local/remote cache invalidation consistency for policy scope * Replace policy scope cache with store-level team scope query * format files correctly * fix mock expectations for store-query approach in tests * rename functions and add comments to query * revert error ids to original to prevent break tests * adjust translations --------- Co-authored-by: Mattermost Build <build@mattermost.com> * MM-67594 - support cud operations for team abac BE changes * create the team settings policy edit section, reuse most components, add basic e2e * move optional refresh policy list button to list component * temp get team admins cud policies and sync job * enhance validation and adjust e2e * Fix testExpression permission; fix pagination of team policies; add isValidId validation * adjust styles, handling renaming and add permission migrations * update the permissions names, use the simple confirmation modal, define the delete modal * fix policy deletion flow * fix some linter issues and adjust helper tests * remove delete from list and fix e2e * code comments clean up * remove CEL editor for now, clean styles, enhance e2e * fix linter, adjust unit test * fix linter and add missing translation * fix policy deletion ownership and sanitize test expression * fixed e2e tests * rollback orphaned policy on failed channel assignment * enforce channelless check before last_team_id fallback * enforce channelless guard on assign fallback too * add translations missing * add teamId to audit payload when present * fix refresh button pagination reset * fix null safety in channel selector loadChannels * use responsive width cap for team settings modal and adjust header size * remove redundant raw term from channel search URL, add showRefreshButton prop to PolicyList component * handle error when stamping last team ID on channelless policy * replace Props-based ownership with in-memory LRU cache, disable save on zero channels * make e2e tests more reliable in CI * test skip if no license valid found * add childCount guard to cache-hit paths and reduce TTL to 5s * fix e2e, adjust translation * address review feedback: flatten permission checks and separate error types - Flatten nested permission branching in deleteAccessControlPolicy using early returns to reduce indentation (review: isacikgoz) - Validate teamID as input (400) before using it for permission checks (403) in testExpression and validateExpressionAgainstRequester handlers - Remove redundant hasSystemPermission check in searchAccessControlPolicies since system_admin role already includes manage_team_access_rules - Refactor ValidateTeamAdminPolicyOwnership to return (bool, *model.AppError) separating "not owned" from "internal error" across all 8 call sites - Update tests to assert on both return values Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * add persistent team scope to access control policies, replace in-memory cache * fix translation * fix case-insensitive policy search and sanitize search term input * make policies tests have a unique name * decouple scope/scopeID filter from TeamID in policy store * Fix authZ bypass searchChannelsForAccessControlPolicy by forcing TeamIds to authorized team * show unsaved changes on navigator back, and list all private channels on load * filter already applied channels to a policy * adjust the styles to dark mode; do not show added channels to the policy in the add channels modal * fix linter * MM-67967 add sync status footer to team settings (#35729) * MM-67967 add sync status footer to team settings * remove magic numbers and strings and polish the code * fix linter * fix linter: replace interface{} with any per gofmt rewrite rule Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refine getJobsByType team-scoped filtering and permissions * fix sync footer stuck in syncing state on job creation error * fix team-scoped job pagination in getJobsByType * Fix authZ bypass searchChannelsForAccessControlPolicy by forcing TeamIds to authorized team * implement ux feedback, change titles font, fix marging and scroll view jump * MM-68135 - migrate add channels to policy modal to generic modal (#35907) * MM-67920 unify e2e team settings tests (#35867) * MM-67920 - extract duplicated policy editor helpers * remove duplicate team icon test file * rename Access Control to Membership Policies in e2e * replace networkidle with explicit element waits * fix attribute loading issue --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix playwright feedback issues and persist filters to the store layer in the no systemconsole path * Improve policy scope validation and team admin security checks * Renamed public channels to "AAA Public Channel %03d" and private ones to "ZZZ Private..." so the 55 public channels now fill the 50-result cap * fix e2e tests and add new unit tests to improve coverage * Improve e2e test stability: race condition handling and timeout adjustments * Improve team-scoped ABAC policies: scope preservation, input validation, shared exclusion * Add comprehensive ABAC test coverage: team admin ops and security validation to reduce flakyness * Fix team policy editor back button: preserve navigation intent through Undo * style: format import statements for better readability * Enhance access control policy creation for team admins: enforce scope stamping from query parameters to prevent unauthorized team assignments --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-16 00:48:43 +02:00
sabril	bff3577690	chore(playwright): upgrade to v1.59 and to typescript@6.0 (#36071)	2026-04-15 17:43:52 +08:00
Devin Binnie	01219efbf4	[MM-68037] Managed Sidebar Categories (MVF) (#35935) ... * [MM-68037] Managed Sidebar Categories (MVF) * PR feedback * PR feedback * Fix test issue again * Fixed a few things * Fix again * PR feedback * Update server/i18n/en.json Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update server/i18n/en.json Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update webapp/channels/src/packages/mattermost-redux/src/actions/channel_categories.ts Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * PR feedback * PR feedback * More PR feedback * Test fixes * This one too * PR feedback * more * More feedback * More * more * Yup * More * PR feedback * Update webapp/channels/src/components/channel_settings_modal/managed_category_selector.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Block setting behind Enterprise license * Update webapp/channels/src/packages/mattermost-redux/src/selectors/entities/channel_categories.ts Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> * Update webapp/channels/src/packages/mattermost-redux/src/actions/channel_categories.ts Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com> * PR feedback * Don't await for the initial managed category check * Turn into its own action --------- Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>	2026-04-14 09:00:59 -04:00
Daniel Espino García	ed80e8ba91	Shared channel UI for channel admins (#35448) ... * Shared channel UI for channel admins * Fix lint * Use errors.is instead of using string comparison * Fix configuration check * Handle error when sharing an already shared channel * Remove unneeded disabled prop * Add missing tests * Frontend tweaks * Fix lint * Fix lint and test * Address coderabbit review * Fix removing unconfirmed remotes * Better handle errors while saving state * Remove unneeded state * Fix selector not being stable between different renders * Fix i18n and improve one type * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/add_workspace_dropdown.tsx Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/workspace_list.tsx Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Apply suggestions from code review Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Deal with settings option permissions * Add message when no remotes are available * Add dividers * Add disabled tooltip * Fix tests * Fix lint * Touch update at on share/unshare * Fix tests * Fix lint * Add missing await * Add e2e tests * Fix playwright prettier * Update server.prepare to have connected workspaces enabled by default * Revert changes on server.prepare and try with changes on server.generate * Fix shared channel configuration E2E tests (#35786) * Update webapp/channels/src/components/channel_settings_modal/share_channel_with_workspaces/share_channel_with_workspaces.scss Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> * Update initial enabled state to properly handle saves * Update role name in e2e tests --------- Co-authored-by: Matthew Birtch <mattbirtch@gmail.com> Co-authored-by: Mattermost Build <build@mattermost.com> Co-authored-by: yasser khan <attitude3cena.yf@gmail.com> Co-authored-by: Doug Lauder <wiggin77@warpmail.net>	2026-04-14 11:37:09 +02:00
Harrison Healey	e3b2b0a521	Improve CJK handling in autocompletes and Find Channels modal and using Firefox (#35937) ... * MM-66937 Remove existing code for handling composition in SuggestionBox This breaks the ability to autocomplete on Korean characters that haven't been committed on Firefox. Both the previous and new versions seem to work fine on Chrome though. * Add E2E test for SuggestionBox composition in Find Channels modal * Fix misnamed field	2026-04-13 13:47:45 -04:00
sabril	f2a964faf3	fix(cypress): demo plugin (#36056)	2026-04-13 10:16:49 +00:00
Jesse Hallam	b3a0ad9c53	Fix FIPS-incompatible passwords and config in e2e test suites (#36001) ... * Fix FIPS-incompatible passwords and config in e2e test suites FIPS OpenSSL requires PBKDF2 HMAC keys >= 14 bytes, so the server now enforces PasswordSettings.MinimumLength >= 14 under FIPS builds. The e2e suites were failing (Cypress 0/447, Playwright 16/353) because they used short passwords and set MinimumLength below the FIPS floor. - Add newTestPassword() to both Cypress and Playwright utilities, returning a static FIPS-compliant password (>= 14 chars) - Replace all short hardcoded Mattermost user passwords ('passwd', 'Test123456!', 'Testing123', 'Password123!') with newTestPassword() - Raise PasswordSettings.MinimumLength from 5 to 14 in default configs - Update password validation tests for the FIPS minimum (error messages, default expectations, test password lengths) * Fix additional FIPS e2e test failures - Revert server-constant-dependent assertions (MinimumLength defaults and validation errors) since those depend on FIPS build tags, not config - Fix short hardcoded passwords in signup, forgot_password, and existing_email_address specs to use newTestPassword() - Fix password_spec cancel test to use a different password than testUser.password (both resolve to newTestPassword()) - Fix Playwright password reset test to use newTestPassword() instead of pw.random.id() (7 chars, too short for MinimumLength=14) - Update password help text assertions to match MinimumLength=14 config - Use regex for Playwright signup page password error locator - Fix import order in ABAC support.ts * Fix FIPS vs non-FIPS build-dependent e2e test assertions The server's password minimum constants differ between FIPS (14) and non-FIPS (8/5) builds. Make three test assertions adaptive: - MM-T1770: Accept default MinimumLength of either 8 or 14 - MM-T1771: Match validation error with either 5 or 14 as the minimum - MM-T1773: Reload after save and compare against actual server config, since saving MinimumLength=5 (webapp default) is rejected on FIPS * e2e: upgrade demo plugin to v0.11.0 and configure required settings * update demo plugin download link --------- Co-authored-by: sabril <5334504+saturninoabril@users.noreply.github.com>	2026-04-13 12:52:13 +08:00
JG Heithcock	8f45806004	MM-63588: Add e2e tests for System Console User Attributes (#35931) ... * MM-63588: Add e2e tests for System Console Custom Profile Attributes Add Playwright e2e tests for the System Console User Attributes page, covering CRUD operations for custom profile attribute field definitions. Tests cover: - Page navigation and empty state display - Creating text, select, and multiselect attributes with options - Editing attribute names - Deleting attributes (saved and unsaved) - Duplicating attributes - Changing attribute types (Text to Phone) - Configuring visibility (Always show/Hide when empty/Always hide) - Toggling "Editable by users" setting - Batch creation (multiple attributes at once) - Persistence verification after page reload - Validation warnings (empty name, duplicate names) Follows the same patterns established in MM-62558 / PR #30722 for Profile Popup CPA tests, reusing shared helpers for field setup/cleanup. * Fix 6 failing e2e tests for System Console User Attributes - Remove .clear() before .fill() to prevent value-based locators from going stale (edit name, persist after reload tests) - Hover on visibility submenu instead of click, use force:true to handle DOM detach during menu animation (visibility test) - Press Escape to close dot menu before clicking Save, since the "Editable by users" toggle keeps the menu open (editable test) - Fix expected validation text: use "Attribute names must be unique." instead of "Attribute name already taken." (duplicate names test) - Increase timeout for Save button disabled assertion after deleting unsaved attribute (delete unsaved test) * Fix stale locators, flaky save check, and document dirty-state bug - Use data-testid locators instead of value-based selectors for inputs that get mutated by fill() (edit name + persist reload tests) - Wait for Save button to return to disabled after save before API check to avoid flaky field-not-found failures - Add test.fail() for Save-stays-enabled bug after deleting an unsaved row so CI passes today and alerts when the app bug is fixed - Add LOCATOR NOTE to file header explaining the lazy locator pitfall * Address CodeRabbit review: save helper, locator fix, test rename - Add saveAndWaitForSettled() helper and apply to all 11 save paths for consistent post-save stabilization before API verification - Fix deptInput locator: use input[value] instead of broken filter({hasText}) which doesn't match input element children - Rename "different types" test to "multiple text attributes" to match actual coverage * MM-63588: add SystemProperties page object and refactor spec to POM Extract all UI selectors from user_attributes.spec.ts into a SystemProperties page object class, eliminating inline selectors from the test file. Replace coarse networkidle with waitForResponse on the actual save API endpoint. * fix playwright e2e test failures - selectType was failing as 'select' caught both 'select' and 'multi-select' - Prior behavior where Save button wasn't returning to disabled appears to be working now, removing test.fail() --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-11 02:42:53 +00:00
Doug Lauder	73c6e6a7cf	MM-68258 Remove system_secure_connection_manager role (#36009) ... * Remove system_secure_connection_manager role The dedicated role for delegating secure connection management is no longer needed. The manage_secure_connections permission remains and continues to be granted to system admins via AllPermissions. Removes the role definition, migration, permissions migration, UI components, i18n strings, and all associated tests across server, webapp, and e2e-tests.	2026-04-10 10:49:04 -04:00
Harrison Healey	220cd725cc	MM-66887 Fix results in Invite to Team modal (#35936) ... * Fix a bug in decomposeKorean that caused it to only decompose the first character * MM-66887 Fix Invite To Team modal suggesting users one key press behind * Cherry-pick updates to ime.ts from another branch * And cherry-pick another bit * Remove broken and unnecessary onBlur method from UsersEmailsInput See https://github.com/mattermost/mattermost/pull/35936/changes#r3047500882 for more information	2026-04-08 10:11:24 -04:00
Doug Lauder	5b76fb11a5	MM-67647: Rename shared_channel_manager roles to follow system_ prefix convention (#35944) ... * Rename shared_channel_manager and secure_connection_manager roles to use system_ prefix The new roles added in PR #35354 broke the naming convention that all system-level roles stored in Users.Roles are prefixed with "system_". Client-side code (role.includes('system')) and server-side code (explicit switch cases in applyMultiRoleFilters) relied on this convention, causing users assigned to these roles to not appear in the System Console. Also adds both roles to the applyMultiRoleFilters switch statement in user_store.go, which was missing them entirely.	2026-04-08 08:01:33 -04:00
Andre Vasconcelos	9a412c535f	MM-67946 Added entity decoding to message attachments (#35667) ... * MM-67945 Added entity decoding to message attachments - Separated markdown utility to decode special characters with testing suite - Applied it to remove_markdown utility and used it in * Ensuring escaping uses RegExp.escape * Removing footer decoding tests * Added E2E tests for message attachment decoding * Fixing linter errors	2026-04-08 13:36:15 +03:00
Dylan Haussermann	9075204f5f	Add demo plugin E2E tests for hook toggle and crash recovery (#35337) ... * Add demo plugin E2E tests for hook toggle and crash recovery - Add selectSlashCommandFromAutocomplete() to post_create lib component - Extract shared setupDemoPlugin() helper to reduce duplication - Rename crash.spec.ts to plugin_crash.spec.ts for clearer CI output - Add demo_plugin_hook_toggle.spec.ts: verifies /demo_plugin true/false slash command enables/disables hooks, confirmed via sidebar indicator and ChannelHasBeenCreated event presence/absence * Fix lint errors in demo plugin helpers and crash spec * Fix prettier formatting in post_create.ts --------- Co-authored-by: Mattermost Build <build@mattermost.com>	2026-04-08 14:40:22 +08:00