* Refactor property system with app layer routing and access control separation
Establish the app layer as the primary entry point for property operations
with intelligent routing based on group type. This architecture separates
access-controlled operations (CPA groups) from standard operations,
improving performance and code clarity.
Architecture Changes:
- App layer now routes operations based on group type:
- CPA groups -> PropertyAccessService (enforces access control)
- Non-CPA groups -> PropertyService (direct, no access control)
- PropertyAccessService simplified to handle only CPA operations
- Eliminated redundant group type checks throughout the codebase
* Move access control routing into PropertyService
This change makes the PropertyService the main entrypoint for property
related operations, and adds a routing mechanism to decide if extra
behaviors or checks should run for each operation, in this case, the
property access service logic.
To add specific payloads that pluggable checks and operations may
need, we use the request context. When the request comes from the API,
the endpoints are in charge of adding the caller ID to the payload,
and in the case of the plugin API, on receiving a request, the server
automatically tags the context with the plugin ID so the property
service can react accordingly.
Finally, the new design enforces all these checks migrating the actual
property logic to internal, non-exposed methods, so any caller from
the App layer needs to go through the service checks that decide if
pluggable logic is needed, avoiding any possibility of a bypass.
* Fix i18n
* Fix bad error string
* Added nil guards to property methods
* Add check for multiple group IDs on value operations
* Add nil guard to the plugin checker
* Fix build error
* Update value tests
* Fix linter
* Adds early return when content flaggin a thread with no replies
* Fix mocks
* Clean the state of plugin property tests before each run
* Do not wrap appErr on API response and fix i18n
* Fix create property field test
* Remove the need to cache cpaGroupID as part of the property service
* Split the property.go file into multiple
* Not found group doesn't bypass access control check
* Unexport SetPluginCheckerForTests
* Rename plugin context getter to be more PSA specific
---------
Co-authored-by: Miguel de la Cruz <miguel@ctrlz.es>
Updates all Custom Profile Attribute endpoints and app layer methods to pass caller user IDs through to the PropertyAccessService. This connects the access control service introduced in #34812 to the REST API, Plugin API, and internal app operations.
Also updates the OpenAPI spec to document the new field attributes (protected, source_plugin_id, access_mode) and adds notes about protected field restrictions.
Custom profile attributes (properties) in Mattermost need to support security-critical use cases like Attribute-Based Access Control (ABAC), external identity system synchronization, and privacy-preserving collaboration. Without access controls on these properties, any user or component could modify property fields and values, making them unsuitable for security decisions. Additionally, different properties require different visibility patterns - some need to be publicly readable, some should only be visible to their managing system, and some require privacy-preserving visibility where users can only see shared values.
This change introduces the PropertyAccessService, a wrapper around PropertyService that enforces access control for all property operations. This service is introduced in isolation and is not yet hooked up to the Plugin API, REST API, or app layer. It provides the foundation for a single enforcement point that will apply access restrictions consistently across all code paths once integrated.
* Add Entra ID token authentication and Intune MAM config exposure
* Add Intune MAM toggle to Mobile Security admin console
* Add IntuneSettings with the AuthService to use and its own TenantID andClientID for the Entra App registration
Include Admin console changes
switch from /oauth/entra to /oauth/intune endpoint
* openAPI documentation
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: yasser khan <attitude3cena.yf@gmail.com>
* [MM-66718] Remove unneeded HTML templates watcher
The templates package currently supports filesystem watching to
automatically reload templates when files change. This feature is
unnecessary in production and adds complexity.
Changes:
- Removed NewWithWatcher() function from templates package
- Removed Close() method from Container
- Removed watch-related fields (watch, stop, stopped) from Container
- Removed fsnotify dependency usage
- Updated server.go to use New() instead of NewWithWatcher()
- Updated email/helper_test.go to use New()
- Removed watcher-related tests from templates_test.go
Template updates now require a server restart, which provides clearer
behavior and reduces code complexity.
* Remove unused fsnotify dependency
* MM-64486: Remove telemetry
Remove telemetry from Mattermost. We're no longer relying on Rudder upstream, and no longer making use of this information.
* recover mock for SystemStore.Get
* Fix TestClearPushNotificationSync by adding missing SystemStore mock
The test was failing because the SystemStore mock was missing the Get()
method that's required by the ServerId() function. Added the missing mock
to return a StringMap with SystemServerId.
* fix mocking issue
* Remove now-unused telemetry and constants
* Remove "Disable telemetry events" debug setting
* Remove empty functions
* Remove most "Telemetry tracking removed" comments
* Remove remains of DataPrefetch telemetry
* Remove now-unused prop from InviteMembersButton
* Remove trackDotMenuEvent
* Remove some more leftover comments
* Remove lingering logic related to trackingLocation
* Remove now-unused argument from useCopyText
* Remove lingering telemetry references from PreparingWorkspace
* fixup Remove trackDotMenuEvent
* Remove lingering telemetry references from signup page and password check
* Update snapshots and fix test broken by my changes
* Fix unintended behavior change in thread list filtering
Remove handleSetFilter wrapper that was accidentally modified during
telemetry removal. The function was calling clear() when switching to
unread filter, which was not the original behavior. Use setFilter
directly instead, restoring the original functionality.
* Remove unused useOpenDowngradeModal hook
The useOpenDowngradeModal hook was not being used anywhere in the codebase.
* Remove unused expandableLink from useExpandOverageUsersCheck
The expandableLink return value was not being used by any components.
* Re-add missing TeamLinkClicked performance telemetry
The mark(Mark.TeamLinkClicked) call was accidentally removed from the
handleSwitch function. This telemetry is needed for Looker-based
performance tracking.
* drop LogSettings.VerboseDiagnostics
---------
Co-authored-by: Harrison Healey <harrisonmhealey@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
- Remove NotificationLogSettings configuration entirely
- Add new notification-specific log levels (NotificationError, NotificationWarn, NotificationInfo, NotificationDebug, NotificationTrace)
- Consolidate all notification logs into standard mattermost.log file
- Update all notification logging code to use new multi-level logging (MlvlNotification*)
- Remove notification logger infrastructure and support packet integration
- Update test configurations and remove deprecated functionality tests
- Add comprehensive tests for new notification log levels
This change simplifies log analysis by unifying all application logging while maintaining flexibility through Advanced Logging configuration for administrators who need separate notification logs.
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Initial comit for ip filtering service implementation
* Add audit logs for IP Filters
* start of webapp work
* Stashing
* Updates based on Agniva's feedback around service vs einterface
* Updates completed
* Commit before refactoring, everything's working
* First pass of cleanup complete, front-end tests added
* actually add files
* Updates to some translation strings, running i18n-extract
* Lock everything behind a feature flag
* Fix tests, try to fix some linter stuff
* Fixed linter for JS, on to scss
* Fixed linter for scss
* Fix linter
* More fixes for pipeline
* Support for IPV6
* Remove tsx file that was removed in masteR
* Revert package.json and package-lock.json to master, add cidr-regex dep into channels/package.json
* Another commit to force fix Github
* Fixes around IPV6. Some suggestions from Matt re: UX review. Fixing pipelines for tests and types on new cidr-regex package
* Changes to address Matt's feedback
* A few more changes for clean up
* Add support for permissions
* Fix vet for OpenAPI spec
* Actually add the yaml file for openapi
* Add permission migration to allow support for IP Filtering
* Fix tests
* Final fixes from Matt
* Remove cancel button from page, update link outs to documentation
* Update test to account for removed cancel button
* Adjustments based on feedback from Harrison
* More fixes from PR feedback
* Add a t to fix translations that doesn't seem to be breaking anyone else?
* More fix
* updates for PR feedback
* Fix linter
* Fix types
* Now fix the linter again
* Add back tests because Harrison was able to get them running
* Adjustments for PR feedback
* Remove admin_definition.jsx
* Fix linter
* [CLD-6453] IP Filtering notification email for sysadmins (#25224)
* Initial commit for IP filtering alert email
* Updates to style for email, addition of ip_filtering email:
* Fix pipelines
* Adjustments from Matt's feedback
* Padding changes
* template diff (#25249)
Co-authored-by: Gabe Jackson <3694686+gabrieljackson@users.noreply.github.com>
* Fix hardcoded true, remove bool return value
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Gabe Jackson <3694686+gabrieljackson@users.noreply.github.com>
* Lock feature behind enterprise license. Drop cidr-regex in favour of ipaddr.js dependency. Refactor isIpAddressWithinRanges to use ipaddr.js
* Add a couple server tests
* fix linter
* Fix types from merge conflicts
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Gabe Jackson <3694686+gabrieljackson@users.noreply.github.com>
It was a good decision in hindsight to keep the public module as 0.x
because this would have been a breaking change again.
https://mattermost.atlassian.net/browse/MM-53032
```release-note
Changed the Go module path from github.com/mattermost/mattermost-server/server/v8 to github.com/mattermost/mattermost/server/v8.
For the public facing module, it's path is also changed from github.com/mattermost/mattermost-server/server/public to github.com/mattermost/mattermost/server/public
```
https://mattermost.atlassian.net/browse/MM-52079
```release-note
We upgrade the module version to 8.0. The new module path is github.com/mattermost-server/server/v8.
```
Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
