* MM-67592 - be changes for team admin abac channels (#35353)
* MM-67592 - be changes for team admin abac channels
* Revert team-scoped API routes, keep app layer business logic
* move from config to permission; Add cluster-aware LRU cache for policy team scope lookup
* remove unnecessary references to config value
* local/remote cache invalidation consistency for policy scope
* Replace policy scope cache with store-level team scope query
* rename functions and add comments to query
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM 67594 - policies CUD operations to team settings modal channels ABAC (#35590)
* MM-67592 - be changes for team admin abac channels
* Revert team-scoped API routes, keep app layer business logic
* move from config to permission; Add cluster-aware LRU cache for policy team scope lookup
* remove unnecessary references to config value
* local/remote cache invalidation consistency for policy scope
* Replace policy scope cache with store-level team scope query
* format files correctly
* fix mock expectations for store-query approach in tests
* rename functions and add comments to query
* revert error ids to original to prevent break tests
* adjust translations
* MM-67669 - add tab to team settings modal and basic listing
* adjust tests and fix linter
* use existing search api logic
* fix style and adjust flaky test to clean up and restore orinals
* address ai corabbit feedback and fix linter
* fix unit tests
* MM-67592 - be changes for team admin abac channels (#35353)
* MM-67592 - be changes for team admin abac channels
* fix linter
* fix ts linter for playwright
* Revert team-scoped API routes, keep app layer business logic
* move from config to permission; Add cluster-aware LRU cache for policy team scope lookup
* remove unnecessary references to config value
* local/remote cache invalidation consistency for policy scope
* Replace policy scope cache with store-level team scope query
* format files correctly
* fix mock expectations for store-query approach in tests
* rename functions and add comments to query
* revert error ids to original to prevent break tests
* adjust translations
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-67594 - support cud operations for team abac BE changes
* create the team settings policy edit section, reuse most components, add basic e2e
* move optional refresh policy list button to list component
* temp get team admins cud policies and sync job
* enhance validation and adjust e2e
* Fix testExpression permission; fix pagination of team policies; add isValidId validation
* adjust styles, handling renaming and add permission migrations
* update the permissions names, use the simple confirmation modal, define the delete modal
* fix policy deletion flow
* fix some linter issues and adjust helper tests
* remove delete from list and fix e2e
* code comments clean up
* remove CEL editor for now, clean styles, enhance e2e
* fix linter, adjust unit test
* fix linter and add missing translation
* fix policy deletion ownership and sanitize test expression
* fixed e2e tests
* rollback orphaned policy on failed channel assignment
* enforce channelless check before last_team_id fallback
* enforce channelless guard on assign fallback too
* add translations missing
* add teamId to audit payload when present
* fix refresh button pagination reset
* fix null safety in channel selector loadChannels
* use responsive width cap for team settings modal and adjust header size
* remove redundant raw term from channel search URL, add showRefreshButton prop to PolicyList component
* handle error when stamping last team ID on channelless policy
* replace Props-based ownership with in-memory LRU cache, disable save on zero channels
* make e2e tests more reliable in CI
* test skip if no license valid found
* add childCount guard to cache-hit paths and reduce TTL to 5s
* fix e2e, adjust translation
* address review feedback: flatten permission checks and separate error types
- Flatten nested permission branching in deleteAccessControlPolicy using
early returns to reduce indentation (review: isacikgoz)
- Validate teamID as input (400) before using it for permission checks (403)
in testExpression and validateExpressionAgainstRequester handlers
- Remove redundant hasSystemPermission check in searchAccessControlPolicies
since system_admin role already includes manage_team_access_rules
- Refactor ValidateTeamAdminPolicyOwnership to return (bool, *model.AppError)
separating "not owned" from "internal error" across all 8 call sites
- Update tests to assert on both return values
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* add persistent team scope to access control policies, replace in-memory cache
* fix translation
* fix case-insensitive policy search and sanitize search term input
* make policies tests have a unique name
* decouple scope/scopeID filter from TeamID in policy store
* Fix authZ bypass searchChannelsForAccessControlPolicy by forcing TeamIds to authorized team
* show unsaved changes on navigator back, and list all private channels on load
* filter already applied channels to a policy
* adjust the styles to dark mode; do not show added channels to the policy in the add channels modal
* fix linter
* MM-67967 add sync status footer to team settings (#35729)
* MM-67967 add sync status footer to team settings
* remove magic numbers and strings and polish the code
* fix linter
* fix linter: replace interface{} with any per gofmt rewrite rule
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refine getJobsByType team-scoped filtering and permissions
* fix sync footer stuck in syncing state on job creation error
* fix team-scoped job pagination in getJobsByType
* Fix authZ bypass searchChannelsForAccessControlPolicy by forcing TeamIds to authorized team
* implement ux feedback, change titles font, fix marging and scroll view jump
* MM-68135 - migrate add channels to policy modal to generic modal (#35907)
* MM-67920 unify e2e team settings tests (#35867)
* MM-67920 - extract duplicated policy editor helpers
* remove duplicate team icon test file
* rename Access Control to Membership Policies in e2e
* replace networkidle with explicit element waits
* fix attribute loading issue
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix playwright feedback issues and persist filters to the store layer in the no systemconsole path
* Improve policy scope validation and team admin security checks
* Renamed public channels to "AAA Public Channel %03d" and private ones to "ZZZ Private..." so the 55 public channels now fill the 50-result cap
* fix e2e tests and add new unit tests to improve coverage
* Improve e2e test stability: race condition handling and timeout adjustments
* Improve team-scoped ABAC policies: scope preservation, input validation, shared exclusion
* Add comprehensive ABAC test coverage: team admin ops and security validation to reduce flakyness
* Fix team policy editor back button: preserve navigation intent through Undo
* style: format import statements for better readability
* Enhance access control policy creation for team admins: enforce scope stamping from query parameters to prevent unauthorized team assignments
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* MM-65618 - filter based on admin values
* add open api documentation
* adjust api description and adjust UX to match design
* reorganize function and add unit tests
* more UX adjustments; always show the self-exclusion warning modal
* use SubjectID parameter for more performant user lookup instead of fetching all matching users
* fix unit tests and remove wrong condition for job run
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-65182 - auto disable toggle on rules deleted and channel admin permissions update
* fix types and fix unit test
* adjust the useEffect hook and fix auto-save issue
* MM-65183 - rename access rules tab to access control (#33812)
* fix infinite loop issue and fix channel admin permissions issue
* fix linter and fix snapshots
* allow non-sysadmin users to see the system policy information banner
* stack modals backdrops
* address pr feedback; reorganize function and add unit tests
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
