Versions Compared

Version Old Version 18 New Version 19
Changes made by

Martin Kraft

Martin Kraft

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Per the permissions system design, a channel scheme completely overrides all channel-scoped permissions on the associated channel(s). This means that if there are permissions that are not exposed by channel moderation, admins will expect those permissions to be configured as per the higher-scoped scheme—lest permissions be overridden behind the scenes on the channel scheme without the knowledge of admins.

For example, say the higher-scoped scheme removes the “Archive Channels” permission (technically the delete_public_channel and delete_private_channel permissions). That permission is not configurable on the channel scheme given the current UI, so the system admin would not expect that permission to remain present for all channel that have moderation enabled, in spite of the fact that the permissions architecture would leave it present on the channel scheme by default. So we must have code that removes that permission from the channel scheme for all affected channels.

Since there is no “inheritance” as such between schemes, all channel-scoped permissions that are not modified by the channel moderation UI are updated on the channel scheme upon each change to the higher-scoped scheme.

...

  • add a channel-scoped permission to a team scheme (if it has an associated team)

  • remove a channel-scoped permissions from a team scheme (if it has an associated team)

  • add a team to a team scheme

  • remove a team from a team scheme

  • delete a team scheme

  • create a team scheme (if it has an associated team)


Question for Platform team: Is this synchronization compatible with the plan for the future custom roles?

Permissions

New permission:

...

manage_public_channel_properties
manage_private_channel_properties
delete_public_channel
delete_private_channel
remove_others_reactions
upload_file
create_post_public
create_post_ephemeral
manage_channel_roles
read_channel

Question for PM: Do we need to expose create_post and use_channel_mentions in the system and team schemes UI?

Schema

No schema changes.

REST API

...

  • When “enable channel moderation” is toggled off, a DELETE request is made to /api/v4/schemes/:scheme_id

  • Update the create post flow (for example in mattermost-server/app/notifications.go) to restrict access to channel mention notifications to those with the use_channel_mentions permission.

Question for PM: Presumably we’re going to allow users to enter the text “@all”, “@here”, “@channel” in their posts but those strings simply don’t trigger notifications. Is that correct?

CLI

Out of scope.

Configuration

None needed unless channel moderation is experimental.

Question for PM: will channel moderation be experimental?

Webapp only

  • TBD. Designs for the channel moderation UI in the system console is pending.

...