Versions Compared

Version Old Version 23 New Version 24
Changes made by

Martin Kraft

Martin Kraft

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • exposing channel moderation in the system console in the channel details view

  • updates to the UI (webapp and mobile) to apply the create_post permission

  • updates to the UI (webapp and mobile) to apply the new mentionuse_channel_mentions permission

Out:

  • CLI changes

  • chat-facing administration of channel moderation settings

  • plugin changes

  • feature tracking

...

Channel-scoped permissions are the only type of permissions that can be used by channel schemes, thus they’re the only permissions modifiable by channel moderation settings, and the only permissions that must be updated per changes to the higher-scoped scheme.

Question for dev: Instead of keeping the non-channel-moderated channel-scoped permissions synchronized between the higher-scoped scheme and the channel schemes could we change the core way the permissions system works to use the channel scheme for a set of permissions and the higher-scoped scheme for the rest?

The following actions trigger synchronization of permissions from high-scoped schemes to channel schemes:

...

  • add a channel-scoped permission to a team scheme (if it has an associated team)

  • remove a channel-scoped permissions from a team scheme (if it has an associated team)

  • add a team to a team scheme

  • remove a team from a team scheme

  • delete a team scheme

  • create a team scheme (if it has an associated team)


Question for Platform team: Is this synchronization compatible with the plan for the future custom roles?

[^^^ TBD ^^^]

...

Permissions

New permission:

mentionuse_channel_mentions

Guest role permissions modified by channel moderation:

add_reaction/remove_reaction
create_post
mentionuse_channel_mentions

Member role permissions modified by channel moderation:

add_reaction/remove_reaction
create_post
manage_public_channel_members/manage_private_channel_members
mentionuse_channel_mentions

Guest, member, and channel admin role channel-scoped permissions that must be read from (or replicated from) the higher-scoped scheme:

create_post_public
create_post_ephemeral
delete_post/delete_others_posts
edit_post/edit_others_posts
manage_channel_roles
manage_public_channel_properties/manage_private_channel_properties
delete_public_channel/delete_private_channel
read_channel
remove_others_reactions
upload_file

Question for PM: Do we need to expose create_post and mentionuse_channel_mentions in the system and team schemes UI?

Schema

No schema changes.

REST API

...

Code Block
languagejson
[{
        "name": "create_post",
        "roles": {
            "guests": {
                "value": false,
                "enabled": true
            },
            "members": {
                "value": false,
                "enabled": true
            }
        }
    },
    {
        "name": "post_reactions",
        "roles": {
            "guests": {
                "value": false,
                "enabled": false
            },
            "members": {
                "value": true,
                "enabled": true
            }
        }
    },
    {
        "name": "manage_members",
        "roles": {
            "members": {
                "value": true,
                "enabled": true
            }
        }
    }, {
        "name": "mentionuse_channel_mentions",
        "roles": {
            "guests": {
                "value": false,
                "enabled": true
            },
            "members": {
                "value": true,
                "enabled": true
            }
        }
    }
]

...

  • Update the create post flow (for example in mattermost-server/app/notifications.go) to restrict access to channel mention notifications to those with the mentionuse_channel_mentions permission.

CLI

Out of scope.

...