Remove license checks from Enterprise API endpoints

Removes license validation from: - LDAP API endpoints (sync, test, groups, etc.) - SAML migration API - Custom permission schemes API - Group management API All Enterprise features now work without a license in Community Enterprise. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-18 01:05:27 +09:00 · 2025-12-18 01:05:27 +09:00 · 7ce2e2b810
commit 7ce2e2b810
parent a9c33b44eb
4 changed files with 15 additions and 58 deletions
--- a/channels/api4/group.go
+++ b/channels/api4/group.go
@ -918,9 +918,7 @@ func getGroupsByTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 }

 func getGroupsByTeamCommon(c *Context, r *http.Request) ([]byte, *model.AppError) {
-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups {
-		return nil, model.NewAppError("Api4.getGroupsByTeam", "api.ldap_groups.license_error", nil, "", http.StatusForbidden)
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionToTeam(*c.AppContext.Session(), c.Params.TeamId, model.PermissionListTeamChannels) {
 		return nil, model.MakePermissionError(c.AppContext.Session(), []*model.Permission{model.PermissionListTeamChannels})
@ -957,9 +955,7 @@ func getGroupsByTeamCommon(c *Context, r *http.Request) ([]byte, *model.AppError
 }

 func getGroupsByChannelCommon(c *Context, r *http.Request) ([]byte, *model.AppError) {
-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups {
-		return nil, model.NewAppError("Api4.getGroupsByChannel", "api.ldap_groups.license_error", nil, "", http.StatusForbidden)
-	}
+	// Community Enterprise: License check removed for open source usage

 	channel, appErr := c.App.GetChannel(c.AppContext, c.Params.ChannelId)
 	if appErr != nil {
--- a/channels/api4/ldap.go
+++ b/channels/api4/ldap.go
@ -46,10 +46,7 @@ func (api *API) InitLdap() {
 }

 func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) {
-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAP {
-		c.Err = model.NewAppError("api4.syncLdap", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionCreateLdapSyncJob) {
 		c.SetPermissionError(model.PermissionCreateLdapSyncJob)
@ -66,10 +63,7 @@ func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) {
 }

 func testLdap(c *Context, w http.ResponseWriter, r *http.Request) {
-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAP {
-		c.Err = model.NewAppError("api4.testLdap", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionTestLdap) {
 		c.SetPermissionError(model.PermissionTestLdap)
@ -85,10 +79,7 @@ func testLdap(c *Context, w http.ResponseWriter, r *http.Request) {
 }

 func testLdapConnection(c *Context, w http.ResponseWriter, r *http.Request) {
-	if c.App.Channels().License() == nil || !model.SafeDereference(c.App.Channels().License().Features.LDAP) {
-		c.Err = model.NewAppError("api4.testLdapConnection", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionTestLdap) {
 		c.SetPermissionError(model.PermissionTestLdap)
@ -110,10 +101,7 @@ func testLdapConnection(c *Context, w http.ResponseWriter, r *http.Request) {
 }

 func testLdapDiagnostics(c *Context, w http.ResponseWriter, r *http.Request) {
-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAP {
-		c.Err = model.NewAppError("Api4.testLdapDiagnostics", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionTestLdap) {
 		c.SetPermissionError(model.PermissionTestLdap)
@ -155,10 +143,7 @@ func getLdapGroups(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups {
-		c.Err = model.NewAppError("api4.getLdapGroups", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	opts := model.LdapGroupSearchOpts{
 		Q: c.Params.Q,
@ -218,10 +203,7 @@ func linkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
 	defer c.LogAuditRec(auditRec)
 	model.AddEventParameterToAuditRec(auditRec, "remote_id", c.Params.RemoteId)

-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups {
-		c.Err = model.NewAppError("api4.linkLdapGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	ldapGroup, appErr := c.App.GetLdapGroup(c.AppContext, c.Params.RemoteId)
 	if appErr != nil {
@ -320,10 +302,7 @@ func unlinkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAPGroups {
-		c.Err = model.NewAppError("api4.unlinkLdapGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	group, err := c.App.GetGroupByRemoteID(c.Params.RemoteId, model.GroupSourceLdap)
 	if err != nil {
@ -363,10 +342,7 @@ func migrateIDLdap(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAP {
-		c.Err = model.NewAppError("api4.idMigrateLdap", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if err := c.App.MigrateIdLDAP(c.AppContext, toAttribute); err != nil {
 		c.Err = err
--- a/channels/api4/scheme.go
+++ b/channels/api4/scheme.go
@ -32,10 +32,7 @@ func createScheme(c *Context, w http.ResponseWriter, r *http.Request) {
 	defer c.LogAuditRec(auditRec)
 	model.AddEventParameterAuditableToAuditRec(auditRec, "scheme", &scheme)

-	if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) {
-		c.Err = model.NewAppError("Api4.CreateScheme", "api.scheme.create_scheme.license.error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementPermissions) {
 		c.SetPermissionError(model.PermissionSysconsoleWriteUserManagementPermissions)
@ -197,10 +194,7 @@ func patchScheme(c *Context, w http.ResponseWriter, r *http.Request) {
 	model.AddEventParameterAuditableToAuditRec(auditRec, "scheme_patch", &patch)
 	defer c.LogAuditRec(auditRec)

-	if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) {
-		c.Err = model.NewAppError("Api4.PatchScheme", "api.scheme.patch_scheme.license.error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	model.AddEventParameterToAuditRec(auditRec, "scheme_id", c.Params.SchemeId)

@ -242,10 +236,7 @@ func deleteScheme(c *Context, w http.ResponseWriter, r *http.Request) {
 	model.AddEventParameterToAuditRec(auditRec, "scheme_id", c.Params.SchemeId)
 	defer c.LogAuditRec(auditRec)

-	if c.App.Channels().License() == nil || (!*c.App.Channels().License().Features.CustomPermissionsSchemes && c.App.Channels().License().SkuShortName != model.LicenseShortSkuProfessional) {
-		c.Err = model.NewAppError("Api4.DeleteScheme", "api.scheme.delete_scheme.license.error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionSysconsoleWriteUserManagementPermissions) {
 		c.SetPermissionError(model.PermissionSysconsoleWriteUserManagementPermissions)
--- a/channels/api4/user.go
+++ b/channels/api4/user.go
@ -3287,10 +3287,7 @@ func migrateAuthToLDAP(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.LDAP {
-		c.Err = model.NewAppError("api.migrateAuthToLDAP", "api.admin.ldap.not_available.app_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	// Email auth in Mattermost system is represented by ""
 	if from == "email" {
@ -3346,10 +3343,7 @@ func migrateAuthToSaml(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if c.App.Channels().License() == nil || !*c.App.Channels().License().Features.SAML {
-		c.Err = model.NewAppError("api.migrateAuthToSaml", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented)
-		return
-	}
+	// Community Enterprise: License check removed for open source usage

 	// Email auth in Mattermost system is represented by ""
 	if from == "email" {