mattermost-community-enterprise/cmd/mmctl/commands/roles.go

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.

package commands

import (
	"context"
	"fmt"
	"strings"

	"github.com/hashicorp/go-multierror"
	"github.com/mattermost/mattermost/server/public/model"

	"github.com/mattermost/mattermost/server/v8/cmd/mmctl/client"
	"github.com/mattermost/mattermost/server/v8/cmd/mmctl/printer"

	"github.com/spf13/cobra"
)

var RolesCmd = &cobra.Command{
	Use:   "roles",
	Short: "Manage user roles",
}

var RolesSystemAdminCmd = &cobra.Command{
	Use:     "system-admin [users]",
	Aliases: []string{"system_admin"},
	Short:   "Set a user as system admin",
	Long:    "Make some users system admins.",
	Example: `  # You can make one user a sysadmin
  $ mmctl roles system-admin john_doe

  # Or promote multiple users at the same time
  $ mmctl roles system-admin john_doe jane_doe`,
	RunE: withClient(rolesSystemAdminCmdF),
	Args: cobra.MinimumNArgs(1),
}

var RolesMemberCmd = &cobra.Command{
	Use:   "member [users]",
	Short: "Remove system admin privileges",
	Long:  "Remove system admin privileges from some users.",
	Example: `  # You can remove admin privileges from one user
  $ mmctl roles member john_doe

  # Or demote multiple users at the same time
  $ mmctl roles member john_doe jane_doe`,
	RunE: withClient(rolesMemberCmdF),
	Args: cobra.MinimumNArgs(1),
}

func init() {
	RolesCmd.AddCommand(
		RolesSystemAdminCmd,
		RolesMemberCmd,
	)

	RootCmd.AddCommand(RolesCmd)
}

func rolesSystemAdminCmdF(c client.Client, _ *cobra.Command, args []string) error {
	var errs *multierror.Error
	users := getUsersFromUserArgs(c, args)
	for i, user := range users {
		if user == nil {
			userErr := fmt.Errorf("unable to find user %q", args[i])
			errs = multierror.Append(errs, userErr)
			printer.PrintError(userErr.Error())
			continue
		}

		systemAdmin := false
		roles := strings.Fields(user.Roles)
		for _, role := range roles {
			if role == model.SystemAdminRoleId {
				systemAdmin = true
			}
		}

		if !systemAdmin {
			roles = append(roles, model.SystemAdminRoleId)
			if _, err := c.UpdateUserRoles(context.TODO(), user.Id, strings.Join(roles, " ")); err != nil {
				updateErr := fmt.Errorf("can't update roles for user %q: %w", args[i], err)
				errs = multierror.Append(errs, updateErr)
				printer.PrintError(updateErr.Error())
				continue
			}

			printer.Print(fmt.Sprintf("System admin role assigned to user %q. Current roles are: %s", args[i], strings.Join(roles, ", ")))
		}
	}

	return errs.ErrorOrNil()
}

func rolesMemberCmdF(c client.Client, _ *cobra.Command, args []string) error {
	var errs *multierror.Error
	users := getUsersFromUserArgs(c, args)
	for i, user := range users {
		if user == nil {
			userErr := fmt.Errorf("unable to find user %q", args[i])
			errs = multierror.Append(errs, userErr)
			printer.PrintError(userErr.Error())
			continue
		}

		shouldRemoveSysadmin := false
		var newRoles []string

		roles := strings.FieldsSeq(user.Roles)
		for role := range roles {
			switch role {
			case model.SystemAdminRoleId:
				shouldRemoveSysadmin = true
			default:
				newRoles = append(newRoles, role)
			}
		}

		if shouldRemoveSysadmin {
			if _, err := c.UpdateUserRoles(context.TODO(), user.Id, strings.Join(newRoles, " ")); err != nil {
				updateErr := fmt.Errorf("can't update roles for user %q: %w", args[i], err)
				errs = multierror.Append(errs, updateErr)
				printer.PrintError(updateErr.Error())
				continue
			}

			printer.Print(fmt.Sprintf("System admin role revoked for user %q. Current roles are: %s", args[i], strings.Join(newRoles, ", ")))
		}
	}

	return errs.ErrorOrNil()
}