mirror of
https://github.com/mattermost/mattermost.git
synced 2026-05-25 02:48:37 -04:00
d4471bece1
Some checks are pending
API / build (push) Waiting to run
Server CI / Compute Go Version (push) Waiting to run
Server CI / Check mocks (push) Blocked by required conditions
Server CI / Check go mod tidy (push) Blocked by required conditions
Server CI / Check go fix (push) Blocked by required conditions
Server CI / check-style (push) Blocked by required conditions
Server CI / Check serialization methods for hot structs (push) Blocked by required conditions
Server CI / Vet API (push) Blocked by required conditions
Server CI / Check migration files (push) Blocked by required conditions
Server CI / Generate email templates (push) Blocked by required conditions
Server CI / Check store layers (push) Blocked by required conditions
Server CI / Check mmctl docs (push) Blocked by required conditions
Server CI / Postgres (shard 0) (push) Blocked by required conditions
Server CI / Postgres (shard 1) (push) Blocked by required conditions
Server CI / Postgres (shard 2) (push) Blocked by required conditions
Server CI / Postgres (shard 3) (push) Blocked by required conditions
Server CI / Merge Postgres Test Results (push) Blocked by required conditions
Server CI / Elasticsearch v8 Compatibility (push) Blocked by required conditions
Server CI / Postgres FIPS (shard 0) (push) Blocked by required conditions
Server CI / Postgres FIPS (shard 1) (push) Blocked by required conditions
Server CI / Postgres FIPS (shard 2) (push) Blocked by required conditions
Server CI / Postgres FIPS (shard 3) (push) Blocked by required conditions
Server CI / Merge Postgres FIPS Test Results (push) Blocked by required conditions
Server CI / Run mmctl tests (push) Blocked by required conditions
Server CI / Run mmctl tests (FIPS) (push) Blocked by required conditions
Server CI / Build mattermost server app (push) Blocked by required conditions
Tools CI / check-style (mattermost-govet) (push) Waiting to run
Tools CI / Test (mattermost-govet) (push) Waiting to run
Web App CI / check-lint (push) Waiting to run
Web App CI / check-i18n (push) Blocked by required conditions
Web App CI / check-external-links (push) Blocked by required conditions
Web App CI / check-types (push) Blocked by required conditions
Web App CI / test (platform) (push) Blocked by required conditions
Web App CI / test (mattermost-redux) (push) Blocked by required conditions
Web App CI / test (channels shard 1/4) (push) Blocked by required conditions
Web App CI / test (channels shard 2/4) (push) Blocked by required conditions
Web App CI / test (channels shard 3/4) (push) Blocked by required conditions
Web App CI / test (channels shard 4/4) (push) Blocked by required conditions
Web App CI / upload-coverage (push) Blocked by required conditions
Web App CI / build (push) Blocked by required conditions
YAML Lint / yamllint (push) Waiting to run
* MM-68501 - implement GetMaskedVisualAST and wire API handler
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* add missing test and fix style issues
* fix styles
* implement coderabbit feedback
* MM-68501 - PR review: split masking file, model-level access mode, reject contradictory config
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* MM-68501 - apply shared_only filter to non-option field values (binary masking)
* MM-68501 - consolidate masking flag check and log corrupt text value during masking
* MM-68503 - add CEL utilities, write-path validation, and merge helpers
Combined set of helpers consumed by BE-5's save path:
CEL construction / serialization
- extractStringValues, buildCELFromConditions, conditionToCEL,
celStringLiteral, celValueLiteral. Used to rebuild a CEL string from a
VisualExpression, including for GetMaskedExpression on the read-side
of policy GET / search responses.
Merge-on-save helpers
- getHiddenValues (per-condition, with pre-fetched fields map for N+1
avoidance) — finds which stored values are not visible to the caller.
- mergeConditionValues — re-injects the hidden values into a submitted
condition without duplicates.
- Together, these let BE-5 preserve attribute values the caller cannot
see while still letting them edit the visible parts of a policy.
Write-path value-hold validation
- validatePolicyExpressionValues, invalidValueError, validateConditionValues.
- Generic "Invalid value." error on every rejection — no signal about
whether the value exists or is merely not held (prevents enumeration).
- Rejects the masked-token sentinel "--------" if submitted as a literal.
These all live in access_control_masking.go alongside the masking primitives
that BE-2 introduced. i18n entries added for the two new error IDs
(app.pap.save_policy.invalid_value, app.pap.validate_expression_values.app_error).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* MM-68503 - handle the masked-token sentinel in validation and merge
When the GET /policies endpoint returns a policy via MaskPolicyExpressions,
the raw expression contains the masked-token sentinel "--------" in place
of hidden values. If the frontend round-trips that expression unchanged
back to the server (e.g., the admin only modified channel assignment, not
the rules), the sentinel reaches the save path.
The previous code in validateConditionValues rejected the sentinel as
"Invalid value." This blocks the legitimate round-trip case.
Fix:
- validateConditionValues: treat the sentinel as a placeholder and skip
it during visibility / source-only / unknown-mode checks. Other values
are still validated normally.
- mergeConditionValues: strip the sentinel from submitted values before
appending hidden values, so it never propagates to the stored result.
Both array and single-value forms (string == "--------") are handled.
TestMaskedTokenRejection (which asserted the old rejection behavior) is
replaced by TestMaskedTokenConstant which only verifies the sentinel
string itself.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* MM-68504 - integrate save-path masking: 403 block on delete, merge-on-save, response masking
Save path (CreateOrUpdateAccessControlPolicy):
* validatePolicyExpressionValues runs on the submitted expression before
merge so re-injected hidden values are never validated against the
caller's holdings.
* mergeStoredPolicyExpressions re-injects hidden values from the stored
policy and blocks (HTTP 403) any attempt to remove a condition that
contained values the caller cannot see — closes the row-deletion gap
in classified environments.
* mergeExpressionWithMaskedValues unwraps single-element arrays for scalar
operators after restoring the stored operator (avoids "attr == [val]"
invalid CEL when the frontend submits "attr in []" as the masked-row
placeholder for an originally-scalar condition).
* checkSelfInclusion is bypassed for system admins (they may legitimately
write conditions for values they do not hold); masking and value-hold
validation still apply to system admins.
Delete path (DeleteAccessControlPolicy):
* Same masked-values 403 block — a caller with masked values cannot delete
the policy at all (UI Delete button is also disabled in FE-3).
Response masking:
* createAccessControlPolicy and setAccessControlPolicyActiveStatus run
MaskPolicyExpressions on the response so even a save reply doesn't
leak the values the caller does not hold.
GetMaskedExpression, maskConditionValuesWithToken, replaceHiddenValuesWithToken,
MaskPolicyExpressions live alongside the rest of the masking helpers in
access_control_masking.go.
team_access_control.go: corrects ValidateChannelEligibilityForAccessControl
call site (drops the spurious receiver and rctx; it's a package-level helper
that only takes channel).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* MM-68503 - address PR review: batch field fetches, propagate errors, fail-closed write path
* MM-68503 - restore team-admin api4 tests accidentally dropped during BE-5 rebuild
* MM-68503 - address review and CodeRabbit feedback on save-path masking
* add tests for delete masking, self-inclusion, GET mask
* add assertions to strengten tests
* fail-closed guard for advanced expressions in merge-on-save, plus helper unit tests, and FF/test-helper cleanups
* Refactor access control methods to use GetPropertyGroup for CPA group ID retrieval
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
|
||
|---|---|---|
| .. | ||
| bin | ||
| build | ||
| channels | ||
| cmd | ||
| config | ||
| einterfaces | ||
| enterprise | ||
| fips | ||
| fonts | ||
| i18n | ||
| platform | ||
| public | ||
| scripts | ||
| templates | ||
| tests | ||
| .gitignore | ||
| .go-version | ||
| .golangci.yml | ||
| .sass-lint.yml | ||
| AGENTS.md | ||
| config.mk | ||
| copyright.txt | ||
| docker-compose.makefile.yml | ||
| docker-compose.pgvector.yml | ||
| docker-compose.yaml | ||
| go.mod | ||
| go.sum | ||
| Makefile | ||
| path.go | ||