Added support for OAuth2 scopes

apps/app.go

@@ -48,6 +48,10 @@ type App struct {
 	// upon the sysadmin's consent, during installing the App.
 	GrantedPermissions Permissions `json:"granted_permissions,omitempty"`
 
+	// GrantedScopes are the Mattermost OAuth2 scopes granted to the App upon
+	// its installation/consent.
+	GrantedScopes model.AppScopes `json:"granted_scopes,omitempty"`
+
 	// GrantedLocations contains the list of top locations that the application
 	// is allowed to bind to.
 	//
@@ -105,6 +109,7 @@ func (app *App) Strip(level ExpandLevel) *App {
 			BotUsername:   app.BotUsername,
 			DeployType:    app.DeployType,
 			WebhookSecret: app.WebhookSecret,
+			GrantedScopes: app.GrantedScopes,
 		}
 
 	default:

apps/manifest.go

@@ -9,6 +9,8 @@ import (
 
 	"github.com/hashicorp/go-multierror"
 
+	"github.com/mattermost/mattermost-server/v6/model"
+
 	"github.com/mattermost/mattermost-plugin-apps/apps/path"
 	"github.com/mattermost/mattermost-plugin-apps/utils"
 	"github.com/mattermost/mattermost-plugin-apps/utils/httputils"
@@ -117,7 +119,12 @@ type Manifest struct {
 	// is passed to the call serialized as HTTPCallRequest (JSON).
 	OnRemoteWebhook *Call `json:"on_remote_webhook,omitempty"`
 
+	// RequestedScopes is the list of OAuth2 scopes requested by the app.
+	// TODO: link to model/scopes.go
+	RequestedScopes model.AppScopes `json:"requested_scopes,omitempty"`
+
 	// Requested Access
+	// TODO: replace permissions with scopes?
 	RequestedPermissions Permissions `json:"requested_permissions,omitempty"`
 
 	// RemoteWebhookAuthType specifies how incoming webhook messages from remote
@@ -198,6 +205,7 @@ func (m Manifest) Validate() error {
 		m.AppID,
 		m.Version,
 		m.RequestedPermissions,
+		m.RequestedScopes,
 		m.Deploy,
 	} {
 		if v != nil {

apps/permissions.go

@@ -12,10 +12,6 @@ type Permissions []Permission
 type Permission string
 
 const (
-	// PermissionUserJoinedChannelNotification means that the app is allowed to
-	// receive user_joined_channel notifications
-	PermissionUserJoinedChannelNotification Permission = "user_joined_channel_notification"
-
 	// PermissionActAsBot means that a Bot User will be created when the App is
 	// installed. Call requests will then include the Bot access token, the app
 	// can use them with the Mattermost REST API. The bot will not automatically
@@ -47,12 +43,10 @@ func (p Permissions) Contains(permission Permission) bool {
 func (p Permission) String() string {
 	m := ""
 	switch p {
-	case PermissionUserJoinedChannelNotification:
-		m = "be notified when users join channels"
 	case PermissionActAsUser:
-		m = "use Mattermost REST API as connected users"
+		m = "Use Mattermost REST API as the connected user"
 	case PermissionActAsBot:
-		m = "use Mattermost REST API as the app's bot user"
+		m = "Use Mattermost REST API as the app's bot user"
 	case PermissionRemoteOAuth2:
 		m = "use a remote (3rd party) OAuth2 and store secrets"
 	case PermissionRemoteWebhooks:
@@ -72,7 +66,6 @@ func (p Permissions) Validate() error {
 	for _, pp := range []Permissions{
 		{PermissionRemoteWebhooks, PermissionActAsBot},
 		{PermissionRemoteOAuth2, PermissionActAsUser},
-		{PermissionUserJoinedChannelNotification, PermissionActAsBot},
 	} {
 		if len(pp) == 0 || !p.Contains(pp[0]) {
 			continue

assets/i18n/active.en.json

@@ -71,7 +71,7 @@
   "command.list.form.title": "list Apps",
   "command.list.hint": "[ flags ]",
   "command.list.label": "list",
-  "command.list.submit.header": "| Name | Status | Type | Version | Account | Locations | Permissions |",
+  "command.list.submit.header": "| Name | Status | Type | Version | Account | UI locations | App permissions | OAuth2 scopes |",
   "command.list.submit.listed": "Listed",
   "command.list.submit.status.disabled": "Installed, Disabled",
   "command.list.submit.status.installed": "**Installed**",
@@ -112,7 +112,8 @@
   "field.url.label": "url",
   "modal.install_consent.header.header": "Application **{{.DisplayName}}** requires system administrator's consent to:",
   "modal.install_consent.header.locations": "- Add the following elements to the **Mattermost User Interface**:",
-  "modal.install_consent.header.permissions": "- Access **Mattermost API** with the following permissions:",
+  "modal.install_consent.header.scopes.any": "- Access all available Mattermost REST APIs",
+  "modal.install_consent.header.scopes.specific": "- Use Mattermost REST APIs to:",
   "modal.install_consent.title": "Install App {{.DisplayName}}",
   "modal.kv.edit.submit.deleted": "Deleted:\n```\nKey: {{.Key}}\n```\n",
   "modal.kv.edit.submit.stored": "Stored:\n```\nKey: {{.Key}}\n\n{{.Value}}\n```\n",

assets/i18n/active.es.json

@@ -79,10 +79,6 @@
     "hash": "sha1-38b62be4bddaa5661c7d6b8e36e28159314df5c7",
     "other": "listar"
   },
-  "command.list.submit.header": {
-    "hash": "sha1-46a8d9b0941d59ddf86f3768abb3c061bde51ef4",
-    "other": "| Nombre | Estado | Tipo | Versión | Cuenta | Lugares | Permisos |"
-  },
   "command.list.submit.listed": {
     "hash": "sha1-bcbe3886b5c26bd97bef30d4801b3e4db9bd0130",
     "other": "Listado"

examples/goapp/hello-world/app.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/mattermost/mattermost-plugin-apps/apps"
 	"github.com/mattermost/mattermost-plugin-apps/apps/goapp"
+	"github.com/mattermost/mattermost-server/v6/model"
 )
 
 // static is preloaded with the contents of the ./static directory.
@@ -22,6 +23,11 @@ func main() {
 			DisplayName: "Hello, world! as a goapp",
 			Icon:        "icon.png",
 			HomepageURL: "https://github.com/mattermost/mattermost-plugin-apps/examples/go/goapp",
+			RequestedScopes: model.AppScopes{
+				model.ScopeUsersRead,
+				model.ScopePostsCreate,
+				model.ScopeChannelsCreate,
+			},
 		},
 		goapp.WithStatic(static),
 		goapp.WithCommand(send),

go.mod

@@ -2,27 +2,29 @@ module github.com/mattermost/mattermost-plugin-apps
 
 go 1.18
 
+// replace github.com/mattermost/mattermost-server/v6 => ../mattermost-server
+
 require (
-	github.com/aws/aws-lambda-go v1.19.1
-	github.com/aws/aws-sdk-go v1.44.34
-	github.com/awslabs/aws-lambda-go-api-proxy v0.13.2
+	github.com/aws/aws-lambda-go v1.34.1
+	github.com/aws/aws-sdk-go v1.44.91
+	github.com/awslabs/aws-lambda-go-api-proxy v0.13.3
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/golang/mock v1.6.0
 	github.com/google/go-cmp v0.5.8
 	github.com/gorilla/mux v1.8.0
-	github.com/hashicorp/go-getter v1.5.5
+	github.com/hashicorp/go-getter v1.6.2
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/mattermost/mattermost-plugin-api v0.0.22-0.20211210183909-beb4761e4bd3
-	github.com/mattermost/mattermost-server/v6 v6.0.0-20220811191350-87cbeafd3635
+	github.com/mattermost/mattermost-server/v6 v6.0.0-20220923141751-e6c1d23b95e8
 	github.com/nicksnyder/go-i18n/v2 v2.2.0
-	github.com/openfaas/faas-cli v0.0.0-20210705110531-a230119be00f
+	github.com/openfaas/faas-cli v0.0.0-20220822165939-4fe2b3fa248b
 	github.com/pkg/errors v0.9.1
-	github.com/spf13/cobra v1.4.0
-	github.com/stretchr/testify v1.7.2
-	go.uber.org/zap v1.17.0
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
-	golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2
-	google.golang.org/api v0.88.0
+	github.com/spf13/cobra v1.5.0
+	github.com/stretchr/testify v1.8.0
+	go.uber.org/zap v1.23.0
+	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
+	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
+	google.golang.org/api v0.94.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -31,7 +33,7 @@ require (
 	cloud.google.com/go/compute v1.7.0 // indirect
 	cloud.google.com/go/iam v0.3.0 // indirect
 	cloud.google.com/go/storage v1.25.0 // indirect
-	code.sajari.com/docconv v1.2.0 // indirect
+	code.sajari.com/docconv v1.2.1 // indirect
 	github.com/JalfResi/justext v0.0.0-20170829062021-c0282dea7198 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/PuerkitoBio/goquery v1.8.0 // indirect
@@ -43,33 +45,34 @@ require (
 	github.com/avct/uasurfer v0.0.0-20191028135549-26b5daa857f1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
-	github.com/bits-and-blooms/bitset v1.2.2 // indirect
+	github.com/bits-and-blooms/bitset v1.3.0 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/blevesearch/bleve/v2 v2.3.2 // indirect
-	github.com/blevesearch/bleve_index_api v1.0.2 // indirect
+	github.com/blevesearch/bleve/v2 v2.3.4-0.20220810122446-d89c6c0a6873 // indirect
+	github.com/blevesearch/bleve_index_api v1.0.3 // indirect
+	github.com/blevesearch/geo v0.1.14 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
 	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.1.0 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.1.2 // indirect
 	github.com/blevesearch/segment v0.9.0 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.1 // indirect
 	github.com/blevesearch/vellum v1.0.8 // indirect
-	github.com/blevesearch/zapx/v11 v11.3.4 // indirect
-	github.com/blevesearch/zapx/v12 v12.3.4 // indirect
-	github.com/blevesearch/zapx/v13 v13.3.4 // indirect
-	github.com/blevesearch/zapx/v14 v14.3.4 // indirect
-	github.com/blevesearch/zapx/v15 v15.3.4 // indirect
+	github.com/blevesearch/zapx/v11 v11.3.5 // indirect
+	github.com/blevesearch/zapx/v12 v12.3.5 // indirect
+	github.com/blevesearch/zapx/v13 v13.3.5 // indirect
+	github.com/blevesearch/zapx/v14 v14.3.5 // indirect
+	github.com/blevesearch/zapx/v15 v15.3.5-0.20220805051919-e14ad3bf63e7 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/disintegration/imaging v1.6.2 // indirect
-	github.com/drone/envsubst v1.0.2 // indirect
+	github.com/drone/envsubst v1.0.3 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
-	github.com/dyatlov/go-opengraph v0.0.0-20210112100619-dae8665a5b09 // indirect
+	github.com/dyatlov/go-opengraph/opengraph v0.0.0-20220524092352-606d7b1e5f8a // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fatih/set v0.2.1 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
@@ -83,6 +86,7 @@ require (
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
 	github.com/golang-migrate/migrate/v4 v4.15.2 // indirect
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
+	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -99,19 +103,19 @@ require (
 	github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.2.1 // indirect
+	github.com/hashicorp/go-hclog v1.2.2 // indirect
 	github.com/hashicorp/go-plugin v1.4.4 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.2.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.15.6 // indirect
-	github.com/klauspost/cpuid/v2 v2.0.13 // indirect
+	github.com/klauspost/compress v1.15.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.1.0 // indirect
 	github.com/klauspost/pgzip v1.2.5 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
@@ -122,16 +126,16 @@ require (
 	github.com/mattermost/gziphandler v0.0.1 // indirect
 	github.com/mattermost/ldap v0.0.0-20201202150706-ee0e6284187d // indirect
 	github.com/mattermost/logr/v2 v2.0.15 // indirect
-	github.com/mattermost/morph v0.0.0-20220401091636-39f834798da8 // indirect
+	github.com/mattermost/morph v0.0.0-20220804124441-62627668af80 // indirect
 	github.com/mattermost/rsc v0.0.0-20160330161541-bbaefb05eaa0 // indirect
 	github.com/mattermost/squirrel v0.2.0 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
-	github.com/microcosm-cc/bluemonday v1.0.18 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.19 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/minio-go/v7 v7.0.28 // indirect
+	github.com/minio/minio-go/v7 v7.0.34 // indirect
 	github.com/minio/sha256-simd v1.0.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -143,31 +147,31 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/oov/psd v0.0.0-20220121172623-5db5eafcecbb // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/otiai10/gosseract/v2 v2.3.1 // indirect
+	github.com/otiai10/gosseract/v2 v2.4.0 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/philhofer/fwd v1.1.1 // indirect
-	github.com/pierrec/lz4/v4 v4.1.14 // indirect
+	github.com/pierrec/lz4/v4 v4.1.15 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/reflog/dateconstraints v0.2.1 // indirect
 	github.com/richardlehane/mscfb v1.0.4 // indirect
 	github.com/richardlehane/msoleps v1.0.3 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rivo/uniseg v0.3.4 // indirect
 	github.com/rs/cors v1.8.2 // indirect
 	github.com/rs/xid v1.4.0 // indirect
 	github.com/rudderlabs/analytics-go v3.3.2+incompatible // indirect
 	github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3 // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/segmentio/backo-go v1.0.1 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/splitio/go-client/v6 v6.1.0 // indirect
-	github.com/splitio/go-split-commons/v3 v3.1.0 // indirect
-	github.com/splitio/go-toolkit/v4 v4.2.0 // indirect
+	github.com/splitio/go-client/v6 v6.1.7 // indirect
+	github.com/splitio/go-split-commons/v4 v4.1.3 // indirect
+	github.com/splitio/go-toolkit/v5 v5.2.1 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/stretchr/objx v0.4.0 // indirect
 	github.com/throttled/throttled v2.2.5+incompatible // indirect
-	github.com/tidwall/gjson v1.14.1 // indirect
+	github.com/tidwall/gjson v1.14.3 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/tinylib/msgp v1.1.6 // indirect
@@ -176,27 +180,27 @@ require (
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	github.com/wiggin77/merror v1.0.3 // indirect
+	github.com/wiggin77/merror v1.0.4 // indirect
 	github.com/wiggin77/srslog v1.0.1 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
-	github.com/yuin/goldmark v1.4.12 // indirect
+	github.com/yuin/goldmark v1.4.13 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
 	go.opencensus.io v0.23.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.7.0 // indirect
-	golang.org/x/image v0.0.0-20220601225756-64ec528b34cd // indirect
-	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e // indirect
-	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
-	golang.org/x/sys v0.0.0-20220624220833-87e55d714810 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/image v0.0.0-20220722155232-062f8c9fd539 // indirect
+	golang.org/x/net v0.0.0-20220812174116-3211cb980234 // indirect
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
+	golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220720214146-176da50484ac // indirect
+	google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1 // indirect
 	google.golang.org/grpc v1.48.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/ini.v1 v1.66.6 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/mail.v2 v2.3.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect