Rocket.Chat/server/startup/initialData.coffee

Meteor.startup ->
	Meteor.defer ->

		if not RocketChat.models.Rooms.findOneByName('general')?
			RocketChat.models.Rooms.createWithIdTypeAndName 'GENERAL', 'c', 'general',
				default: true

		if process.env.ADMIN_EMAIL? and process.env.ADMIN_PASS?
			re = /^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i
			if re.test process.env.ADMIN_EMAIL
				if _.isEmpty(RocketChat.authz.getUsersInRole( 'admin' ).fetch())
					if not RocketChat.models.Users.findOneByEmailAddress process.env.ADMIN_EMAIL
						console.log 'Inserting admin user'.red
						console.log "email: #{process.env.ADMIN_EMAIL} | password: #{process.env.ADMIN_PASS}".red

						id = RocketChat.models.Users.create
							emails: [
								address: process.env.ADMIN_EMAIL
								verified: true
							],
							name: 'Admin'

						Accounts.setPassword id, process.env.ADMIN_PASS
						RocketChat.authz.addUsersToRoles( id, 'admin')

					else
						console.log 'E-mail exists; ignoring environment variables ADMIN_EMAIL and ADMIN_PASS'.red
				else
					console.log 'Admin user exists; ignoring environment variables ADMIN_EMAIL and ADMIN_PASS'.red
			else
				console.log 'E-mail provided is invalid; ignoring environment variables ADMIN_EMAIL and ADMIN_PASS'.red

		# Set oldest user as admin, if none exists yet
		if _.isEmpty( RocketChat.authz.getUsersInRole( 'admin' ).fetch())
			# get oldest user
			oldestUser = RocketChat.models.Users.findOne({}, { fields: { username: 1 }, sort: {createdAt: 1}})
			if oldestUser
				RocketChat.authz.addUsersToRoles( oldestUser._id, 'admin')
				console.log "No admins are found. Set #{oldestUser.username} as admin for being the oldest user"
Init app with user admin 11 years ago			`Meteor.startup ->`
fixing migration issues 11 years ago			`Meteor.defer ->`
First attempt at cron 10 years ago
Replace all ChatRoom.findOne 10 years ago			`if not RocketChat.models.Rooms.findOneByName('general')?`
Replace all ChatRoom.insert 10 years ago			`RocketChat.models.Rooms.createWithIdTypeAndName 'GENERAL', 'c', 'general',`
Create channel 'GENERAL' as default channel 11 years ago			`default: true`
fixing migration issues 11 years ago
Replace all Meteor.users.findOne 10 years ago			`if process.env.ADMIN_EMAIL? and process.env.ADMIN_PASS?`
Add admin user based on ADMIN_EMAIL and ADMIN_PASS if admin user doesn't exist 11 years ago			`re = /^([\w-]+(?:\.[\w-]+))@((?:[\w-]+\.)\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i`
			`if re.test process.env.ADMIN_EMAIL`
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution. 10 years ago			`if _.isEmpty(RocketChat.authz.getUsersInRole( 'admin' ).fetch())`
Replace all Meteor.users.findOne 10 years ago			`if not RocketChat.models.Users.findOneByEmailAddress process.env.ADMIN_EMAIL`
Add admin user based on ADMIN_EMAIL and ADMIN_PASS if admin user doesn't exist 11 years ago			`console.log 'Inserting admin user'.red`
			`console.log "email: #{process.env.ADMIN_EMAIL} \| password: #{process.env.ADMIN_PASS}".red`
fixing migration issues 11 years ago
Replace all Meteor.users.insert 10 years ago			`id = RocketChat.models.Users.create`
Add admin user based on ADMIN_EMAIL and ADMIN_PASS if admin user doesn't exist 11 years ago			`emails: [`
			`address: process.env.ADMIN_EMAIL`
			`verified: true`
			`],`
			`name: 'Admin'`
Init app with user admin 11 years ago
Add admin user based on ADMIN_EMAIL and ADMIN_PASS if admin user doesn't exist 11 years ago			`Accounts.setPassword id, process.env.ADMIN_PASS`
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution. 10 years ago			`RocketChat.authz.addUsersToRoles( id, 'admin')`

Add admin user based on ADMIN_EMAIL and ADMIN_PASS if admin user doesn't exist 11 years ago			`else`
			`console.log 'E-mail exists; ignoring environment variables ADMIN_EMAIL and ADMIN_PASS'.red`
			`else`
			`console.log 'Admin user exists; ignoring environment variables ADMIN_EMAIL and ADMIN_PASS'.red`
			`else`
Always set oldest user as admin when no admins are found. 10 years ago			`console.log 'E-mail provided is invalid; ignoring environment variables ADMIN_EMAIL and ADMIN_PASS'.red`

			`# Set oldest user as admin, if none exists yet`
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution. 10 years ago			`if _.isEmpty( RocketChat.authz.getUsersInRole( 'admin' ).fetch())`
Always set oldest user as admin when no admins are found. 10 years ago			`# get oldest user`
Replace all Meteor.users.findOne 10 years ago			`oldestUser = RocketChat.models.Users.findOne({}, { fields: { username: 1 }, sort: {createdAt: 1}})`
Always set oldest user as admin when no admins are found. 10 years ago			`if oldestUser`
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution. 10 years ago			`RocketChat.authz.addUsersToRoles( oldestUser._id, 'admin')`
Always set oldest user as admin when no admins are found. 10 years ago			`console.log "No admins are found. Set #{oldestUser.username} as admin for being the oldest user"`