apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The communications platform that puts data protection first.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7340 Commits
706 Branches
1176 Tags
2.1 GiB
Tag: Branch: Tree: a2d250412e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a2d250412e'
${ noResults }
Rocket.Chat/client/methods/deleteMessage.coffee

25 lines
835 B
Raw Normal View History Unescape

Fix message deletion and fix render of previous message
11 years ago
Meteor.methods
deleteMessage: (message) ->
if not Meteor.userId()
Change meteor error (#2969) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root
10 years ago
return false
Fix message deletion and fix render of previous message
11 years ago
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution.
10 years ago
hasPermission = RocketChat.authz.hasAtLeastOnePermission('delete-message', message.rid)
deleteAllowed = RocketChat.settings.get 'Message_AllowDeleting'
deleteOwn = message?.u?._id is Meteor.userId()
unless hasPermission or (deleteAllowed and deleteOwn)
Change meteor error (#2969) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root
10 years ago
return false
Check for settings allowing/forbidding editing/deleting messages
11 years ago
Close #2829 Add setting for blocking message exclusion (#2933)
10 years ago
blockDeleteInMinutes = RocketChat.settings.get 'Message_AllowDeleting_BlockDeleteInMinutes'
if blockDeleteInMinutes? and blockDeleteInMinutes isnt 0
msgTs = moment(message.ts) if message.ts?
currentTsDiff = moment().diff(msgTs, 'minutes') if msgTs?
if currentTsDiff > blockDeleteInMinutes
Change meteor error (#2969) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root
10 years ago
toastr.error t('error-message-deleting-blocked')
return false
Create RocketChat authorization package that handles role and permission based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution.
10 years ago
Fix message deletion and fix render of previous message
11 years ago
Tracker.nonreactive ->
ChatMessage.remove
_id: message._id
'u._id': Meteor.userId()