Rocket.Chat/packages/rocketchat-authorization/server/methods/addUserToRole.coffee

Meteor.methods
	'authorization:addUserToRole': (roleName, username, scope) ->
		if not Meteor.userId() or not RocketChat.authz.hasPermission Meteor.userId(), 'access-permissions'
			throw new Meteor.Error "error-action-not-allowed", "Accessing permissions is not allowed", { method: 'authorization:addUserToRole', action: 'Accessing_permissions' }

		if not roleName or not _.isString(roleName) or not username or not _.isString(username)
			throw new Meteor.Error 'error-invalid-arguments', 'Invalid arguments', { method: 'authorization:addUserToRole' }

		if roleName is 'admin' and not RocketChat.authz.hasPermission Meteor.userId(), 'assign-admin-role'
			throw new Meteor.Error 'error-action-not-allowed', 'Assigning admin is not allowed', { method: 'insertOrUpdateUser', action: 'Assign_admin' }

		user = RocketChat.models.Users.findOneByUsername username, { fields: { _id: 1 } }

		if not user?._id?
			throw new Meteor.Error 'error-invalid-user', 'Invalid user', { method: 'authorization:addUserToRole' }

		add = RocketChat.models.Roles.addUserRoles user._id, roleName, scope

		if RocketChat.settings.get('UI_DisplayRoles')
			RocketChat.Notifications.notifyAll('roles-change', { type: 'added', _id: roleName, u: { _id: user._id, username: username }, scope: scope });

		return add
editing roles 10 years ago			`Meteor.methods`
Rework 10 years ago			`'authorization:addUserToRole': (roleName, username, scope) ->`
permissions renaming 10 years ago			`if not Meteor.userId() or not RocketChat.authz.hasPermission Meteor.userId(), 'access-permissions'`
Change meteor error (#2969) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root 10 years ago			`throw new Meteor.Error "error-action-not-allowed", "Accessing permissions is not allowed", { method: 'authorization:addUserToRole', action: 'Accessing_permissions' }`
editing roles 10 years ago
			`if not roleName or not _.isString(roleName) or not username or not _.isString(username)`
Change meteor error (#2969) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root 10 years ago			`throw new Meteor.Error 'error-invalid-arguments', 'Invalid arguments', { method: 'authorization:addUserToRole' }`
editing roles 10 years ago
Prevent last admin removal (#3971) * More admin checks # Conflicts: # packages/rocketchat-lib/server/methods/insertOrUpdateUser.coffee * missing server side validation # Conflicts: # packages/rocketchat-ui-flextab/flex-tab/tabs/userEdit.coffee * Remove last admin check for removeUserFromRoom * Move and fix last admin check for role removal Check was on change admin status method, but that didn’t catch direct removal of user from role admin view. * Fix last admin check for insert/update/delete user Was checking if only one admin but not if the updated user was admin, preventing all updates. * Allow translation of last admin error * Fix assigning admin permission bypass 10 years ago			`if roleName is 'admin' and not RocketChat.authz.hasPermission Meteor.userId(), 'assign-admin-role'`
			`throw new Meteor.Error 'error-action-not-allowed', 'Assigning admin is not allowed', { method: 'insertOrUpdateUser', action: 'Assign_admin' }`

Rework 10 years ago			`user = RocketChat.models.Users.findOneByUsername username, { fields: { _id: 1 } }`
editing roles 10 years ago
			`if not user?._id?`
Change meteor error (#2969) * Add function to handle errors * Delete message errors * handle error for hideRoom * Allow returning error instead of calling toastr.error * Handle error for leaveRoom * handle error for openRoom * handleError for toggleFavorite * handleError in updateMessage * error for samlLogout * handleError for assets * Add global handleError to eslint * handleError for addOAuthService * handleError: getUserRoles * handleError: insertOrUpdateUsere * handleError: messageDeleting * handleError: removeUserFromRoles * handleError: addPermissionToRole * handleError: addUserToRole * handleError: deleteRole * handleError: removeRoleFromPermission * handleError: removeUserFromRole * handleError: saveRole * Return ready on publish without permission * handleError: channel-settings * handleError: mailMessages * handleError: fileUpload * handleError: rocketchat-importer * handleError: addIncomingIntegration * handleError: deleteIncomingIntegration * handleError: updateIncomingIntegration * handleError: addOutgoingIntegration * handleError: deleteOutgoingIntegration * handleError: updateOutgoingIntegration * Return ready on publish without permission * handleError ldap * remove throw from client code * handleError: setEmail, slashCommand * Sort en.i18n.json * Google translated languages * Use correct error return from publishes * RateLimiter.limitFunction * Fix order of error "500" * handleError validateEmailDomain * handleError channelSettings; settings * handleError livechat * handleError: Mailer.sendMail * handleError pinMessage and unpinMessage * handleError messageStarring * handleError oauth apps * handleError: saveNotificationSettings * handleError getRoomRoles * handleError: createDirectMessage * handleError saveUserPreferences * handleError: saveUserProfile * handleError sendConfirmationEmail * Add ecmascript to root 10 years ago			`throw new Meteor.Error 'error-invalid-user', 'Invalid user', { method: 'authorization:addUserToRole' }`
editing roles 10 years ago
Notify role change after DB operation 10 years ago			`add = RocketChat.models.Roles.addUserRoles user._id, roleName, scope`

Closes #2950 Add setting to disable displaying role tags 10 years ago			`if RocketChat.settings.get('UI_DisplayRoles')`
			`RocketChat.Notifications.notifyAll('roles-change', { type: 'added', _id: roleName, u: { _id: user._id, username: username }, scope: scope });`
Close #2378 Add role tags (#2858) * Room Roles * Replace arunoda:streams by rocketchat:streamer * Getting user roles * Add stream notifications for adding/removing user and room roles * Fix event broadcast * Update version of rocketchat:streamer to 0.2.0 * Call subscribe after adding user to role * Update rocketchat:streamer to version 0.3.0 * Notify broadcast * Notify and broadcast as default * Update rocketchat:streamer to version 0.3.1 * Update rocketchat:streamer to 0.3.2 * Improve broadcast auth * Fix LiveChat Streamer 10 years ago
Notify role change after DB operation 10 years ago			`return add`