diff --git a/apps/meteor/app/api/server/v1/chat.ts b/apps/meteor/app/api/server/v1/chat.ts index 3306a7b693d..7b81301d2e8 100644 --- a/apps/meteor/app/api/server/v1/chat.ts +++ b/apps/meteor/app/api/server/v1/chat.ts @@ -4,7 +4,7 @@ import { Messages, Users, Rooms, Subscriptions } from '@rocket.chat/models'; import { escapeRegExp } from '@rocket.chat/string-helpers'; import type { IMessage } from '@rocket.chat/core-typings'; -import { canAccessRoomId, roomAccessAttributes } from '../../../authorization/server'; +import { roomAccessAttributes } from '../../../authorization/server'; import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser'; import { API } from '../api'; @@ -13,7 +13,7 @@ import { settings } from '../../../settings/server'; import { executeSetReaction } from '../../../reactions/server/setReaction'; import { findDiscussionsFromRoom, findMentionedMessages, findStarredMessages } from '../lib/messages'; import { executeSendMessage } from '../../../lib/server/methods/sendMessage'; -import { canAccessRoomAsync } from '../../../authorization/server/functions/canAccessRoom'; +import { canAccessRoomAsync, canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; API.v1.addRoute( 'chat.delete', @@ -452,7 +452,7 @@ API.v1.addRoute( throw new Meteor.Error('error-roomId-param-not-provided', 'The required "roomId" query param is missing.'); } - if (!canAccessRoomId(roomId, this.userId)) { + if (!(await canAccessRoomIdAsync(roomId, this.userId))) { throw new Meteor.Error('error-not-allowed', 'Not allowed'); } diff --git a/apps/meteor/app/api/server/v1/commands.ts b/apps/meteor/app/api/server/v1/commands.ts index 1650e144d9d..b2de64010ff 100644 --- a/apps/meteor/app/api/server/v1/commands.ts +++ b/apps/meteor/app/api/server/v1/commands.ts @@ -4,7 +4,7 @@ import objectPath from 'object-path'; import { slashCommands } from '../../../utils/server'; import { Messages } from '../../../models/server'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { API } from '../api'; API.v1.addRoute( @@ -194,7 +194,7 @@ API.v1.addRoute( return API.v1.failure('The command provided does not exist (or is disabled).'); } - if (!canAccessRoomId(body.roomId, this.userId)) { + if (!(await canAccessRoomIdAsync(body.roomId, this.userId))) { return API.v1.unauthorized(); } @@ -248,7 +248,7 @@ API.v1.addRoute( return API.v1.failure('The command provided does not exist (or is disabled).'); } - if (!canAccessRoomId(query.roomId, user._id)) { + if (!(await canAccessRoomIdAsync(query.roomId, user._id))) { return API.v1.unauthorized(); } @@ -264,7 +264,7 @@ API.v1.addRoute( }, // Expects a body format of: { command: 'giphy', params: 'mine', roomId: 'value', tmid: 'value', triggerId: 'value', previewItem: { id: 'sadf8' type: 'image', value: 'https://dev.null/gif' } } - post() { + async post() { const body = this.bodyParams; if (typeof body.command !== 'string') { @@ -300,7 +300,7 @@ API.v1.addRoute( return API.v1.failure('The command provided does not exist (or is disabled).'); } - if (!canAccessRoomId(body.roomId, this.userId)) { + if (!(await canAccessRoomIdAsync(body.roomId, this.userId))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/rooms.ts b/apps/meteor/app/api/server/v1/rooms.ts index 3fcc9ac5307..83ec3f7c081 100644 --- a/apps/meteor/app/api/server/v1/rooms.ts +++ b/apps/meteor/app/api/server/v1/rooms.ts @@ -6,7 +6,7 @@ import type { IRoom } from '@rocket.chat/core-typings'; import { Media } from '@rocket.chat/core-services'; import { API } from '../api'; -import { canAccessRoomAsync, canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomAsync, canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { getUploadFormData } from '../lib/getUploadFormData'; import { settings } from '../../../settings/server'; @@ -136,7 +136,7 @@ API.v1.addRoute( { authRequired: true }, { async post() { - if (!(await canAccessRoomId(this.urlParams.rid, this.userId))) { + if (!(await canAccessRoomIdAsync(this.urlParams.rid, this.userId))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/authorization/server/functions/canAccessRoom.ts b/apps/meteor/app/authorization/server/functions/canAccessRoom.ts index 84568eda68d..9a20cda8dff 100644 --- a/apps/meteor/app/authorization/server/functions/canAccessRoom.ts +++ b/apps/meteor/app/authorization/server/functions/canAccessRoom.ts @@ -1,5 +1,4 @@ import { Authorization } from '@rocket.chat/core-services'; -import type { IAuthorization } from '@rocket.chat/core-services'; export const canAccessRoomAsync = Authorization.canAccessRoom; export const canAccessRoomIdAsync = Authorization.canAccessRoomId; @@ -9,8 +8,3 @@ export const roomAccessAttributes = { teamId: 1, prid: 1, }; - -/* deprecated */ -export const canAccessRoom = (...args: Parameters): boolean => Promise.await(canAccessRoomAsync(...args)); -export const canAccessRoomId = (...args: Parameters): boolean => - Promise.await(canAccessRoomIdAsync(...args)); diff --git a/apps/meteor/app/authorization/server/index.js b/apps/meteor/app/authorization/server/index.js index 57e23aeb676..a7f1c2c1a54 100644 --- a/apps/meteor/app/authorization/server/index.js +++ b/apps/meteor/app/authorization/server/index.js @@ -1,4 +1,4 @@ -import { canAccessRoomId, roomAccessAttributes, canAccessRoomAsync } from './functions/canAccessRoom'; +import { roomAccessAttributes, canAccessRoomAsync } from './functions/canAccessRoom'; import { canSendMessage } from './functions/canSendMessage'; import { getRoles } from './functions/getRoles'; import { getUsersInRole } from './functions/getUsersInRole'; @@ -18,7 +18,6 @@ export { subscriptionHasRole, canSendMessage, canAccessRoomAsync, - canAccessRoomId, roomAccessAttributes, hasAllPermission, hasAtLeastOnePermission, diff --git a/apps/meteor/app/e2e/server/methods/getUsersOfRoomWithoutKey.ts b/apps/meteor/app/e2e/server/methods/getUsersOfRoomWithoutKey.ts index d59a8342bf9..be010f6e31e 100644 --- a/apps/meteor/app/e2e/server/methods/getUsersOfRoomWithoutKey.ts +++ b/apps/meteor/app/e2e/server/methods/getUsersOfRoomWithoutKey.ts @@ -3,7 +3,7 @@ import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { IRoom, ISubscription, IUser } from '@rocket.chat/core-typings'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { Subscriptions, Users } from '../../../models/server'; declare module '@rocket.chat/ui-contexts' { @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - 'e2e.getUsersOfRoomWithoutKey'(rid) { + async 'e2e.getUsersOfRoomWithoutKey'(rid) { check(rid, String); const userId = Meteor.userId(); @@ -30,7 +30,7 @@ Meteor.methods({ }); } - if (!canAccessRoomId(rid, userId)) { + if (!(await canAccessRoomIdAsync(rid, userId))) { throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'e2e.getUsersOfRoomWithoutKey' }); } diff --git a/apps/meteor/app/e2e/server/methods/setRoomKeyID.ts b/apps/meteor/app/e2e/server/methods/setRoomKeyID.ts index ab30d615f43..999da500fba 100644 --- a/apps/meteor/app/e2e/server/methods/setRoomKeyID.ts +++ b/apps/meteor/app/e2e/server/methods/setRoomKeyID.ts @@ -3,7 +3,7 @@ import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { IRoom } from '@rocket.chat/core-typings'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { Rooms } from '../../../models/server'; declare module '@rocket.chat/ui-contexts' { @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - 'e2e.setRoomKeyID'(rid, keyID) { + async 'e2e.setRoomKeyID'(rid, keyID) { check(rid, String); check(keyID, String); @@ -27,7 +27,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'e2e.setRoomKeyID' }); } - if (!canAccessRoomId(rid, userId)) { + if (!(await canAccessRoomIdAsync(rid, userId))) { throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'e2e.setRoomKeyID' }); } diff --git a/apps/meteor/app/lib/server/methods/getMessages.ts b/apps/meteor/app/lib/server/methods/getMessages.ts index 90f6b3e0175..2a06535fac1 100644 --- a/apps/meteor/app/lib/server/methods/getMessages.ts +++ b/apps/meteor/app/lib/server/methods/getMessages.ts @@ -4,7 +4,7 @@ import type { IMessage } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Messages } from '@rocket.chat/models'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -23,9 +23,9 @@ Meteor.methods({ } const msgs = await Messages.findVisibleByIds(messages).toArray(); - const rids = [...new Set(msgs.map((m) => m.rid))]; + const rids = await Promise.all([...new Set(msgs.map((m) => m.rid))].map((_id) => canAccessRoomIdAsync(_id, uid))); - if (!rids.every((_id) => canAccessRoomId(_id, uid))) { + if (!rids.every(Boolean)) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'getSingleMessage' }); } diff --git a/apps/meteor/app/lib/server/methods/getSingleMessage.ts b/apps/meteor/app/lib/server/methods/getSingleMessage.ts index 4fd1f6d6769..9601f5c6142 100644 --- a/apps/meteor/app/lib/server/methods/getSingleMessage.ts +++ b/apps/meteor/app/lib/server/methods/getSingleMessage.ts @@ -3,7 +3,7 @@ import { check } from 'meteor/check'; import type { IMessage } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { Messages } from '../../../models/server'; declare module '@rocket.chat/ui-contexts' { @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - getSingleMessage(mid) { + async getSingleMessage(mid) { check(mid, String); const uid = Meteor.userId(); @@ -29,7 +29,7 @@ Meteor.methods({ return undefined; } - if (!canAccessRoomId(msg.rid, uid)) { + if (!(await canAccessRoomIdAsync(msg.rid, uid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'getSingleMessage' }); } diff --git a/apps/meteor/app/threads/server/methods/followMessage.ts b/apps/meteor/app/threads/server/methods/followMessage.ts index 84156e572da..fdedb0acd67 100644 --- a/apps/meteor/app/threads/server/methods/followMessage.ts +++ b/apps/meteor/app/threads/server/methods/followMessage.ts @@ -6,7 +6,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Messages } from '../../../models/server'; import { RateLimiter } from '../../../lib/server'; import { settings } from '../../../settings/server'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { follow } from '../functions'; import { Apps, AppEvents } from '../../../../ee/server/apps/orchestrator'; @@ -37,7 +37,7 @@ Meteor.methods({ }); } - if (!canAccessRoomId(message.rid, uid)) { + if (!(await canAccessRoomIdAsync(message.rid, uid))) { throw new Meteor.Error('error-not-allowed', 'not-allowed', { method: 'followMessage' }); } diff --git a/apps/meteor/app/threads/server/methods/unfollowMessage.ts b/apps/meteor/app/threads/server/methods/unfollowMessage.ts index 92271eff8b6..46aa653fc41 100644 --- a/apps/meteor/app/threads/server/methods/unfollowMessage.ts +++ b/apps/meteor/app/threads/server/methods/unfollowMessage.ts @@ -6,7 +6,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Messages } from '../../../models/server'; import { RateLimiter } from '../../../lib/server'; import { settings } from '../../../settings/server'; -import { canAccessRoomId } from '../../../authorization/server'; +import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; import { unfollow } from '../functions'; import { Apps, AppEvents } from '../../../../ee/server/apps/orchestrator'; @@ -37,7 +37,7 @@ Meteor.methods({ }); } - if (!canAccessRoomId(message.rid, uid)) { + if (!(await canAccessRoomIdAsync(message.rid, uid))) { throw new Meteor.Error('error-not-allowed', 'not-allowed', { method: 'unfollowMessage' }); } diff --git a/apps/meteor/ee/server/methods/getReadReceipts.ts b/apps/meteor/ee/server/methods/getReadReceipts.ts index 9aba6b09efe..1d5690cb17c 100644 --- a/apps/meteor/ee/server/methods/getReadReceipts.ts +++ b/apps/meteor/ee/server/methods/getReadReceipts.ts @@ -4,7 +4,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { ReadReceipt as ReadReceiptType, IMessage } from '@rocket.chat/core-typings'; import { Messages } from '../../../app/models/server'; -import { canAccessRoomId } from '../../../app/authorization/server'; +import { canAccessRoomIdAsync } from '../../../app/authorization/server/functions/canAccessRoom'; import { hasLicense } from '../../app/license/server/license'; import { ReadReceipt } from '../lib/message-read-receipt/ReadReceipt'; @@ -16,7 +16,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - getReadReceipts({ messageId }) { + async getReadReceipts({ messageId }) { if (!hasLicense('message-read-receipt')) { throw new Meteor.Error('error-action-not-allowed', 'This is an enterprise feature', { method: 'getReadReceipts' }); } @@ -40,7 +40,7 @@ Meteor.methods({ }); } - if (!canAccessRoomId(message.rid, uid)) { + if (!(await canAccessRoomIdAsync(message.rid, uid))) { throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'getReadReceipts' }); } diff --git a/apps/meteor/server/methods/loadMissedMessages.ts b/apps/meteor/server/methods/loadMissedMessages.ts index 26da0abb121..c75e1667b19 100644 --- a/apps/meteor/server/methods/loadMissedMessages.ts +++ b/apps/meteor/server/methods/loadMissedMessages.ts @@ -4,7 +4,7 @@ import type { IMessage, IRoom } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Messages } from '@rocket.chat/models'; -import { canAccessRoomId } from '../../app/authorization/server'; +import { canAccessRoomIdAsync } from '../../app/authorization/server/functions/canAccessRoom'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -24,7 +24,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'getUsersOfRoom' }); } - if (!canAccessRoomId(rid, fromId)) { + if (!(await canAccessRoomIdAsync(rid, fromId))) { return false; } diff --git a/apps/meteor/server/methods/loadNextMessages.ts b/apps/meteor/server/methods/loadNextMessages.ts index 077eb73ebd0..68627852f78 100644 --- a/apps/meteor/server/methods/loadNextMessages.ts +++ b/apps/meteor/server/methods/loadNextMessages.ts @@ -4,7 +4,7 @@ import type { IMessage, IRoom } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Messages } from '@rocket.chat/models'; -import { canAccessRoomId } from '../../app/authorization/server'; +import { canAccessRoomIdAsync } from '../../app/authorization/server/functions/canAccessRoom'; import { normalizeMessagesForUser } from '../../app/utils/server/lib/normalizeMessagesForUser'; declare module '@rocket.chat/ui-contexts' { @@ -31,7 +31,7 @@ Meteor.methods({ const fromId = Meteor.userId(); - if (!fromId || !canAccessRoomId(rid, fromId)) { + if (!fromId || !(await canAccessRoomIdAsync(rid, fromId))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'loadNextMessages' }); } diff --git a/apps/meteor/server/methods/loadSurroundingMessages.ts b/apps/meteor/server/methods/loadSurroundingMessages.ts index 78464bc55f0..1b6d2d72dd7 100644 --- a/apps/meteor/server/methods/loadSurroundingMessages.ts +++ b/apps/meteor/server/methods/loadSurroundingMessages.ts @@ -5,7 +5,7 @@ import type { IMessage } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Messages } from '@rocket.chat/models'; -import { canAccessRoomId } from '../../app/authorization/server'; +import { canAccessRoomIdAsync } from '../../app/authorization/server/functions/canAccessRoom'; import { normalizeMessagesForUser } from '../../app/utils/server/lib/normalizeMessagesForUser'; declare module '@rocket.chat/ui-contexts' { @@ -47,7 +47,7 @@ Meteor.methods({ return false; } - if (!canAccessRoomId(mainMessage.rid, fromId)) { + if (!(await canAccessRoomIdAsync(mainMessage.rid, fromId))) { return false; } diff --git a/apps/meteor/server/methods/messageSearch.ts b/apps/meteor/server/methods/messageSearch.ts index 6161a560470..b5504f87654 100644 --- a/apps/meteor/server/methods/messageSearch.ts +++ b/apps/meteor/server/methods/messageSearch.ts @@ -4,7 +4,7 @@ import { Messages } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { ISubscription, IUser } from '@rocket.chat/core-typings'; -import { canAccessRoomId } from '../../app/authorization/server'; +import { canAccessRoomIdAsync } from '../../app/authorization/server/functions/canAccessRoom'; import { Subscriptions } from '../../app/models/server'; import { settings } from '../../app/settings/server'; import { readSecondaryPreferred } from '../database/readSecondaryPreferred'; @@ -34,7 +34,7 @@ Meteor.methods({ // Don't process anything else if the user can't access the room if (rid) { - if (!canAccessRoomId(rid, currentUserId)) { + if (!(await canAccessRoomIdAsync(rid, currentUserId))) { return false; } } else if (settings.get('Search.defaultProvider.GlobalSearchEnabled') !== true) { diff --git a/apps/meteor/server/publications/messages.ts b/apps/meteor/server/publications/messages.ts index a1952ac4060..66da43c8a6d 100644 --- a/apps/meteor/server/publications/messages.ts +++ b/apps/meteor/server/publications/messages.ts @@ -4,7 +4,7 @@ import { Messages } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { IMessage, IRoom } from '@rocket.chat/core-typings'; -import { canAccessRoomId } from '../../app/authorization/server'; +import { canAccessRoomIdAsync } from '../../app/authorization/server/functions/canAccessRoom'; import { Messages as MessagesSync } from '../../app/models/server'; declare module '@rocket.chat/ui-contexts' { @@ -36,7 +36,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'messages/get' }); } - if (!canAccessRoomId(rid, fromId)) { + if (!(await canAccessRoomIdAsync(rid, fromId))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'messages/get', });