Regression: Ui Kit messaging issues #16513

* Do not show message body for UiKit messages

* Allow app users bypass send message permission validation

* Remove blocks for removed messages
pull/16514/head^2
Diego Sampaio 5 years ago committed by GitHub
parent 762c4e9155
commit 25f01ea679
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 6
      app/authorization/server/functions/canSendMessage.js
  2. 10
      app/lib/server/functions/deleteMessage.js
  3. 3
      app/lib/server/methods/sendMessage.js
  4. 3
      app/models/server/models/Messages.js
  5. 11
      app/ui-message/client/message.html
  6. 6
      package-lock.json
  7. 2
      package.json

@ -9,10 +9,10 @@ const subscriptionOptions = {
},
};
export const canSendMessageAsync = async (rid, { uid, username }, extraData) => {
export const canSendMessageAsync = async (rid, { uid, username, type }, extraData) => {
const room = await Rooms.findOneById(rid);
if (!await canAccessRoomAsync(room, { _id: uid, username }, extraData)) {
if (type !== 'app' && !await canAccessRoomAsync(room, { _id: uid, username }, extraData)) {
throw new Error('error-not-allowed');
}
@ -35,4 +35,4 @@ export const canSendMessageAsync = async (rid, { uid, username }, extraData) =>
return room;
};
export const canSendMessage = (rid, { uid, username }, extraData) => Promise.await(canSendMessageAsync(rid, { uid, username }, extraData));
export const canSendMessage = (rid, { uid, username, type }, extraData) => Promise.await(canSendMessageAsync(rid, { uid, username, type }, extraData));

@ -1,10 +1,10 @@
import { Meteor } from 'meteor/meteor';
import { FileUpload } from '../../../file-upload';
import { settings } from '../../../settings';
import { Messages, Uploads, Rooms } from '../../../models';
import { Notifications } from '../../../notifications';
import { callbacks } from '../../../callbacks';
import { FileUpload } from '../../../file-upload/server';
import { settings } from '../../../settings/server';
import { Messages, Uploads, Rooms } from '../../../models/server';
import { Notifications } from '../../../notifications/server';
import { callbacks } from '../../../callbacks/server';
import { Apps } from '../../../apps/server';
export const deleteMessage = function(message, user) {

@ -50,6 +50,7 @@ export function executeSendMessage(uid, message) {
const user = Users.findOneById(uid, {
fields: {
username: 1,
type: 1,
...!!settings.get('Message_SetNameToAliasEnabled') && { name: 1 },
},
});
@ -67,7 +68,7 @@ export function executeSendMessage(uid, message) {
}
try {
const room = canSendMessage(rid, { uid, username: user.username });
const room = canSendMessage(rid, { uid, username: user.username, type: user.type });
if (message.alias == null && settings.get('Message_SetNameToAliasEnabled')) {
message.alias = user.name;
}

@ -561,6 +561,9 @@ export class Messages extends Base {
username: user.username,
},
},
$unset: {
blocks: 1,
},
};
return this.update(query, update);

@ -75,15 +75,16 @@
{{#if isSnippet}}
<div class="snippet-name">{{_ "Snippet_name"}}: {{snippetName}}</div>
{{/if}}
{{#if isDecrypting}}
<span>******</span>
{{else}}
{{{body}}}
{{/if}}
{{#if msg.blocks}}
<div class='rc-ui-kit'>
{{> Blocks blocks=msg.blocks rid=msg.rid mid=msg._id}}
</div>
{{else}}
{{#if isDecrypting}}
<span>******</span>
{{else}}
{{{body}}}
{{/if}}
{{/if}}
</div>
</div>

6
package-lock.json generated

@ -2681,9 +2681,9 @@
}
},
"@rocket.chat/apps-engine": {
"version": "1.12.0-beta.2685",
"resolved": "https://registry.npmjs.org/@rocket.chat/apps-engine/-/apps-engine-1.12.0-beta.2685.tgz",
"integrity": "sha512-T4KbuLtZE3TpbZ+gy5hZ5qel/NyXJZ77fafg0Qv4r3rIlVxig86Eqta5ufIqCUi7qzOaqkNFTWwcswJbyro0eg==",
"version": "1.12.0-beta.2703",
"resolved": "https://registry.npmjs.org/@rocket.chat/apps-engine/-/apps-engine-1.12.0-beta.2703.tgz",
"integrity": "sha512-f0ZAW5ktNRoDKkpCnWbpo2RGYA1IbScM2B2j01v8oslUbQxRvB3/PwkRJz5eAr6afUPNyp4+pfkXWTJ2VPra8Q==",
"requires": {
"adm-zip": "^0.4.9",
"cryptiles": "^4.1.3",

@ -122,7 +122,7 @@
"@google-cloud/language": "^3.7.0",
"@google-cloud/storage": "^2.3.1",
"@google-cloud/vision": "^1.8.0",
"@rocket.chat/apps-engine": "^1.12.0-beta.2685",
"@rocket.chat/apps-engine": "^1.12.0-beta.2703",
"@rocket.chat/fuselage": "^0.2.0-alpha.21",
"@rocket.chat/fuselage-hooks": "^0.2.0-alpha.21",
"@rocket.chat/fuselage-ui-kit": "^0.2.0-dev.88",

Loading…
Cancel
Save