Regression: Ui Kit messaging issues #16513

* Do not show message body for UiKit messages

* Allow app users bypass send message permission validation

* Remove blocks for removed messages

app/authorization/server/functions/canSendMessage.js

@@ -9,10 +9,10 @@ const subscriptionOptions = {
 	},
 };
 
-export const canSendMessageAsync = async (rid, { uid, username }, extraData) => {
+export const canSendMessageAsync = async (rid, { uid, username, type }, extraData) => {
 	const room = await Rooms.findOneById(rid);
 
-	if (!await canAccessRoomAsync(room, { _id: uid, username }, extraData)) {
+	if (type !== 'app' && !await canAccessRoomAsync(room, { _id: uid, username }, extraData)) {
 		throw new Error('error-not-allowed');
 	}
 
@@ -35,4 +35,4 @@ export const canSendMessageAsync = async (rid, { uid, username }, extraData) =>
 	return room;
 };
 
-export const canSendMessage = (rid, { uid, username }, extraData) => Promise.await(canSendMessageAsync(rid, { uid, username }, extraData));
+export const canSendMessage = (rid, { uid, username, type }, extraData) => Promise.await(canSendMessageAsync(rid, { uid, username, type }, extraData));

app/lib/server/functions/deleteMessage.js

@@ -1,10 +1,10 @@
 import { Meteor } from 'meteor/meteor';
 
-import { FileUpload } from '../../../file-upload';
+import { FileUpload } from '../../../file-upload/server';
-import { settings } from '../../../settings';
+import { settings } from '../../../settings/server';
-import { Messages, Uploads, Rooms } from '../../../models';
+import { Messages, Uploads, Rooms } from '../../../models/server';
-import { Notifications } from '../../../notifications';
+import { Notifications } from '../../../notifications/server';
-import { callbacks } from '../../../callbacks';
+import { callbacks } from '../../../callbacks/server';
 import { Apps } from '../../../apps/server';
 
 export const deleteMessage = function(message, user) {

app/lib/server/methods/sendMessage.js

@@ -50,6 +50,7 @@ export function executeSendMessage(uid, message) {
 	const user = Users.findOneById(uid, {
 		fields: {
 			username: 1,
+			type: 1,
 			...!!settings.get('Message_SetNameToAliasEnabled') && { name: 1 },
 		},
 	});
@@ -67,7 +68,7 @@ export function executeSendMessage(uid, message) {
 	}
 
 	try {
-		const room = canSendMessage(rid, { uid, username: user.username });
+		const room = canSendMessage(rid, { uid, username: user.username, type: user.type });
 		if (message.alias == null && settings.get('Message_SetNameToAliasEnabled')) {
 			message.alias = user.name;
 		}

app/models/server/models/Messages.js

@@ -561,6 +561,9 @@ export class Messages extends Base {
 					username: user.username,
 				},
 			},
+			$unset: {
+				blocks: 1,
+			},
 		};
 
 		return this.update(query, update);

app/ui-message/client/message.html

@@ -75,15 +75,16 @@
 					{{#if isSnippet}}
 						<div class="snippet-name">{{_ "Snippet_name"}}: {{snippetName}}</div>
 					{{/if}}
-					{{#if isDecrypting}}
-						<span>******</span>
-					{{else}}
-						{{{body}}}
-					{{/if}}
 					{{#if msg.blocks}}
 						<div class='rc-ui-kit'>
 							{{> Blocks blocks=msg.blocks rid=msg.rid mid=msg._id}}
 						</div>
+					{{else}}
+						{{#if isDecrypting}}
+							<span>******</span>
+						{{else}}
+							{{{body}}}
+						{{/if}}
 					{{/if}}
 				</div>
 			</div>

package-lock.json

@@ -2681,9 +2681,9 @@
 			}
 		},
 		"@rocket.chat/apps-engine": {
-			"version": "1.12.0-beta.2685",
+			"version": "1.12.0-beta.2703",
-			"resolved": "https://registry.npmjs.org/@rocket.chat/apps-engine/-/apps-engine-1.12.0-beta.2685.tgz",
+			"resolved": "https://registry.npmjs.org/@rocket.chat/apps-engine/-/apps-engine-1.12.0-beta.2703.tgz",
-			"integrity": "sha512-T4KbuLtZE3TpbZ+gy5hZ5qel/NyXJZ77fafg0Qv4r3rIlVxig86Eqta5ufIqCUi7qzOaqkNFTWwcswJbyro0eg==",
+			"integrity": "sha512-f0ZAW5ktNRoDKkpCnWbpo2RGYA1IbScM2B2j01v8oslUbQxRvB3/PwkRJz5eAr6afUPNyp4+pfkXWTJ2VPra8Q==",
 			"requires": {
 				"adm-zip": "^0.4.9",
 				"cryptiles": "^4.1.3",

package.json

@@ -122,7 +122,7 @@
 		"@google-cloud/language": "^3.7.0",
 		"@google-cloud/storage": "^2.3.1",
 		"@google-cloud/vision": "^1.8.0",
-		"@rocket.chat/apps-engine": "^1.12.0-beta.2685",
+		"@rocket.chat/apps-engine": "^1.12.0-beta.2703",
 		"@rocket.chat/fuselage": "^0.2.0-alpha.21",
 		"@rocket.chat/fuselage-hooks": "^0.2.0-alpha.21",
 		"@rocket.chat/fuselage-ui-kit": "^0.2.0-dev.88",