apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent subscriptions and calls to rooms events that the user is not participating (#12558)

Browse Source
pull/9336/head^2
Marcos Spessatto Defendi 7 years ago committed by Rodrigo Nascimento
parent cecdf706fd
commit 436907bcb7
6 changed files with 23 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      packages/rocketchat-mentions-flextab/server/publications/mentionedMessages.js
  2. 3
      packages/rocketchat-message-pin/server/publications/pinnedMessages.js
  3. 4
      packages/rocketchat-message-snippet/server/publications/snippetedMessage.js
  4. 4
      packages/rocketchat-message-snippet/server/publications/snippetedMessagesByRoom.js
  5. 3
      packages/rocketchat-message-star/server/publications/starredMessages.js
  6. 6
      server/lib/roomFiles.js

3
packages/rocketchat-mentions-flextab/server/publications/mentionedMessages.js
Unescape View File

@ -9,6 +9,9 @@ Meteor.publish('mentionedMessages', function(rid, limit = 50) {
if (!user) {
return this.ready();
}
if (!Meteor.call('canAccessRoom', rid, this.userId)) {
return this.ready();
}
const cursorHandle = RocketChat.models.Messages.findVisibleByMentionAndRoomId(user.username, rid, {
sort: {
ts: -1,

3
packages/rocketchat-message-pin/server/publications/pinnedMessages.js
Unescape View File

@ -10,6 +10,9 @@ Meteor.publish('pinnedMessages', function(rid, limit = 50) {
if (!user) {
return this.ready();
}
if (!Meteor.call('canAccessRoom', rid, this.userId)) {
return this.ready();
}
const cursorHandle = RocketChat.models.Messages.findPinnedByRoom(rid, { sort: { ts: -1 }, limit }).observeChanges({
added(_id, record) {
return publication.added('rocketchat_pinned_message', _id, record);

4
packages/rocketchat-message-snippet/server/publications/snippetedMessage.js
Unescape View File

@ -16,6 +16,10 @@ Meteor.publish('snippetedMessage', function(_id) {
},
};
if (!Meteor.call('canAccessRoom', snippet.rid, this.userId)) {
return this.ready();
}
if (RocketChat.models.Rooms.findOne(roomSnippetQuery) === undefined) {
return this.ready();
}

4
packages/rocketchat-message-snippet/server/publications/snippetedMessagesByRoom.js
Unescape View File

@ -13,6 +13,10 @@ Meteor.publish('snippetedMessages', function(rid, limit = 50) {
return this.ready();
}
if (!Meteor.call('canAccessRoom', rid, this.userId)) {
return this.ready();
}
const cursorHandle = RocketChat.models.Messages.findSnippetedByRoom(
rid,
{

3
packages/rocketchat-message-star/server/publications/starredMessages.js
Unescape View File

@ -9,6 +9,9 @@ Meteor.publish('starredMessages', function(rid, limit = 50) {
if (!user) {
return this.ready();
}
if (!Meteor.call('canAccessRoom', rid, this.userId)) {
return this.ready();
}
const cursorHandle = RocketChat.models.Messages.findStarredByUserAtRoom(this.userId, rid, {
sort: {
ts: -1,

6
server/lib/roomFiles.js
Unescape View File

@ -1,8 +1,14 @@
import { Meteor } from 'meteor/meteor';
export const roomFiles = (pub, { rid, searchText, limit = 50 }) => {
if (!pub.userId) {
return pub.ready();
}
if (!Meteor.call('canAccessRoom', rid, pub.userId)) {
return this.ready();
}
const cursorFileListHandle = RocketChat.models.Uploads.findNotHiddenFilesOfRoom(rid, searchText, limit).observeChanges({
added(_id, record) {
const { username, name } = record.userId ? RocketChat.models.Users.findOneById(record.userId) : {};

Write Preview
Loading…
Cancel
Save