fix: Moderators with `Bypass Time limits` permission cannot edit messages (#32376)

2 years ago · 62d4b27ea3
parent a3e4c06b51
commit 62d4b27ea3
7 changed files with 12 additions and 7 deletions
--- a/.changeset/eighty-wasps-kneel.md
+++ b/.changeset/eighty-wasps-kneel.md
@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed an issue with how the UI checked for permissions when deciding if editing or deleting a message by moderators users
--- a/apps/meteor/app/authorization/server/functions/canDeleteMessage.ts
+++ b/apps/meteor/app/authorization/server/functions/canDeleteMessage.ts
@ -34,7 +34,7 @@ export const canDeleteMessageAsync = async (
 	if (!allowed) {
 		return false;
 	}
-	const bypassBlockTimeLimit = await hasPermissionAsync(uid, 'bypass-time-limit-edit-and-delete');
+	const bypassBlockTimeLimit = await hasPermissionAsync(uid, 'bypass-time-limit-edit-and-delete', rid);

 	if (!bypassBlockTimeLimit) {
 		const blockDeleteInMinutes = await getValue('Message_AllowDeleting_BlockDeleteInMinutes');
--- a/apps/meteor/app/lib/server/methods/updateMessage.ts
+++ b/apps/meteor/app/lib/server/methods/updateMessage.ts
@ -53,7 +53,7 @@ export async function executeUpdateMessage(uid: IUser['_id'], message: AtLeast<I
 	}

 	const blockEditInMinutes = settings.get('Message_AllowEditing_BlockEditInMinutes');
-	const bypassBlockTimeLimit = await hasPermissionAsync(uid, 'bypass-time-limit-edit-and-delete');
+	const bypassBlockTimeLimit = await hasPermissionAsync(uid, 'bypass-time-limit-edit-and-delete', message.rid);

 	if (!bypassBlockTimeLimit && Match.test(blockEditInMinutes, Number) && blockEditInMinutes !== 0) {
 		let currentTsDiff = 0;
--- a/apps/meteor/app/ui-utils/client/lib/messageActionDefault.ts
+++ b/apps/meteor/app/ui-utils/client/lib/messageActionDefault.ts
@ -185,7 +185,7 @@ Meteor.startup(async () => {
 				return false;
 			}
 			const blockEditInMinutes = settings.Message_AllowEditing_BlockEditInMinutes as number;
-			const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete');
+			const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete', message.rid);

 			if (!bypassBlockTimeLimit && blockEditInMinutes) {
 				let msgTs;
--- a/apps/meteor/client/lib/chats/data.ts
+++ b/apps/meteor/client/lib/chats/data.ts
@ -95,7 +95,7 @@ export const createDataAPI = ({ rid, tmid }: { rid: IRoom['_id']; tmid: IMessage
 		}

 		const blockEditInMinutes = settings.get('Message_AllowEditing_BlockEditInMinutes') as number | undefined;
-		const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete');
+		const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete', message.rid);

 		const elapsedMinutes = moment().diff(message.ts, 'minutes');
 		if (!bypassBlockTimeLimit && elapsedMinutes && blockEditInMinutes && elapsedMinutes > blockEditInMinutes) {
@ -208,7 +208,7 @@ export const createDataAPI = ({ rid, tmid }: { rid: IRoom['_id']; tmid: IMessage
 		}

 		const blockDeleteInMinutes = settings.get('Message_AllowDeleting_BlockDeleteInMinutes') as number | undefined;
-		const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete');
+		const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete', message.rid);
 		const elapsedMinutes = moment().diff(message.ts, 'minutes');
 		const onTimeForDelete = bypassBlockTimeLimit || !blockDeleteInMinutes || !elapsedMinutes || elapsedMinutes <= blockDeleteInMinutes;

--- a/apps/meteor/client/methods/updateMessage.ts
+++ b/apps/meteor/client/methods/updateMessage.ts
@ -50,7 +50,7 @@ Meteor.methods<ServerMethods>({
 		}

 		const blockEditInMinutes = Number(settings.get('Message_AllowEditing_BlockEditInMinutes') as number | undefined);
-		const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete');
+		const bypassBlockTimeLimit = hasPermission('bypass-time-limit-edit-and-delete', message.rid);

 		if (!bypassBlockTimeLimit && blockEditInMinutes !== 0) {
 			if (originalMessage.ts) {
--- a/apps/meteor/client/views/room/contextualBar/RoomFiles/hooks/useMessageDeletionIsAllowed.ts
+++ b/apps/meteor/client/views/room/contextualBar/RoomFiles/hooks/useMessageDeletionIsAllowed.ts
@ -9,7 +9,7 @@ export const useMessageDeletionIsAllowed = (rid: IRoom['_id'], file: IUpload, ui
 	const deletionIsEnabled = useSetting('Message_AllowDeleting');
 	const userHasPermissionToDeleteAny = usePermission('delete-message', rid);
 	const userHasPermissionToDeleteOwn = usePermission('delete-own-message');
-	const bypassBlockTimeLimit = usePermission('bypass-time-limit-edit-and-delete');
+	const bypassBlockTimeLimit = usePermission('bypass-time-limit-edit-and-delete', rid);
 	const blockDeleteInMinutes = useSetting<number>('Message_AllowDeleting_BlockDeleteInMinutes');

 	const isDeletionAllowed = useMemo(() => {