apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[NEW] Permission to assign roles (#13597)

Browse Source 
* Fix roles and integrations

* Change name of permission and remove permission of manage integrations to bot role
pull/13442/head
Marcos Spessatto Defendi 6 years ago committed by Rodrigo Nascimento
parent 3e28428f5c
commit 84633d2a92
4 changed files with 10 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      packages/rocketchat-authorization/server/startup.js
  2. 1
      packages/rocketchat-i18n/i18n/en.i18n.json
  3. 1
      packages/rocketchat-integrations/server/api/api.js
  4. 7
      packages/rocketchat-lib/server/functions/saveUser.js

3
packages/rocketchat-authorization/server/startup.js
Unescape View File

@ -16,6 +16,7 @@ Meteor.startup(function() {
{ _id: 'api-bypass-rate-limit', roles : ['admin', 'bot'] },
{ _id: 'archive-room', roles : ['admin', 'owner'] },
{ _id: 'assign-admin-role', roles : ['admin'] },
{ _id: 'assign-roles', roles : ['admin'] },
{ _id: 'ban-user', roles : ['admin', 'owner', 'moderator'] },
{ _id: 'bulk-create-c', roles : ['admin'] },
{ _id: 'bulk-register-user', roles : ['admin'] },
@ -44,7 +45,7 @@ Meteor.startup(function() {
{ _id: 'manage-assets', roles : ['admin'] },
{ _id: 'manage-emoji', roles : ['admin'] },
{ _id: 'manage-integrations', roles : ['admin'] },
{ _id: 'manage-own-integrations', roles : ['admin', 'bot'] },
{ _id: 'manage-own-integrations', roles : ['admin'] },
{ _id: 'manage-oauth-apps', roles : ['admin'] },
{ _id: 'mention-all', roles : ['admin', 'owner', 'moderator', 'user'] },
{ _id: 'mention-here', roles : ['admin', 'owner', 'moderator', 'user'] },

1
packages/rocketchat-i18n/i18n/en.i18n.json
Unescape View File

@ -360,6 +360,7 @@
"assign-admin-role": "Assign Admin Role",
"assign-admin-role_description": "Permission to assign the admin role to other users",
"Assign_admin": "Assigning admin",
"assign-roles": "Assign Roles",
"at": "at",
"At_least_one_added_token_is_required_by_the_user": "At least one added token is required by the user",
"AtlassianCrowd": "Atlassian Crowd",

1
packages/rocketchat-integrations/server/api/api.js
Unescape View File

@ -98,7 +98,6 @@ function buildSandbox(store = {}) {
}
},
};
Object.keys(Models).filter((k) => !k.startsWith('_')).forEach((k) => sandbox[k] = Models[k]);
return { store, sandbox };
}

7
packages/rocketchat-lib/server/functions/saveUser.js
Unescape View File

@ -110,6 +110,13 @@ function validateUserEditing(userId, userData) {
const canEditOtherUserInfo = hasPermission(userId, 'edit-other-user-info');
const canEditOtherUserPassword = hasPermission(userId, 'edit-other-user-password');
if (userData.roles && !hasPermission(userId, 'assign-roles')) {
throw new Meteor.Error('error-action-not-allowed', 'Assign roles is not allowed', {
method: 'insertOrUpdateUser',
action: 'Assign_role',
});
}
if (!settings.get('Accounts_AllowUserProfileChange') && !canEditOtherUserInfo && !canEditOtherUserPassword) {
throw new Meteor.Error('error-action-not-allowed', 'Edit user profile is not allowed', {
method: 'insertOrUpdateUser',

Write Preview
Loading…
Cancel
Save