apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

regression: populate permission to new federated-external role (#39854)

Browse Source
pull/39982/head
Diego Sampaio 1 month ago committed by GitHub
parent b7a32f9ec9
commit 9d42d28143
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 38 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/meteor/app/authorization/server/functions/upsertPermissions.ts
  2. 38
      apps/meteor/server/startup/migrations/xrun.ts

2
apps/meteor/app/authorization/server/functions/upsertPermissions.ts
Unescape View File

@ -18,7 +18,7 @@ export const upsertPermissions = async (): Promise<void> => {
{ name: 'leader', scope: 'Subscriptions', description: 'Leader' },
{ name: 'owner', scope: 'Subscriptions', description: 'Owner' },
{ name: 'user', scope: 'Users', description: '' },
{ name: 'federated-external', scope: 'Users', description: 'External Federated User' },
{ name: 'federated-external', scope: 'Users', description: '' },
{ name: 'bot', scope: 'Users', description: '' },
{ name: 'app', scope: 'Users', description: '' },
{ name: 'guest', scope: 'Users', description: '' },

38
apps/meteor/server/startup/migrations/xrun.ts
Unescape View File

@ -1,4 +1,4 @@
import { Settings } from '@rocket.chat/models';
import { Permissions, Roles, Settings, Users } from '@rocket.chat/models';
import type { UpdateResult } from 'mongodb';
import { upsertPermissions } from '../../../app/authorization/server/functions/upsertPermissions';
@ -55,10 +55,46 @@ const moveRetentionSetting = async () => {
await Settings.updateMany({ _id: { $in: Array.from(maxAgeSettingMap.keys()) } }, { $set: { value: -1 } });
};
async function setPermissionsToNewRole() {
const role = await Roles.findOneById('federated-external');
// if role was found it means it was already created with the permissions, so we can skip it
if (role) {
return;
}
// if federation was used before the new role was created, we need to update their roles with the new role
await Users.updateMany({ federated: true }, { $addToSet: { roles: 'federated-external' } });
const rolePermissions = [
'create-c',
'create-d',
'create-p',
'delete-own-message',
'leave-c',
'leave-p',
'mention-all',
'mention-here',
'start-discussion',
'start-discussion-other-user',
'view-c-room',
'view-d-room',
'view-p-room',
'preview-c-room',
'view-outside-room',
'mobile-upload-file',
'access-federation',
];
// since this is a one time query, no need to create a method in model class for it
await Permissions.updateMany({ _id: { $in: rolePermissions } }, { $addToSet: { roles: 'federated-external' } });
}
export const performMigrationProcedure = async (): Promise<void> => {
await migrateDatabase(version === 'latest' ? version : parseInt(version), subcommands);
// perform operations when the server is starting with a different version
await onServerVersionChange(async () => {
await setPermissionsToNewRole();
await upsertPermissions();
await ensureCloudWorkspaceRegistered();
await moveRetentionSetting();

Write Preview
Loading…
Cancel
Save