|
|
|
|
@ -1,5 +1,5 @@ |
|
|
|
|
import { Team, Room } from '@rocket.chat/core-services'; |
|
|
|
|
import type { IRoom, ISubscription, IUser, RoomType } from '@rocket.chat/core-typings'; |
|
|
|
|
import { TEAM_TYPE, type IRoom, type ISubscription, type IUser, type RoomType } from '@rocket.chat/core-typings'; |
|
|
|
|
import { Integrations, Messages, Rooms, Subscriptions, Uploads, Users } from '@rocket.chat/models'; |
|
|
|
|
import { |
|
|
|
|
isChannelsAddAllProps, |
|
|
|
|
@ -302,6 +302,10 @@ API.v1.addRoute( |
|
|
|
|
...(pinned && pinned.toLowerCase() === 'true' ? { pinned: true } : {}), |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
if (!(await canAccessRoomAsync(findResult, { _id: this.userId }))) { |
|
|
|
|
return API.v1.forbidden(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Special check for the permissions
|
|
|
|
|
if ( |
|
|
|
|
(await hasPermissionAsync(this.userId, 'view-joined-room')) && |
|
|
|
|
@ -453,6 +457,10 @@ API.v1.addRoute( |
|
|
|
|
|
|
|
|
|
const findResult = await findChannelByIdOrName({ params }); |
|
|
|
|
|
|
|
|
|
if (!(await canAccessRoomAsync(findResult, { _id: this.userId }))) { |
|
|
|
|
return API.v1.forbidden(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const moderators = ( |
|
|
|
|
await Subscriptions.findByRoomIdAndRoles(findResult._id, ['moderator'], { |
|
|
|
|
projection: { u: 1 }, |
|
|
|
|
@ -859,6 +867,10 @@ API.v1.addRoute( |
|
|
|
|
checkedArchived: false, |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
if (!(await canAccessRoomAsync(findResult, { _id: this.userId }))) { |
|
|
|
|
return API.v1.forbidden(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
let includeAllPublicChannels = true; |
|
|
|
|
if (typeof this.queryParams.includeAllPublicChannels !== 'undefined') { |
|
|
|
|
includeAllPublicChannels = this.queryParams.includeAllPublicChannels === 'true'; |
|
|
|
|
@ -904,12 +916,18 @@ API.v1.addRoute( |
|
|
|
|
{ authRequired: true }, |
|
|
|
|
{ |
|
|
|
|
async get() { |
|
|
|
|
const findResult = await findChannelByIdOrName({ |
|
|
|
|
params: this.queryParams, |
|
|
|
|
checkedArchived: false, |
|
|
|
|
userId: this.userId, |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
if (!(await canAccessRoomAsync(findResult, { _id: this.userId }))) { |
|
|
|
|
return API.v1.forbidden(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return API.v1.success({ |
|
|
|
|
channel: await findChannelByIdOrName({ |
|
|
|
|
params: this.queryParams, |
|
|
|
|
checkedArchived: false, |
|
|
|
|
userId: this.userId, |
|
|
|
|
}), |
|
|
|
|
channel: findResult, |
|
|
|
|
}); |
|
|
|
|
}, |
|
|
|
|
}, |
|
|
|
|
@ -1058,6 +1076,10 @@ API.v1.addRoute( |
|
|
|
|
checkedArchived: false, |
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
if (!(await canAccessRoomAsync(findResult, { _id: this.userId }))) { |
|
|
|
|
return API.v1.forbidden(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (findResult.broadcast && !(await hasPermissionAsync(this.userId, 'view-broadcast-member-list', findResult._id))) { |
|
|
|
|
return API.v1.forbidden(); |
|
|
|
|
} |
|
|
|
|
@ -1416,7 +1438,7 @@ API.v1.addRoute( |
|
|
|
|
|
|
|
|
|
API.v1.addRoute( |
|
|
|
|
'channels.anonymousread', |
|
|
|
|
{ authRequired: false }, |
|
|
|
|
{ authOrAnonRequired: true }, |
|
|
|
|
{ |
|
|
|
|
async get() { |
|
|
|
|
const findResult = await findChannelByIdOrName({ |
|
|
|
|
@ -1434,6 +1456,16 @@ API.v1.addRoute( |
|
|
|
|
}); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Public rooms of private teams should be accessible only by team members
|
|
|
|
|
if (findResult.teamId) { |
|
|
|
|
const team = await Team.getOneById(findResult.teamId); |
|
|
|
|
if (team?.type === TEAM_TYPE.PRIVATE) { |
|
|
|
|
if (!this.userId || !(await canAccessRoomAsync(findResult, { _id: this.userId }))) { |
|
|
|
|
return API.v1.notFound('Room not found'); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const { cursor, totalCount } = await Messages.findPaginated(ourQuery, { |
|
|
|
|
sort: sort || { ts: -1 }, |
|
|
|
|
skip: offset, |
|
|
|
|
|
julio-rocketchat
11 months ago
committed by