apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[FIX][ENTERPRISE] Private rooms and discussions can't be audited (#23673)

Browse Source 
* Add support to audit discussions and private rooms

* Change tab name to Rooms

Co-authored-by: gabriellsh <gabriel.henriques@rocket.chat>
pull/23738/head
Matheus Barbosa Silva 4 years ago committed by GitHub
parent 7bcaaace25
commit c54ef380d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 120 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 27
      app/api/server/lib/rooms.js
  2. 16
      app/api/server/v1/rooms.js
  3. 17
      app/models/server/raw/Rooms.js
  4. 2
      ee/client/audit/AuditPageBase.js
  5. 2
      ee/client/audit/RoomAutoComplete/RoomAutoComplete.js
  6. 60
      tests/end-to-end/api/09-rooms.js

27
app/api/server/lib/rooms.js
Unescape View File

@ -1,4 +1,4 @@
import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
import { hasPermissionAsync, hasAtLeastOnePermissionAsync } from '../../../authorization/server/functions/hasPermission';
import { Rooms } from '../../../models/server/raw';
import { Subscriptions } from '../../../models/server';
@ -119,6 +119,31 @@ export async function findChannelAndPrivateAutocomplete({ uid, selector }) {
};
}
export async function findAdminRoomsAutocomplete({ uid, selector }) {
if (!await hasAtLeastOnePermissionAsync(uid, ['view-room-administration', 'can-audit'])) {
throw new Error('error-not-authorized');
}
const options = {
fields: {
_id: 1,
fname: 1,
name: 1,
t: 1,
avatarETag: 1,
},
limit: 10,
sort: {
name: 1,
},
};
const rooms = await Rooms.findRoomsByNameOrFnameStarting(selector.name, options).toArray();
return {
items: rooms,
};
}
export async function findChannelAndPrivateAutocompleteWithPagination({ uid, selector, pagination: { offset, count, sort } }) {
const userRoomsIds = Subscriptions.cachedFindByUserId(uid, { fields: { rid: 1 } })
.fetch()

16
app/api/server/v1/rooms.js
Unescape View File

@ -3,7 +3,7 @@ import { Meteor } from 'meteor/meteor';
import { FileUpload } from '../../../file-upload';
import { Rooms, Messages } from '../../../models';
import { API } from '../api';
import { findAdminRooms, findChannelAndPrivateAutocomplete, findAdminRoom, findRoomsAvailableForTeams, findChannelAndPrivateAutocompleteWithPagination } from '../lib/rooms';
import { findAdminRooms, findChannelAndPrivateAutocomplete, findAdminRoom, findAdminRoomsAutocomplete, findRoomsAvailableForTeams, findChannelAndPrivateAutocompleteWithPagination } from '../lib/rooms';
import { sendFile, sendViaEmail } from '../../../../server/lib/channelExport';
import { canAccessRoom, hasPermission } from '../../../authorization/server';
import { Media } from '../../../../server/sdk';
@ -286,6 +286,20 @@ API.v1.addRoute('rooms.adminRooms', { authRequired: true }, {
},
});
API.v1.addRoute('rooms.autocomplete.adminRooms', { authRequired: true }, {
get() {
const { selector } = this.queryParams;
if (!selector) {
return API.v1.failure('The \'selector\' param is required');
}
return API.v1.success(Promise.await(findAdminRoomsAutocomplete({
uid: this.userId,
selector: JSON.parse(selector),
})));
},
});
API.v1.addRoute('rooms.adminRooms.getRoom', { authRequired: true }, {
get() {
const { rid } = this.requestParams();

17
app/models/server/raw/Rooms.js
Unescape View File

@ -181,6 +181,23 @@ export class RoomsRaw extends BaseRaw {
return this.find(query, options);
}
findRoomsByNameOrFnameStarting(name, options) {
const nameRegex = new RegExp(`^${ escapeRegExp(name).trim() }`, 'i');
const query = {
t: {
$in: ['c', 'p'],
},
$or: [{
name: nameRegex,
}, {
fname: nameRegex,
}],
};
return this.find(query, options);
}
findRoomsWithoutDiscussionsByRoomIds(name, roomIds, options) {
const nameRegex = new RegExp(`^${ escapeRegExp(name).trim() }`, 'i');

2
ee/client/audit/AuditPageBase.js
Unescape View File

@ -56,7 +56,7 @@ export const AuditPageBase = ({
<Page.Header title={t('Message_auditing')} />
<Tabs>
<Tabs.Item selected={type === ''} onClick={useHandleType('')}>
{t('Channels')}
{t('Rooms')}
</Tabs.Item>
<Tabs.Item selected={type === 'u'} onClick={useHandleType('u')}>
{t('Users')}

2
ee/client/audit/RoomAutoComplete/RoomAutoComplete.js
Unescape View File

@ -9,7 +9,7 @@ const query = (name = '') => ({ selector: JSON.stringify({ name }) });
const RoomAutoComplete = (props) => {
const [filter, setFilter] = useState('');
const { value: data } = useEndpointData(
'rooms.autocomplete.channelAndPrivate',
'rooms.autocomplete.adminRooms',
useMemo(() => query(filter), [filter]),
);
const options = useMemo(

60
tests/end-to-end/api/09-rooms.js
Unescape View File

@ -923,6 +923,66 @@ describe('[Rooms]', function() {
.end(done);
});
});
describe('[/rooms.autocomplete.adminRooms]', () => {
let testGroup;
const testGroupName = `channel.test.adminRoom${ Date.now() }-${ Math.random() }`;
const name = {
name: testGroupName,
};
before((done) => {
createRoom({ type: 'p', name: testGroupName })
.end((err, res) => {
testGroup = res.body.group;
request.post(api('rooms.createDiscussion'))
.set(credentials)
.send({
prid: testGroup._id,
t_name: `${ testGroupName }-discussion`,
})
.end(done);
});
});
it('should return an error when the required parameter "selector" is not provided', (done) => {
updatePermission('can-audit', ['admin']).then(() => {
request.get(api('rooms.autocomplete.adminRooms'))
.set(credentials)
.query({})
.expect('Content-Type', 'application/json')
.expect(400)
.expect((res) => {
expect(res.body).to.have.property('success', false);
expect(res.body.error).to.be.equal('The \'selector\' param is required');
})
.end(done);
});
});
it('should return the rooms to fill auto complete', (done) => {
request.get(api('rooms.autocomplete.adminRooms?selector={}'))
.set(credentials)
.expect('Content-Type', 'application/json')
.expect(200)
.expect((res) => {
expect(res.body).to.have.property('success', true);
expect(res.body).to.have.property('items').and.to.be.an('array');
})
.end(done);
});
it('should return FIX the rooms to fill auto complete', (done) => {
request.get(api('rooms.autocomplete.adminRooms?'))
.set(credentials)
.query({
selector: JSON.stringify(name),
})
.expect('Content-Type', 'application/json')
.expect(200)
.expect((res) => {
expect(res.body).to.have.property('success', true);
expect(res.body).to.have.property('items').and.to.be.an('array');
expect(res.body).to.have.property('items').that.have.lengthOf(2);
})
.end(done);
});
});
describe('/rooms.adminRooms', () => {
it('should throw an error when the user tries to gets a list of discussion and he cannot access the room', (done) => {
updatePermission('view-room-administration', []).then(() => {

Write Preview
Loading…
Cancel
Save