apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix livechat permissions (#6466)

Browse Source
pull/743/merge
Rodrigo Nascimento 9 years ago committed by Gabriel Engel
parent f0017692a3
commit c94b7eebac
4 changed files with 22 additions and 8 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      packages/rocketchat-lib/server/models/Rooms.coffee
  2. 1
      packages/rocketchat-livechat/permissions.js
  3. 2
      packages/rocketchat-livechat/server/lib/Livechat.js
  4. 10
      packages/rocketchat-livechat/server/methods/saveInfo.js

17
packages/rocketchat-lib/server/models/Rooms.coffee
Unescape View File

@ -529,19 +529,19 @@ class ModelRooms extends RocketChat.models._Base
return @update query, update
saveRoomById: (_id, data) ->
setTopicAndTagsById: (_id, topic, tags) ->
setData = {}
unsetData = {}
if data.topic?
if not _.isEmpty(s.trim(data.topic))
setData.topic = s.trim(data.topic)
if topic?
if not _.isEmpty(s.trim(topic))
setData.topic = s.trim(topic)
else
unsetData.topic = 1
if data.tags?
if not _.isEmpty(s.trim(data.tags))
setData.tags = s.trim(data.tags).split(',').map((tag) => return s.trim(tag))
if tags?
if not _.isEmpty(s.trim(tags))
setData.tags = s.trim(tags).split(',').map((tag) => return s.trim(tag))
else
unsetData.tags = 1
@ -553,6 +553,9 @@ class ModelRooms extends RocketChat.models._Base
if not _.isEmpty unsetData
update.$unset = unsetData
if _.isEmpty update
return
return @update { _id: _id }, update
# INSERT

1
packages/rocketchat-livechat/permissions.js
Unescape View File

@ -15,5 +15,6 @@ Meteor.startup(() => {
RocketChat.models.Permissions.createOrUpdate('view-livechat-rooms', ['livechat-manager', 'admin']);
RocketChat.models.Permissions.createOrUpdate('close-livechat-room', ['livechat-agent', 'livechat-manager', 'admin']);
RocketChat.models.Permissions.createOrUpdate('close-others-livechat-room', ['livechat-manager', 'admin']);
RocketChat.models.Permissions.createOrUpdate('save-others-livechat-room-info', ['livechat-manager']);
}
});

2
packages/rocketchat-livechat/server/lib/Livechat.js
Unescape View File

@ -238,7 +238,7 @@ RocketChat.Livechat = {
},
saveRoomInfo(roomData, guestData) {
if (!RocketChat.models.Rooms.saveRoomById(roomData._id, roomData)) {
if ((roomData.topic != null || roomData.tags != null) && !RocketChat.models.Rooms.setTopicAndTagsById(roomData._id, roomData.topic, roomData.tags)) {
return false;
}

10
packages/rocketchat-livechat/server/methods/saveInfo.js
Unescape View File

@ -19,6 +19,16 @@ Meteor.methods({
tags: Match.Optional(String)
}));
const room = RocketChat.models.Rooms.findOneById(roomData._id, {fields: {t: 1, servedBy: 1}});
if (room == null || room.t !== 'l') {
throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'livechat:saveInfo' });
}
if ((!room.servedBy || room.servedBy._id !== Meteor.userId()) && !RocketChat.authz.hasPermission(Meteor.userId(), 'save-others-livechat-room-info')) {
throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveInfo' });
}
const ret = RocketChat.Livechat.saveGuest(guestData) && RocketChat.Livechat.saveRoomInfo(roomData, guestData);
Meteor.defer(() => {

Write Preview
Loading…
Cancel
Save