From c94b7eebac6ceea010959aba8a68459a01c47423 Mon Sep 17 00:00:00 2001 From: Rodrigo Nascimento Date: Fri, 24 Mar 2017 13:20:17 -0300 Subject: [PATCH] Fix livechat permissions (#6466) --- .../rocketchat-lib/server/models/Rooms.coffee | 17 ++++++++++------- packages/rocketchat-livechat/permissions.js | 1 + .../rocketchat-livechat/server/lib/Livechat.js | 2 +- .../server/methods/saveInfo.js | 10 ++++++++++ 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/packages/rocketchat-lib/server/models/Rooms.coffee b/packages/rocketchat-lib/server/models/Rooms.coffee index 0830b53f773..51e46a604bb 100644 --- a/packages/rocketchat-lib/server/models/Rooms.coffee +++ b/packages/rocketchat-lib/server/models/Rooms.coffee @@ -529,19 +529,19 @@ class ModelRooms extends RocketChat.models._Base return @update query, update - saveRoomById: (_id, data) -> + setTopicAndTagsById: (_id, topic, tags) -> setData = {} unsetData = {} - if data.topic? - if not _.isEmpty(s.trim(data.topic)) - setData.topic = s.trim(data.topic) + if topic? + if not _.isEmpty(s.trim(topic)) + setData.topic = s.trim(topic) else unsetData.topic = 1 - if data.tags? - if not _.isEmpty(s.trim(data.tags)) - setData.tags = s.trim(data.tags).split(',').map((tag) => return s.trim(tag)) + if tags? + if not _.isEmpty(s.trim(tags)) + setData.tags = s.trim(tags).split(',').map((tag) => return s.trim(tag)) else unsetData.tags = 1 @@ -553,6 +553,9 @@ class ModelRooms extends RocketChat.models._Base if not _.isEmpty unsetData update.$unset = unsetData + if _.isEmpty update + return + return @update { _id: _id }, update # INSERT diff --git a/packages/rocketchat-livechat/permissions.js b/packages/rocketchat-livechat/permissions.js index d112057d3d6..2787900f9b0 100644 --- a/packages/rocketchat-livechat/permissions.js +++ b/packages/rocketchat-livechat/permissions.js @@ -15,5 +15,6 @@ Meteor.startup(() => { RocketChat.models.Permissions.createOrUpdate('view-livechat-rooms', ['livechat-manager', 'admin']); RocketChat.models.Permissions.createOrUpdate('close-livechat-room', ['livechat-agent', 'livechat-manager', 'admin']); RocketChat.models.Permissions.createOrUpdate('close-others-livechat-room', ['livechat-manager', 'admin']); + RocketChat.models.Permissions.createOrUpdate('save-others-livechat-room-info', ['livechat-manager']); } }); diff --git a/packages/rocketchat-livechat/server/lib/Livechat.js b/packages/rocketchat-livechat/server/lib/Livechat.js index b0acb7fa56b..998ef8e7c3f 100644 --- a/packages/rocketchat-livechat/server/lib/Livechat.js +++ b/packages/rocketchat-livechat/server/lib/Livechat.js @@ -238,7 +238,7 @@ RocketChat.Livechat = { }, saveRoomInfo(roomData, guestData) { - if (!RocketChat.models.Rooms.saveRoomById(roomData._id, roomData)) { + if ((roomData.topic != null || roomData.tags != null) && !RocketChat.models.Rooms.setTopicAndTagsById(roomData._id, roomData.topic, roomData.tags)) { return false; } diff --git a/packages/rocketchat-livechat/server/methods/saveInfo.js b/packages/rocketchat-livechat/server/methods/saveInfo.js index ae4d1a2323d..e74483ea080 100644 --- a/packages/rocketchat-livechat/server/methods/saveInfo.js +++ b/packages/rocketchat-livechat/server/methods/saveInfo.js @@ -19,6 +19,16 @@ Meteor.methods({ tags: Match.Optional(String) })); + const room = RocketChat.models.Rooms.findOneById(roomData._id, {fields: {t: 1, servedBy: 1}}); + + if (room == null || room.t !== 'l') { + throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'livechat:saveInfo' }); + } + + if ((!room.servedBy || room.servedBy._id !== Meteor.userId()) && !RocketChat.authz.hasPermission(Meteor.userId(), 'save-others-livechat-room-info')) { + throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveInfo' }); + } + const ret = RocketChat.Livechat.saveGuest(guestData) && RocketChat.Livechat.saveRoomInfo(roomData, guestData); Meteor.defer(() => {