From df2a42c28fdbcfcb6948d90055c08d7db012f805 Mon Sep 17 00:00:00 2001 From: Lucas Sartor Chauvin Date: Wed, 21 Jul 2021 00:44:39 -0300 Subject: [PATCH] [FIX] Cannot create a discussion from top left sidebar as a user (#22618) * Remove discussions from rooms autocomplete * Remove `view-other-user-channels` permission from rooms autocomplete Co-authored-by: Matheus Barbosa Silva <36537004+matheusbsilva137@users.noreply.github.com> Co-authored-by: matheusbsilva137 --- app/api/server/lib/rooms.js | 8 +++----- app/models/server/raw/Rooms.js | 29 ++++++++++++++++++++++++++ tests/end-to-end/api/09-rooms.js | 35 +++++++++----------------------- 3 files changed, 42 insertions(+), 30 deletions(-) diff --git a/app/api/server/lib/rooms.js b/app/api/server/lib/rooms.js index 99aef384ed7..0b908620f18 100644 --- a/app/api/server/lib/rooms.js +++ b/app/api/server/lib/rooms.js @@ -94,9 +94,6 @@ export async function findAdminRoom({ uid, rid }) { } export async function findChannelAndPrivateAutocomplete({ uid, selector }) { - if (!await hasPermissionAsync(uid, 'view-other-user-channels')) { - return { items: [] }; - } const options = { fields: { _id: 1, @@ -110,11 +107,12 @@ export async function findChannelAndPrivateAutocomplete({ uid, selector }) { name: 1, }, }; - const userRooms = Subscriptions.cachedFindByUserId(uid, { fields: { rid: 1 } }) + + const userRoomsIds = Subscriptions.cachedFindByUserId(uid, { fields: { rid: 1 } }) .fetch() .map((item) => item.rid); - const rooms = await Rooms.findChannelAndPrivateByNameStarting(selector.name, userRooms, options).toArray(); + const rooms = await Rooms.findRoomsWithoutDiscussionsByRoomIds(selector.name, userRoomsIds, options).toArray(); return { items: rooms, diff --git a/app/models/server/raw/Rooms.js b/app/models/server/raw/Rooms.js index 061b882d0cd..600d55c1fff 100644 --- a/app/models/server/raw/Rooms.js +++ b/app/models/server/raw/Rooms.js @@ -183,6 +183,35 @@ export class RoomsRaw extends BaseRaw { return this.find(query, options); } + findRoomsWithoutDiscussionsByRoomIds(name, roomIds, options) { + const nameRegex = new RegExp(`^${ escapeRegExp(name).trim() }`, 'i'); + + const query = { + _id: { + $in: roomIds, + }, + t: { + $in: ['c', 'p'], + }, + name: nameRegex, + $or: [{ + teamId: { + $exists: false, + }, + }, { + teamId: { + $exists: true, + }, + _id: { + $in: roomIds, + }, + }], + prid: { $exists: false }, + }; + + return this.find(query, options); + } + findChannelAndGroupListWithoutTeamsByNameStartingByOwner(uid, name, groupsToAccept, options) { const nameRegex = new RegExp(`^${ escapeRegExp(name).trim() }`, 'i'); diff --git a/tests/end-to-end/api/09-rooms.js b/tests/end-to-end/api/09-rooms.js index cb4d045c9ba..864f76c5c42 100644 --- a/tests/end-to-end/api/09-rooms.js +++ b/tests/end-to-end/api/09-rooms.js @@ -876,32 +876,17 @@ describe('[Rooms]', function() { }); describe('[/rooms.autocomplete.channelAndPrivate]', () => { - it('should return an empty list when the user does not have the necessary permission', (done) => { - updatePermission('view-other-user-channels', []).then(() => { - request.get(api('rooms.autocomplete.channelAndPrivate?selector={}')) - .set(credentials) - .expect('Content-Type', 'application/json') - .expect(200) - .expect((res) => { - expect(res.body).to.have.property('success', true); - expect(res.body).to.have.property('items').and.to.be.an('array').that.has.lengthOf(0); - }) - .end(done); - }); - }); it('should return an error when the required parameter "selector" is not provided', (done) => { - updatePermission('view-other-user-channels', ['admin']).then(() => { - request.get(api('rooms.autocomplete.channelAndPrivate')) - .set(credentials) - .query({}) - .expect('Content-Type', 'application/json') - .expect(400) - .expect((res) => { - expect(res.body).to.have.property('success', false); - expect(res.body.error).to.be.equal('The \'selector\' param is required'); - }) - .end(done); - }); + request.get(api('rooms.autocomplete.channelAndPrivate')) + .set(credentials) + .query({}) + .expect('Content-Type', 'application/json') + .expect(400) + .expect((res) => { + expect(res.body).to.have.property('success', false); + expect(res.body.error).to.be.equal('The \'selector\' param is required'); + }) + .end(done); }); it('should return the rooms to fill auto complete', (done) => { request.get(api('rooms.autocomplete.channelAndPrivate?selector={}'))