apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #5687 from RocketChat/fix-deleting-files-not-allowed

Browse Source 
Fix files uploaded by other users not being able to be deleted by uses w/ permission
pull/5699/head
Gabriel Engel 9 years ago committed by GitHub
parent 4c48415a88 b618e77dce
commit ed4a7e890c
4 changed files with 13 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      client/methods/deleteMessage.js
  2. 2
      packages/rocketchat-file-upload/lib/FileUploadBase.js
  3. 2
      packages/rocketchat-ui/lib/chatMessages.coffee
  4. 9
      server/methods/deleteFileMessage.js

3
client/methods/deleteMessage.js
Unescape View File

@ -7,6 +7,9 @@ Meteor.methods({
return false;
}
//We're now only passed in the `_id` property to lower the amount of data sent to the server
message = ChatMessage.findOne({ _id: message._id });
const hasPermission = RocketChat.authz.hasAtLeastOnePermission('delete-message', message.rid);
const deleteAllowed = RocketChat.settings.get('Message_AllowDeleting');
let deleteOwn = false;

2
packages/rocketchat-file-upload/lib/FileUploadBase.js
Unescape View File

@ -9,7 +9,7 @@ UploadFS.config.defaultStorePermissions = new UploadFS.StorePermissions({
return userId === doc.userId;
},
remove: function(userId, doc) {
return userId === doc.userId;
return RocketChat.authz.hasPermission(Meteor.userId(), 'delete-message', doc.rid) || (RocketChat.settings.get('Message_AllowDeleting') && userId === doc.userId);
}
});

2
packages/rocketchat-ui/lib/chatMessages.coffee
Unescape View File

@ -253,7 +253,7 @@ class @ChatMessages
toastr.error(t('Message_deleting_blocked'))
return
Meteor.call 'deleteMessage', message, (error, result) ->
Meteor.call 'deleteMessage', { _id: message._id }, (error, result) ->
if error
return handleError(error)

9
server/methods/deleteFileMessage.js
Unescape View File

@ -1,7 +1,14 @@
/* global FileUpload */
Meteor.methods({
deleteFileMessage: function(fileID) {
check(fileID, String);
return Meteor.call('deleteMessage', RocketChat.models.Messages.getMessageByFileId(fileID));
const msg = RocketChat.models.Messages.getMessageByFileId(fileID);
if (msg) {
return Meteor.call('deleteMessage', msg);
}
return FileUpload.delete(fileID);
}
});

Write Preview
Loading…
Cancel
Save