apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The communications platform that puts data protection first.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23842 Commits
705 Branches
1176 Tags
2.1 GiB
 
 
 
 
 
Tag: Branch: Tree: Export-PDF-Transcript
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'Export-PDF-Transcript'
${ noResults }
Rocket.Chat/apps/meteor/ee/server/api/roles.ts

97 lines
2.7 KiB
Raw Permalink Blame History

import { Roles } from '@rocket.chat/models';
import { API } from '../../../app/api/server/api';
import { hasPermissionAsync } from '../../../app/authorization/server/functions/hasPermission';
import { settings } from '../../../app/settings/server/index';
import { isEnterprise } from '../../app/license/server';
import { isRoleCreateProps, isRoleUpdateProps } from '../../definition/rest/v1/roles';
import { insertRoleAsync } from '../lib/roles/insertRole';
import { updateRole } from '../lib/roles/updateRole';
API.v1.addRoute(
'roles.create',
{ authRequired: true },
{
async post() {
if (!isEnterprise()) {
throw new Meteor.Error('error-action-not-allowed', 'This is an enterprise feature');
}
if (!isRoleCreateProps(this.bodyParams)) {
throw new Meteor.Error('error-invalid-role-properties', 'The role properties are invalid.');
}
const userId = Meteor.userId();
if (!userId || !(await hasPermissionAsync(userId, 'access-permissions'))) {
throw new Meteor.Error('error-action-not-allowed', 'Accessing permissions is not allowed');
}
const { name, scope, description, mandatory2fa } = this.bodyParams;
if (await Roles.findOneByIdOrName(name)) {
throw new Meteor.Error('error-duplicate-role-names-not-allowed', 'Role name already exists');
}
const roleData = {
description: description || '',
...(mandatory2fa !== undefined && { mandatory2fa }),
name,
scope: scope || 'Users',
protected: false,
};
const options = {
broadcastUpdate: settings.get<boolean>('UI_DisplayRoles'),
};
const role = await insertRoleAsync(roleData, options);
return API.v1.success({
role,
});
},
},
);
API.v1.addRoute(
'roles.update',
{ authRequired: true },
{
async post() {
if (!isRoleUpdateProps(this.bodyParams)) {
throw new Meteor.Error('error-invalid-role-properties', 'The role properties are invalid.');
}
if (!(await hasPermissionAsync(this.userId, 'access-permissions'))) {
throw new Meteor.Error('error-action-not-allowed', 'Accessing permissions is not allowed');
}
const { roleId, name, scope, description, mandatory2fa } = this.bodyParams;
const role = await Roles.findOne(roleId);
if (!isEnterprise() && !role?.protected) {
throw new Meteor.Error('error-action-not-allowed', 'This is an enterprise feature');
}
const roleData = {
description: description || '',
...(mandatory2fa !== undefined && { mandatory2fa }),
name,
scope: scope || 'Users',
protected: false,
};
const options = {
broadcastUpdate: settings.get<boolean>('UI_DisplayRoles'),
};
const updatedRole = await updateRole(roleId, roleData, options);
return API.v1.success({
role: updatedRole,
});
},
},
);