Pinning Permissions not working #1830
Comments
|
I see this too and can confirm that problem. A "normal" user can pin messages in a room. But this doesn't seem to be a problem with the Android app, but a general problem, because I can also reproduce it in the browser. I would post it as a server bug. |
|
I can limit pinning via permissions on the browser, that is why I posted this under android. |
|
Interesting. Role |
|
@localguru and you have no other role, like admin? I just tested this today. |
|
These are my pin permissions:
And I can pin messages in a browser as normal user in a channel I don't own or moderate. |
|
@localguru try making a new account with user role and see if they can pin. That is what I did, and they couldn't with those settings. It was also a private/room. My server version is 70.4 |
|
@cloudsandladders sorry, mistake here. I can't pin messages as normal user in browser. Your are right. |
|
@localguru thank you for confirming. So it does look like it's an Android specific issue. |
|
Well, that brings me to the question if someone could explain to me please why a permission is respected when accessing via the browser and not via the app? In the past, for example, I have observed time and again that permissions via the API were not observed, but in the browser or in the electron client. |
|
Just errors in accessing the API and applying it accurately in the app. |
|
@cloudsandladders I was thinking about something like this: |
|
The Android is currently not checking for this permission, but the API should not allow the user to pin the message as well (and I think that's actually happening in the latest release). |
|
I tested this on the latest 3.1.0 version and a user without pin permissios not only has the "pin message" context menu option, but they can actually pin messages. You have to scroll down in the context menu to see it. |
|
Created the issue here: RocketChat/Rocket.Chat#12535. |
|
Great. Thanks. |
Description
Pinning permissions are not preventing users from pinning messages.
Devices and Versions
Your Rocket.Chat.Android version: 3.1.0
Your Rocket.Chat Server version: 0.70.4
Mobile device model and OS version: (e.g. "Galaxy S6 - Android 7.0")
Steps to reproduce
Uncheck all permissions for pinning, but any user can still long click on a message and select "pin" which then pins the message to the channel. (tested on private and public channels)
Logs
The text was updated successfully, but these errors were encountered: