From 293ad73a90a7440ff4bb65e1269c42c0ee44d92b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20J=C3=A4gle?= Date: Sun, 26 Nov 2017 18:43:56 +0100 Subject: [PATCH] Fix: Apply changed setting permissions reactively --- .../server/publications/permissions.js | 16 ++++++++-- .../client/SettingsCachedCollection.js | 31 +++++++++++++++++++ packages/rocketchat-ui-admin/client/admin.js | 6 ++-- .../rocketchat-ui-admin/client/adminFlex.js | 6 ++-- 4 files changed, 48 insertions(+), 11 deletions(-) create mode 100644 packages/rocketchat-ui-admin/client/SettingsCachedCollection.js diff --git a/packages/rocketchat-authorization/server/publications/permissions.js b/packages/rocketchat-authorization/server/publications/permissions.js index db3de5517773..d37246a1e403 100644 --- a/packages/rocketchat-authorization/server/publications/permissions.js +++ b/packages/rocketchat-authorization/server/publications/permissions.js @@ -48,11 +48,21 @@ Meteor.methods({ } }); +function notifySettings(type, permission) { + if (permission.level === permissionLevel.SETTING) { + // if the permission changes, the effect on the visible settings depends on the role affected. + // The selected-settings-based consumers have to react accordingly and either add or remove the + // setting from the user's collection + const setting = RocketChat.models.Settings.findOneById(permission.settingId); + RocketChat.Notifications.notifyLoggedInThisInstance('private-settings-changed', 'auth', setting); + } +} RocketChat.models.Permissions.on('changed', (type, permission) => { RocketChat.Notifications.notifyLoggedInThisInstance('permissions-changed', type, permission); - if (permission.level === permissionLevel.SETTING) { - RocketChat.Notifications.notifyLoggedInThisInstance('selected-settings-changed', type, permission); - } + notifySettings(type, permission); }); +RocketChat.models.Permissions.on('removed', (type, permission) => { + notifySettings(type, permission); +}); diff --git a/packages/rocketchat-ui-admin/client/SettingsCachedCollection.js b/packages/rocketchat-ui-admin/client/SettingsCachedCollection.js new file mode 100644 index 000000000000..bf48d9c8edac --- /dev/null +++ b/packages/rocketchat-ui-admin/client/SettingsCachedCollection.js @@ -0,0 +1,31 @@ +import _ from 'underscore'; + +export class PrivateSettingsCachedCollection extends RocketChat.CachedCollection { + constructor() { + super({ + name: 'private-settings', + eventType: 'onLogged' + }); + } + + setupListener(eventType, eventName) { + super.setupListener(eventType, eventName); + + // private settings also need to listen to a change of authorizationsfor the setting-based authorizations + RocketChat.Notifications[eventType || this.eventType](eventName || this.eventName, (t, record) => { + this.log('record received', t, record); + if (t === 'auth') { + if (! (RocketChat.authz.hasAllPermission([`change-setting-${ record._id }`, 'manage-selected-settings']) + || RocketChat.authz.hasAllPermission('view-privileged-setting'))) { + this.collection.remove(record._id); + RoomManager.close(record.t + record.name); + } else { + delete record.$loki; + this.collection.upsert({_id: record._id}, _.omit(record, '_id')); + } + + this.saveCache(); + } + }); + } +} diff --git a/packages/rocketchat-ui-admin/client/admin.js b/packages/rocketchat-ui-admin/client/admin.js index f43b9f469651..086902570e59 100644 --- a/packages/rocketchat-ui-admin/client/admin.js +++ b/packages/rocketchat-ui-admin/client/admin.js @@ -2,6 +2,7 @@ import _ from 'underscore'; import s from 'underscore.string'; import toastr from 'toastr'; +import {PrivateSettingsCachedCollection} from './SettingsCachedCollection'; const TempSettings = new Mongo.Collection(null); @@ -45,10 +46,7 @@ const setFieldValue = function(settingId, value, type, editor) { Template.admin.onCreated(function() { if (RocketChat.settings.cachedCollectionPrivate == null) { - RocketChat.settings.cachedCollectionPrivate = new RocketChat.CachedCollection({ - name: 'private-settings', - eventType: 'onLogged' - }); + RocketChat.settings.cachedCollectionPrivate = new PrivateSettingsCachedCollection(); RocketChat.settings.collectionPrivate = RocketChat.settings.cachedCollectionPrivate.collection; RocketChat.settings.cachedCollectionPrivate.init(); } diff --git a/packages/rocketchat-ui-admin/client/adminFlex.js b/packages/rocketchat-ui-admin/client/adminFlex.js index 279d67a3ac4c..7c6cdf4442cf 100644 --- a/packages/rocketchat-ui-admin/client/adminFlex.js +++ b/packages/rocketchat-ui-admin/client/adminFlex.js @@ -1,13 +1,11 @@ import _ from 'underscore'; import s from 'underscore.string'; +import {PrivateSettingsCachedCollection} from './SettingsCachedCollection'; Template.adminFlex.onCreated(function() { this.settingsFilter = new ReactiveVar(''); if (RocketChat.settings.cachedCollectionPrivate == null) { - RocketChat.settings.cachedCollectionPrivate = new RocketChat.CachedCollection({ - name: 'private-settings', - eventType: 'onLogged' - }); + RocketChat.settings.cachedCollectionPrivate = new PrivateSettingsCachedCollection(); RocketChat.settings.collectionPrivate = RocketChat.settings.cachedCollectionPrivate.collection; RocketChat.settings.cachedCollectionPrivate.init(); }