Skip to content
Snippets Groups Projects
Commit 91125cc3 authored by Diego Sampaio's avatar Diego Sampaio
Browse files

authz publications security

parent 377c4a0e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
packages/rocketchat-authorization/server/publications/roles.coffee
+ 2
1
View file @ 91125cc3
......@@ -2,6 +2,7 @@ Meteor.publish 'roles', ->
unless @userId
return @ready()
# @TODO validate permission
if not RocketChat.authz.hasPermission @userId, 'access-rocket-permissions'
throw new Meteor.Error "not-authorized"
return RocketChat.authz.getRoles()
packages/rocketchat-authorization/server/publications/usersInRole.coffee
+ 2
1
View file @ 91125cc3
......@@ -2,6 +2,7 @@ Meteor.publish 'usersInRole', (roleName) ->
unless @userId
return @ready()
# @TODO validate permission
if not RocketChat.authz.hasPermission @userId, 'access-rocket-permissions'
throw new Meteor.Error "not-authorized"
return RocketChat.authz.getUsersInRole roleName
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment