Skip to content
Snippets Groups Projects
Commit 91125cc3 authored by Diego Sampaio's avatar Diego Sampaio
Browse files

authz publications security

parent 377c4a0e
No related merge requests found
Hide whitespace changes
Inline Side-by-side
packages/rocketchat-authorization/server/publications/roles.coffee
+ 2
1
View file @ 91125cc3
...@@ -2,6 +2,7 @@ Meteor.publish 'roles', -> ...@@ -2,6 +2,7 @@ Meteor.publish 'roles', ->
unless @userId unless @userId
return @ready() return @ready()
# @TODO validate permission if not RocketChat.authz.hasPermission @userId, 'access-rocket-permissions'
throw new Meteor.Error "not-authorized"
return RocketChat.authz.getRoles() return RocketChat.authz.getRoles()
packages/rocketchat-authorization/server/publications/usersInRole.coffee
+ 2
1
View file @ 91125cc3
...@@ -2,6 +2,7 @@ Meteor.publish 'usersInRole', (roleName) -> ...@@ -2,6 +2,7 @@ Meteor.publish 'usersInRole', (roleName) ->
unless @userId unless @userId
return @ready() return @ready()
# @TODO validate permission if not RocketChat.authz.hasPermission @userId, 'access-rocket-permissions'
throw new Meteor.Error "not-authorized"
return RocketChat.authz.getUsersInRole roleName return RocketChat.authz.getUsersInRole roleName
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment