Merge pull request #3958 from RocketChat/improvements/guest-direct-room-access

Allow guest users to view joined direct rooms

Merge pull request #3958 from RocketChat/improvements/guest-direct-room-access
9965ab4c · Gabriel Engel · GitHub · 62407729 · 1cb2429c · 9965ab4c
Commit 9965ab4c authored 8 years ago by Gabriel Engel Committed by GitHub 8 years ago
--- a/client/startup/defaultRoomTypes.coffee
+++ b/client/startup/defaultRoomTypes.coffee
@@ -45,7 +45,7 @@ RocketChat.roomTypes.add 'd', 20,
 	roomName: (roomData) ->
 		return ChatSubscription.findOne({ rid: roomData._id }, { fields: { name: 1 } })?.name
 	condition: ->
-		return RocketChat.authz.hasAllPermission 'view-d-room'
+		return RocketChat.authz.hasAtLeastOnePermission ['view-d-room', 'view-joined-room']
 RocketChat.roomTypes.add 'p', 30,
 	template: 'privateGroups'

--- a/packages/rocketchat-authorization/server/functions/hasPermission.coffee
+++ b/packages/rocketchat-authorization/server/functions/hasPermission.coffee
-RocketChat.authz.hasPermission = (userId, permissionId, scope) ->
+atLeastOne = (userId, permissions, scope) ->
-	permission = RocketChat.models.Permissions.findOne permissionId
+	return _.some permissions, (permissionId) ->
-	return RocketChat.models.Roles.isUserInRoles(userId, permission.roles, scope)
+		permission = RocketChat.models.Permissions.findOne permissionId
+		RocketChat.models.Roles.isUserInRoles(userId, permission.roles, scope)
+all = (userId, permissions, scope) ->
+	return _.every permissions, (permissionId) ->
+		permission = RocketChat.models.Permissions.findOne permissionId
+		RocketChat.models.Roles.isUserInRoles(userId, permission.roles, scope)
+hasPermission = (userId, permissions, scope, strategy) ->
+	unless userId
+		return false
+	permissions = [].concat permissions
+	return strategy(userId, permissions, scope)
+RocketChat.authz.hasAllPermission = (userId, permissions, scope) ->
+	return hasPermission(userId, permissions, scope, all)
+RocketChat.authz.hasPermission = RocketChat.authz.hasAllPermission
+RocketChat.authz.hasAtLeastOnePermission = (userId, permissions, scope) ->
+	return hasPermission(userId, permissions, scope, atLeastOne)
--- a/server/startup/roomPublishes.coffee
+++ b/server/startup/roomPublishes.coffee
@@ -50,6 +50,6 @@ Meteor.startup ->
 				jitsiTimeout: 1
 		user = RocketChat.models.Users.findOneById this.userId, fields: username: 1
-		if RocketChat.authz.hasPermission(this.userId, 'view-d-room')
+		if RocketChat.authz.hasAtLeastOnePermission(this.userId, ['view-d-room', 'view-joined-room'])
 			return RocketChat.models.Rooms.findByTypeContainigUsernames 'd', [user.username, identifier], options
 		return this.ready()