-
- Downloads
Create RocketChat authorization package that handles role and permission
based authorization Leverages alanning:roles package to associate a user to a role. Uses alanning:roles optional "group" parameter to limit the role's scope to either the global level or room level. The global level is applicable to users that can perform administrative functions. The room level is applicable to users that can perform room specific administrative functions (like a moderator). A role can have zero or more permissions. Permissions and their association to roles are defined by this package Authorization checks are based on whether or not the user has a role or permission. The roles, permissions, and their association are statically defined at this time. Eventually, there should be an API to dynamically create a role and associate it to static permission(s). Old 'isAdmin' and '.admin is true' checks have been replaced with corresponding hasPermission authorization checks. Additionally, code that automatically assigned admin privileges are updated to assign 'admin' role instead. channel/direct message/private group code checks authorization to edit properties (e.g. title) and edit/delete messages (regardless of the system level allow edit/delete settings). - user with 'admin' role are authorized to do anything - room creator is assigned 'moderator' role that can edit the room and edit/delete messages - members can only edit/delete their own messages IF system wide settings permit them to. v19 migration will - add 'admin' role to users with admin:true property - add 'moderator' role scoped to room for room creators - add 'user' role to all users. There are known issues unrelated to the changes made - If a user with edit/delete message room permissions logs out then a user without edit/delete message room permissions logs in, then they will see edit/delete icons. The server will deny execution - edit/delete icons are not reactive Thus if the system level allow edit/delete message setting is toggled, the icons will not reflect it. The server will deny execution.
Showing
- .meteor/packages 1 addition, 0 deletions.meteor/packages
- .meteor/versions 2 additions, 0 deletions.meteor/versions
- client/lib/chatMessages.coffee 7 additions, 3 deletionsclient/lib/chatMessages.coffee
- client/methods/deleteMessage.coffee 6 additions, 1 deletionclient/methods/deleteMessage.coffee
- client/methods/updateMessage.coffee 7 additions, 1 deletionclient/methods/updateMessage.coffee
- client/stylesheets/base.less 2 additions, 2 deletionsclient/stylesheets/base.less
- client/views/admin/admin.coffee 0 additions, 2 deletionsclient/views/admin/admin.coffee
- client/views/admin/admin.html 1 addition, 1 deletionclient/views/admin/admin.html
- client/views/admin/adminFlex.html 26 additions, 15 deletionsclient/views/admin/adminFlex.html
- client/views/admin/adminStatistics.coffee 0 additions, 2 deletionsclient/views/admin/adminStatistics.coffee
- client/views/admin/adminStatistics.html 1 addition, 1 deletionclient/views/admin/adminStatistics.html
- client/views/admin/rooms/adminRoomInfo.coffee 3 additions, 0 deletionsclient/views/admin/rooms/adminRoomInfo.coffee
- client/views/admin/rooms/adminRoomInfo.html 18 additions, 12 deletionsclient/views/admin/rooms/adminRoomInfo.html
- client/views/admin/rooms/adminRooms.coffee 0 additions, 2 deletionsclient/views/admin/rooms/adminRooms.coffee
- client/views/admin/rooms/adminRooms.html 1 addition, 1 deletionclient/views/admin/rooms/adminRooms.html
- client/views/admin/users/adminUserChannels.html 7 additions, 3 deletionsclient/views/admin/users/adminUserChannels.html
- client/views/admin/users/adminUserEdit.html 21 additions, 17 deletionsclient/views/admin/users/adminUserEdit.html
- client/views/admin/users/adminUserInfo.coffee 3 additions, 2 deletionsclient/views/admin/users/adminUserInfo.coffee
- client/views/admin/users/adminUserInfo.html 14 additions, 8 deletionsclient/views/admin/users/adminUserInfo.html
- client/views/admin/users/adminUsers.coffee 0 additions, 2 deletionsclient/views/admin/users/adminUsers.coffee
Loading
Please register or sign in to comment