diff --git a/packages/rocketchat-authorization/client/views/permissions.coffee b/packages/rocketchat-authorization/client/views/permissions.coffee
index 8d4d7dcbbe8f0b8fb1ab2ee2b0e34d8424e6abe4..f8420e316e98eb2c0d6cedc8ed7fe9e24ef4b14d 100644
--- a/packages/rocketchat-authorization/client/views/permissions.coffee
+++ b/packages/rocketchat-authorization/client/views/permissions.coffee
@@ -10,6 +10,9 @@ Template.permissions.helpers
if roles?
return 'checked' if roles.indexOf(@name) isnt -1
+ hasPermission: ->
+ return RocketChat.authz.hasAllPermission 'access-rocket-permissions'
+
Template.permissions.events
'click .role-permission': (e, instance) ->
permission = e.currentTarget.getAttribute('data-permission')
diff --git a/packages/rocketchat-authorization/client/views/permissions.html b/packages/rocketchat-authorization/client/views/permissions.html
index 0115efefdb66a7ccfb9a02116641a16d8b1e1f7e..ad9bc027f650b66044cc35219bcbabb86cc0c110 100644
--- a/packages/rocketchat-authorization/client/views/permissions.html
+++ b/packages/rocketchat-authorization/client/views/permissions.html
@@ -1,24 +1,28 @@
<template name="permissions">
- <h1>{{_ "Permissions"}}</h1>
+ {{#if hasPermission}}
+ <h1>{{_ "Permissions"}}</h1>
- <a href="{{pathFor "rocket-permissions-new"}}" class="button primary new-role">{{_ "New_role"}}</a>
+ <a href="{{pathFor "rocket-permissions-new"}}" class="button primary new-role">{{_ "New_role"}}</a>
- <table border="1">
- <tr>
- <td> </td>
- {{#each role}}
- <td title="{{description}}"><a href="{{pathFor "rocket-permissions-edit" name=name}}">{{name}}</a></td>
- {{/each}}
- </tr>
- {{#each permission}}
+ <table border="1">
<tr>
- <td>{{_id}}</td>
+ <td> </td>
{{#each role}}
- <td>
- <input type="checkbox" name="perm[{{_id}}][{{../_id}}]" class="role-permission" value="1" checked="{{granted ../roles ../_id}}" data-role="{{name}}" data-permission="{{../_id}}">
- </td>
+ <td title="{{description}}"><a href="{{pathFor "rocket-permissions-edit" name=name}}">{{name}}</a></td>
{{/each}}
</tr>
- {{/each}}
- </table>
+ {{#each permission}}
+ <tr>
+ <td>{{_id}}</td>
+ {{#each role}}
+ <td>
+ <input type="checkbox" name="perm[{{_id}}][{{../_id}}]" class="role-permission" value="1" checked="{{granted ../roles ../_id}}" data-role="{{name}}" data-permission="{{../_id}}">
+ </td>
+ {{/each}}
+ </tr>
+ {{/each}}
+ </table>
+ {{else}}
+ {{_ "Not_authorized"}}
+ {{/if}}
</template>
diff --git a/packages/rocketchat-authorization/client/views/permissionsRole.coffee b/packages/rocketchat-authorization/client/views/permissionsRole.coffee
index c079659410f43cb6f01e8c3ccf33d1afd90f635e..590b2cf58f3b1d3867b3b8c7263961ff1a0be1a5 100644
--- a/packages/rocketchat-authorization/client/views/permissionsRole.coffee
+++ b/packages/rocketchat-authorization/client/views/permissionsRole.coffee
@@ -14,6 +14,9 @@ Template.permissionsRole.helpers
if @emails?.length > 0
return @emails[0].address
+ hasPermission: ->
+ return RocketChat.authz.hasAllPermission 'access-rocket-permissions'
+
Template.permissionsRole.events
'click .remove-user': (e, instance) ->
diff --git a/packages/rocketchat-authorization/client/views/permissionsRole.html b/packages/rocketchat-authorization/client/views/permissionsRole.html
index 1fb609282d9b597b700a052d751dac6bfb6cc124..5677bff22b20c2a4d87da32676c52536e72289ca 100644
--- a/packages/rocketchat-authorization/client/views/permissionsRole.html
+++ b/packages/rocketchat-authorization/client/views/permissionsRole.html
@@ -1,61 +1,65 @@
<template name="permissionsRole">
- <a href="{{pathFor "rocket-permissions"}}">{{_ "Back_to_permissions"}}</a><br><br>
+ {{#if hasPermission}}
+ <a href="{{pathFor "rocket-permissions"}}">{{_ "Back_to_permissions"}}</a><br><br>
- {{#with role}}
- <form id="form-role" class="inline">
- <label>{{_ "Role"}}</label>:
- {{#if editing}}
- <span>{{name}}</span>
- {{else}}
- <input type="text" name="name" value="">
- {{/if}}
- <br>
- <label>{{_ "Description"}}</label>:
- <input type="text" name="description" value="{{description}}">
- <br>
+ {{#with role}}
+ <form id="form-role" class="inline">
+ <label>{{_ "Role"}}</label>:
+ {{#if editing}}
+ <span>{{name}}</span>
+ {{else}}
+ <input type="text" name="name" value="">
+ {{/if}}
+ <br>
+ <label>{{_ "Description"}}</label>:
+ <input type="text" name="description" value="{{description}}">
+ <br>
- <button name="save" class="button primary">{{_ "Save"}}</button>
+ <button name="save" class="button primary">{{_ "Save"}}</button>
- {{#unless protected}}
- <button name="delete" class="button red delete-role">{{_ "Delete"}}</button>
- {{/unless}}
- </form>
- {{/with}}
+ {{#unless protected}}
+ <button name="delete" class="button red delete-role">{{_ "Delete"}}</button>
+ {{/unless}}
+ </form>
+ {{/with}}
- {{#if editing}}
- <h2>{{_ "Users_in_role"}}</h2>
- <form id="form-users" class="inline">
- <label>{{_ "Add_user"}}</label>
- <input type="text" name="username" placeholder="{{_ "Enter_a_username"}}">
- <button name="add" class="button primary">{{_ "Add"}}</button>
- </form>
- <div class="list">
- <table>
- <thead>
- <tr>
- <th> </th>
- <th width="34%">{{_ "Name"}}</th>
- <th width="33%">{{_ "Username"}}</th>
- <th width="33%">{{_ "E-mail"}}</th>
- <th> </th>
- </tr>
- </thead>
- <tbody>
- {{#each userInRole}}
- <tr class="user-info" data-id="{{_id}}">
- <td>
- <div class="user-image status-{{status}}">
- {{> avatar username=username}}
- </div>
- </td>
- <td>{{name}}</td>
- <td>{{username}}</td>
- <td>{{emailAddress}}</td>
- <td><a href="#remove" class="remove-user"><i class="icon-block"></i></a></td>
+ {{#if editing}}
+ <h2>{{_ "Users_in_role"}}</h2>
+ <form id="form-users" class="inline">
+ <label>{{_ "Add_user"}}</label>
+ <input type="text" name="username" placeholder="{{_ "Enter_a_username"}}">
+ <button name="add" class="button primary">{{_ "Add"}}</button>
+ </form>
+ <div class="list">
+ <table>
+ <thead>
+ <tr>
+ <th> </th>
+ <th width="34%">{{_ "Name"}}</th>
+ <th width="33%">{{_ "Username"}}</th>
+ <th width="33%">{{_ "E-mail"}}</th>
+ <th> </th>
</tr>
- {{/each}}
- </tbody>
- </table>
- </div>
+ </thead>
+ <tbody>
+ {{#each userInRole}}
+ <tr class="user-info" data-id="{{_id}}">
+ <td>
+ <div class="user-image status-{{status}}">
+ {{> avatar username=username}}
+ </div>
+ </td>
+ <td>{{name}}</td>
+ <td>{{username}}</td>
+ <td>{{emailAddress}}</td>
+ <td><a href="#remove" class="remove-user"><i class="icon-block"></i></a></td>
+ </tr>
+ {{/each}}
+ </tbody>
+ </table>
+ </div>
+ {{/if}}
+ {{else}}
+ {{_ "Not_authorized"}}
{{/if}}
</template>
diff --git a/packages/rocketchat-authorization/server/methods/addPermissionToRole.coffee b/packages/rocketchat-authorization/server/methods/addPermissionToRole.coffee
index db3901161a47551853096e8f5e0428e1fc9bc32c..693a1b3e4201ab8c234b92dba3866c32fe80123f 100644
--- a/packages/rocketchat-authorization/server/methods/addPermissionToRole.coffee
+++ b/packages/rocketchat-authorization/server/methods/addPermissionToRole.coffee
@@ -1,5 +1,8 @@
Meteor.methods
'authorization:addPermissionToRole': (permission, role) ->
- # @TODO permission check
+ if not Meteor.userId() or not RocketChat.authz.hasPermission Meteor.userId(), 'access-rocket-permissions'
+ throw new Meteor.Error "not-authorized"
+
+ console.log '[methods] authorization:addPermissionToRole -> '.green, 'arguments:', arguments
RocketChat.models.Permissions.addRole permission, role
diff --git a/packages/rocketchat-authorization/server/methods/removeRoleFromPermission.coffee b/packages/rocketchat-authorization/server/methods/removeRoleFromPermission.coffee
index 3289eb28f5d95bcfb0eca557543157858157a468..8acad5b971a43f2069a52652118ee5426f1c87f2 100644
--- a/packages/rocketchat-authorization/server/methods/removeRoleFromPermission.coffee
+++ b/packages/rocketchat-authorization/server/methods/removeRoleFromPermission.coffee
@@ -1,5 +1,8 @@
Meteor.methods
'authorization:removeRoleFromPermission': (permission, role) ->
- # @TODO permission check
+ if not Meteor.userId() or not RocketChat.authz.hasPermission Meteor.userId(), 'access-rocket-permissions'
+ throw new Meteor.Error "not-authorized"
+
+ console.log '[methods] authorization:removeRoleFromPermission -> '.green, 'arguments:', arguments
RocketChat.models.Permissions.removeRole permission, role