removed almost every hasPermission with fibers

RocketChat · Mar 21, 2023 · 7898889 · 7898889
1 parent 2c62f36
commit 7898889
Show file tree

Hide file tree

Showing 160 changed files with 592 additions and 534 deletions.
diff --git a/apps/meteor/app/api/server/api.js b/apps/meteor/app/api/server/api.js
@@ -11,7 +11,7 @@ import { Logger } from '../../../server/lib/logger/Logger';
 import { getRestPayload } from '../../../server/lib/logger/logPayloads';
 import { settings } from '../../settings/server';
 import { metrics } from '../../metrics/server';
-import { hasPermission } from '../../authorization/server';
+import { hasPermissionAsync } from '../../authorization/server';
 import { getDefaultUserFields } from '../../utils/server/functions/getDefaultUserFields';
 import { checkCodeForUser } from '../../2fa/server/code';
 import { checkPermissionsForInvocation, checkPermissions } from './api.helpers';
@@ -218,7 +218,7 @@ export class APIClass extends Restivus {
 			rateLimiterDictionary.hasOwnProperty(route) &&
 			settings.get('API_Enable_Rate_Limiter') === true &&
 			(process.env.NODE_ENV !== 'development' || settings.get('API_Enable_Rate_Limiter_Dev') === true) &&
-			!(userId && hasPermission(userId, 'api-bypass-rate-limit'))
+			!(userId && Promise.await(hasPermissionAsync(userId, 'api-bypass-rate-limit')))
 		);
 	}
 

diff --git a/apps/meteor/app/api/server/v1/channels.ts b/apps/meteor/app/api/server/v1/channels.ts
@@ -22,7 +22,7 @@ import { Integrations, Messages, Rooms, Subscriptions, Uploads } from '@rocket.c
 import { Team } from '@rocket.chat/core-services';
 
 import { Messages as MessagesSync, Subscriptions as SubscriptionsSync, Users as UsersSync } from '../../../models/server';
-import { canAccessRoomAsync, hasAtLeastOnePermission, hasPermission } from '../../../authorization/server';
+import { canAccessRoomAsync, hasAtLeastOnePermission, hasPermissionAsync } from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { API } from '../api';
 import { addUserToFileObj } from '../helpers/addUserToFileObj';
@@ -269,12 +269,12 @@ API.v1.addRoute(
 
 			// Special check for the permissions
 			if (
-				(await hasPermission(this.userId, 'view-joined-room')) &&
+				(await hasPermissionAsyncAsync(this.userId, 'view-joined-room')) &&
 				!(await Subscriptions.findOneByRoomIdAndUserId(findResult._id, this.userId, { projection: { _id: 1 } }))
 			) {
 				return API.v1.unauthorized();
 			}
-			if (!(await hasPermission(this.userId, 'view-c-room'))) {
+			if (!(await hasPermissionAsyncAsync(this.userId, 'view-c-room'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -462,7 +462,7 @@ API.v1.addRoute(
 	},
 	{
 		async post() {
-			if (!(await hasPermission(this.userId, 'create-team'))) {
+			if (!(await hasPermissionAsync(this.userId, 'create-team'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -472,7 +472,7 @@ API.v1.addRoute(
 				return API.v1.failure('The parameter "channelId" or "channelName" is required');
 			}
 
-			if (channelId && !(await hasPermission(this.userId, 'edit-room', channelId))) {
+			if (channelId && !(await hasPermissionAsync(this.userId, 'edit-room', channelId))) {
 				return API.v1.unauthorized();
 			}
 
@@ -574,7 +574,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			const access = await hasPermission(this.userId, 'view-room-administration');
+			const access = await hasPermissionAsync(this.userId, 'view-room-administration');
 			const { userId } = this.queryParams;
 			let user = this.userId;
 			let unreads = null;
@@ -623,14 +623,14 @@ API.v1.addRoute(
 	},
 );
 
-function createChannelValidator(params: {
+async function createChannelValidator(params: {
 	user: { value: string };
 	name?: { key: string; value?: string };
 	members?: { key: string; value?: string[] };
 	customFields?: { key: string; value?: string };
 	teams?: { key: string; value?: string[] };
-}): void {
-	if (!hasPermission(params.user.value, 'create-c')) {
+}) {
+	if (!(await hasPermissionAsync(params.user.value, 'create-c'))) {
 		throw new Error('unauthorized');
 	}
 
@@ -717,7 +717,7 @@ API.v1.addRoute(
 			}
 
 			if (bodyParams.teams) {
-				const canSeeAllTeams = await hasPermission(this.userId, 'view-all-teams');
+				const canSeeAllTeams = await hasPermissionAsync(this.userId, 'view-all-teams');
 				const teams = await Team.listByNames(bodyParams.teams, { projection: { _id: 1 } });
 				const teamMembers = [];
 
@@ -883,12 +883,12 @@ API.v1.addRoute(
 		async get() {
 			const { offset, count } = this.getPaginationItems();
 			const { sort, fields, query } = this.parseJsonQuery();
-			const hasPermissionToSeeAllPublicChannels = await hasPermission(this.userId, 'view-c-room');
+			const hasPermissionToSeeAllPublicChannels = await hasPermissionAsync(this.userId, 'view-c-room');
 
 			const ourQuery: Record<string, any> = { ...query, t: 'c' };
 
 			if (!hasPermissionToSeeAllPublicChannels) {
-				if (!(await hasPermission(this.userId, 'view-joined-room'))) {
+				if (!(await hasPermissionAsync(this.userId, 'view-joined-room'))) {
 					return API.v1.unauthorized();
 				}
 				const roomIds = await SubscriptionsSync.findByUserIdAndType(this.userId, 'c', {
@@ -983,7 +983,7 @@ API.v1.addRoute(
 				checkedArchived: false,
 			});
 
-			if (findResult.broadcast && !(await hasPermission(this.userId, 'view-broadcast-member-list', findResult._id))) {
+			if (findResult.broadcast && !(await hasPermissionAsync(this.userId, 'view-broadcast-member-list', findResult._id))) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/apps/meteor/app/api/server/v1/chat.ts b/apps/meteor/app/api/server/v1/chat.ts
@@ -4,7 +4,7 @@ import { Messages, Users, Rooms, Subscriptions } from '@rocket.chat/models';
 import { escapeRegExp } from '@rocket.chat/string-helpers';
 import type { IMessage } from '@rocket.chat/core-typings';
 
-import { canAccessRoomId, roomAccessAttributes, hasPermission } from '../../../authorization/server';
+import { canAccessRoomId, roomAccessAttributes, hasPermissionAsync } from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { API } from '../api';
 import { processWebhookMessage } from '../../../lib/server';
@@ -38,7 +38,11 @@ API.v1.addRoute(
 				return API.v1.failure('The room id provided does not match where the message is from.');
 			}
 
-			if (this.bodyParams.asUser && msg.u._id !== this.userId && !hasPermission(this.userId, 'force-delete-message', msg.rid)) {
+			if (
+				this.bodyParams.asUser &&
+				msg.u._id !== this.userId &&
+				!(await hasPermissionAsync(this.userId, 'force-delete-message', msg.rid))
+			) {
 				return API.v1.failure('Unauthorized. You must have the permission "force-delete-message" to delete other\'s message as them.');
 			}
 

diff --git a/apps/meteor/app/api/server/v1/cloud.ts b/apps/meteor/app/api/server/v1/cloud.ts
@@ -1,7 +1,8 @@
 import { check } from 'meteor/check';
 
 import { API } from '../api';
-import { hasPermission, hasRole } from '../../../authorization/server';
+import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
+import { hasRole } from '../../../authorization/server';
 import { saveRegistrationData } from '../../../cloud/server/functions/saveRegistrationData';
 import { retrieveRegistrationStatus } from '../../../cloud/server/functions/retrieveRegistrationStatus';
 import { startRegisterWorkspaceSetupWizard } from '../../../cloud/server/functions/startRegisterWorkspaceSetupWizard';
@@ -17,7 +18,7 @@ API.v1.addRoute(
 				cloudBlob: String,
 			});
 
-			if (!hasPermission(this.userId, 'register-on-cloud')) {
+			if (!(await hasPermissionAsync(this.userId, 'register-on-cloud'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -46,7 +47,7 @@ API.v1.addRoute(
 				email: String,
 			});
 
-			if (!hasPermission(this.userId, 'manage-cloud')) {
+			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -66,7 +67,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async post() {
-			if (!hasPermission(this.userId, 'manage-cloud')) {
+			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -85,7 +86,7 @@ API.v1.addRoute(
 				deviceCode: String,
 			});
 
-			if (!hasPermission(this.userId, 'manage-cloud')) {
+			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/apps/meteor/app/api/server/v1/groups.ts b/apps/meteor/app/api/server/v1/groups.ts
@@ -7,7 +7,7 @@ import type { Filter } from 'mongodb';
 
 import { Rooms as RoomSync, Users as UsersSync, Messages as MessageSync, Subscriptions as SubscriptionsSync } from '../../../models/server';
 import {
-	hasPermission,
+	hasPermissionAsync,
 	hasAtLeastOnePermission,
 	canAccessRoomAsync,
 	hasAllPermission,
@@ -227,7 +227,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			const access = await hasPermission(this.userId, 'view-room-administration');
+			const access = await hasPermissionAsync(this.userId, 'view-room-administration');
 			const params = this.queryParams;
 			let user = this.userId;
 			let room;
@@ -302,7 +302,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async post() {
-			if (!(await hasPermission(this.userId, 'create-p'))) {
+			if (!(await hasPermissionAsync(this.userId, 'create-p'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -652,7 +652,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			if (!(await hasPermission(this.userId, 'view-room-administration'))) {
+			if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) {
 				return API.v1.unauthorized();
 			}
 			const { offset, count } = this.getPaginationItems();
@@ -688,7 +688,7 @@ API.v1.addRoute(
 				userId: this.userId,
 			});
 
-			if (findResult.broadcast && !(await hasPermission(this.userId, 'view-broadcast-member-list', findResult.rid))) {
+			if (findResult.broadcast && !(await hasPermissionAsync(this.userId, 'view-broadcast-member-list', findResult.rid))) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/apps/meteor/app/api/server/v1/im.ts b/apps/meteor/app/api/server/v1/im.ts
@@ -15,7 +15,7 @@ import { Match, check } from 'meteor/check';
 import { Subscriptions, Uploads, Messages, Rooms, Users } from '@rocket.chat/models';
 
 import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom';
-import { hasPermission } from '../../../authorization/server';
+import { hasPermissionAsync } from '../../../authorization/server';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
 import { API } from '../api';
 import { getRoomByNameOrIdWithOptionToJoin } from '../../../lib/server/functions/getRoomByNameOrIdWithOptionToJoin';
@@ -92,7 +92,8 @@ API.v1.addRoute(
 		async post() {
 			const { room } = await findDirectMessageRoom(this.bodyParams, this.userId);
 
-			const canAccess = (await canAccessRoomIdAsync(room._id, this.userId)) || hasPermission(this.userId, 'view-room-administration');
+			const canAccess =
+				(await canAccessRoomIdAsync(room._id, this.userId)) || (await hasPermissionAsync(this.userId, 'view-room-administration'));
 			if (!canAccess) {
 				throw new Meteor.Error('error-not-allowed', 'Not allowed');
 			}
@@ -137,7 +138,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			const access = hasPermission(this.userId, 'view-room-administration');
+			const access = await hasPermissionAsync(this.userId, 'view-room-administration');
 			const { roomId, userId: ruserId } = this.requestParams();
 			if (!roomId) {
 				throw new Meteor.Error('error-room-param-not-provided', 'Query param "roomId" is required');
@@ -379,7 +380,7 @@ API.v1.addRoute(
 				});
 			}
 
-			if (!hasPermission(this.userId, 'view-room-administration')) {
+			if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) {
 				return API.v1.unauthorized();
 			}
 
@@ -461,7 +462,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			if (!hasPermission(this.userId, 'view-room-administration')) {
+			if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/apps/meteor/app/api/server/v1/instances.ts b/apps/meteor/app/api/server/v1/instances.ts
@@ -1,7 +1,7 @@
 import { InstanceStatus } from '@rocket.chat/models';
 
 import { Instance as InstanceService } from '../../../../ee/server/sdk';
-import { hasPermission } from '../../../authorization/server';
+import { hasPermissionAsync } from '../../../authorization/server';
 import { API } from '../api';
 import { isRunningMs } from '../../../../server/lib/isRunningMs';
 
@@ -18,7 +18,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async get() {
-			if (!hasPermission(this.userId, 'view-statistics')) {
+			if (!(await hasPermissionAsync(this.userId, 'view-statistics'))) {
 				return API.v1.unauthorized();
 			}
 

diff --git a/apps/meteor/app/api/server/v1/integrations.ts b/apps/meteor/app/api/server/v1/integrations.ts
@@ -54,7 +54,7 @@ API.v1.addRoute(
 			const { id } = queryParams;
 			const { offset, count } = this.getPaginationItems();
 			const { sort, fields: projection, query } = this.parseJsonQuery();
-			const ourQuery = Object.assign(mountIntegrationHistoryQueryBasedOnPermissions(userId, id), query);
+			const ourQuery = Object.assign(await mountIntegrationHistoryQueryBasedOnPermissions(userId, id), query);
 
 			const { cursor, totalCount } = IntegrationHistory.findPaginated(ourQuery, {
 				sort: sort || { _updatedAt: -1 },

diff --git a/apps/meteor/app/api/server/v1/ldap.ts b/apps/meteor/app/api/server/v1/ldap.ts
@@ -1,7 +1,7 @@
 import { Match, check } from 'meteor/check';
 import { LDAP } from '@rocket.chat/core-services';
 
-import { hasPermission } from '../../../authorization/server';
+import { hasPermissionAsync } from '../../../authorization/server';
 import { settings } from '../../../settings/server';
 import { API } from '../api';
 import { SystemLogger } from '../../../../server/lib/logger/system';
@@ -15,7 +15,7 @@ API.v1.addRoute(
 				throw new Error('error-invalid-user');
 			}
 
-			if (!hasPermission(this.userId, 'test-admin-options')) {
+			if (!(await hasPermissionAsync(this.userId, 'test-admin-options'))) {
 				throw new Error('error-not-authorized');
 			}
 
@@ -53,7 +53,7 @@ API.v1.addRoute(
 				throw new Error('error-invalid-user');
 			}
 
-			if (!hasPermission(this.userId, 'test-admin-options')) {
+			if (!(await hasPermissionAsync(this.userId, 'test-admin-options'))) {
 				throw new Error('error-not-authorized');
 			}
 

diff --git a/apps/meteor/app/api/server/v1/mailer.ts b/apps/meteor/app/api/server/v1/mailer.ts
@@ -1,7 +1,7 @@
 import { isMailerProps, isMailerUnsubscribeProps } from '@rocket.chat/rest-typings';
 
 import { API } from '../api';
-import { hasPermission } from '../../../authorization/server/functions/hasPermission';
+import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 
 API.v1.addRoute(
 	'mailer',
@@ -11,7 +11,7 @@ API.v1.addRoute(
 	},
 	{
 		async post() {
-			if (!hasPermission(this.userId, 'send-mail')) {
+			if (!(await hasPermissionAsync(this.userId, 'send-mail'))) {
 				throw new Error('error-not-allowed');
 			}
 

diff --git a/apps/meteor/app/api/server/v1/misc.ts b/apps/meteor/app/api/server/v1/misc.ts
@@ -18,7 +18,7 @@ import {
 import type { IUser } from '@rocket.chat/core-typings';
 import { Users as UsersRaw } from '@rocket.chat/models';
 
-import { hasPermission } from '../../../authorization/server';
+import { hasPermissionAsync } from '../../../authorization/server';
 import { Users } from '../../../models/server';
 import { settings } from '../../../settings/server';
 import { API } from '../api';
@@ -464,8 +464,8 @@ API.v1.addRoute(
 	'stdout.queue',
 	{ authRequired: true },
 	{
-		get() {
-			if (!hasPermission(this.userId, 'view-logs')) {
+		async get() {
+			if (!(await hasPermissionAsync(this.userId, 'view-logs'))) {
 				return API.v1.unauthorized();
 			}
 			return API.v1.success({ queue: getLogs() });

diff --git a/apps/meteor/app/api/server/v1/permissions.ts b/apps/meteor/app/api/server/v1/permissions.ts
@@ -3,7 +3,7 @@ import type { IPermission } from '@rocket.chat/core-typings';
 import { isBodyParamsValidPermissionUpdate } from '@rocket.chat/rest-typings';
 import { Permissions, Roles } from '@rocket.chat/models';
 
-import { hasPermission } from '../../../authorization/server';
+import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission';
 import { API } from '../api';
 
 API.v1.addRoute(
@@ -43,7 +43,7 @@ API.v1.addRoute(
 	{ authRequired: true },
 	{
 		async post() {
-			if (!hasPermission(this.userId, 'access-permissions')) {
+			if (!(await hasPermissionAsync(this.userId, 'access-permissions'))) {
 				return API.v1.failure('Editing permissions is not allowed', 'error-edit-permissions-not-allowed');
 			}