From 7898889d2fcfc4da4caea5652efe0d49017e9285 Mon Sep 17 00:00:00 2001 From: Guilherme Gazzo Date: Mon, 20 Mar 2023 22:16:01 -0300 Subject: [PATCH] removed almost every hasPermission with fibers --- apps/meteor/app/api/server/api.js | 4 +- apps/meteor/app/api/server/v1/channels.ts | 26 +++++------ apps/meteor/app/api/server/v1/chat.ts | 8 +++- apps/meteor/app/api/server/v1/cloud.ts | 11 ++--- apps/meteor/app/api/server/v1/groups.ts | 10 ++--- apps/meteor/app/api/server/v1/im.ts | 11 ++--- apps/meteor/app/api/server/v1/instances.ts | 4 +- apps/meteor/app/api/server/v1/integrations.ts | 2 +- apps/meteor/app/api/server/v1/ldap.ts | 6 +-- apps/meteor/app/api/server/v1/mailer.ts | 4 +- apps/meteor/app/api/server/v1/misc.ts | 6 +-- apps/meteor/app/api/server/v1/permissions.ts | 4 +- apps/meteor/app/api/server/v1/rooms.ts | 4 +- apps/meteor/app/api/server/v1/settings.ts | 8 ++-- apps/meteor/app/api/server/v1/teams.ts | 35 +++++++-------- apps/meteor/app/api/server/v1/users.ts | 43 +++++++++++-------- apps/meteor/app/api/server/v1/voip/rooms.ts | 7 +-- apps/meteor/app/assets/server/assets.ts | 14 +++--- .../server/methods/addPermissionToRole.ts | 6 +-- .../server/methods/addUserToRole.ts | 6 +-- .../server/methods/deleteRole.ts | 4 +- .../methods/removeRoleFromPermission.ts | 6 +-- .../server/methods/removeUserFromRole.ts | 4 +- .../server/methods/getSupportedLanguages.ts | 4 +- .../server/methods/saveSettings.ts | 4 +- .../server/methods/saveRoomSettings.ts | 30 ++++++------- apps/meteor/app/cloud/server/methods.ts | 24 +++++------ apps/meteor/app/crowd/server/crowd.js | 8 ++-- .../server/methods/deleteCustomSound.ts | 4 +- .../server/methods/insertOrUpdateSound.ts | 4 +- .../server/methods/uploadCustomSound.ts | 4 +- .../server/methods/deleteEmojiCustom.js | 4 +- .../server/methods/insertOrUpdateEmoji.js | 4 +- .../server/methods/uploadEmojiCustom.js | 4 +- .../app/file-upload/lib/FileUploadBase.js | 10 +++-- .../app/file-upload/server/lib/FileUpload.js | 10 ++--- .../methods/downloadPublicImportFile.ts | 6 +-- .../server/methods/getImportFileData.ts | 4 +- .../server/methods/getImportProgress.ts | 6 +-- .../methods/getLatestImportOperations.ts | 6 +-- .../importer/server/methods/startImport.ts | 6 +-- .../server/methods/uploadImportFile.ts | 6 +-- .../lib/mountQueriesBasedOnPermission.js | 16 +++---- .../server/methods/clearIntegrationHistory.ts | 6 +-- .../incoming/addIncomingIntegration.ts | 8 +++- .../incoming/deleteIncomingIntegration.ts | 6 +-- .../incoming/updateIncomingIntegration.js | 6 +-- .../outgoing/addOutgoingIntegration.ts | 14 +++--- .../outgoing/deleteOutgoingIntegration.ts | 6 +-- .../outgoing/replayOutgoingIntegration.ts | 6 +-- .../outgoing/updateOutgoingIntegration.js | 6 +-- .../server/functions/findOrCreateInvite.js | 4 +- .../invites/server/functions/listInvites.js | 4 +- .../invites/server/functions/removeInvite.js | 4 +- .../server/functions/sendInvitationEmail.ts | 4 +- .../lib/server/functions/getFullUserData.ts | 4 +- apps/meteor/app/lib/server/functions/index.ts | 1 - .../app/lib/server/functions/saveUser.js | 3 +- .../server/lib/sendNotificationsOnMessage.js | 4 +- .../app/lib/server/methods/addOAuthService.ts | 6 +-- .../app/lib/server/methods/addUsersToRoom.js | 8 ++-- .../app/lib/server/methods/archiveRoom.ts | 6 +-- .../lib/server/methods/cleanRoomHistory.js | 6 +-- .../app/lib/server/methods/createChannel.ts | 6 +-- .../lib/server/methods/createPrivateGroup.js | 4 +- .../app/lib/server/methods/createToken.ts | 6 +-- .../app/lib/server/methods/filterATAllTag.js | 9 ++-- .../app/lib/server/methods/filterATHereTag.js | 9 ++-- .../lib/server/methods/getChannelHistory.ts | 5 ++- .../app/lib/server/methods/getRoomJoinCode.ts | 6 +-- .../meteor/app/lib/server/methods/joinRoom.ts | 5 ++- .../app/lib/server/methods/leaveRoom.ts | 8 +++- .../lib/server/methods/refreshOAuthService.ts | 4 +- .../lib/server/methods/removeOAuthService.ts | 4 +- .../app/lib/server/methods/restartServer.ts | 6 +-- .../app/lib/server/methods/saveSetting.js | 4 +- .../app/lib/server/methods/saveSettings.ts | 8 ++-- .../app/lib/server/methods/setAdminStatus.ts | 6 +-- .../app/lib/server/methods/unarchiveRoom.ts | 6 +-- .../app/lib/server/methods/updateMessage.ts | 9 ++-- .../imports/server/rest/departments.ts | 6 +-- .../app/livechat/imports/server/rest/rooms.ts | 7 +-- .../meteor/app/livechat/server/api/v1/room.ts | 9 ++-- .../app/livechat/server/lib/Livechat.js | 15 ++++--- .../app/livechat/server/methods/addAgent.js | 6 +-- .../app/livechat/server/methods/addManager.js | 6 +-- .../server/methods/changeLivechatStatus.ts | 6 +-- .../server/methods/getAgentOverviewData.js | 6 +-- .../server/methods/getAnalyticsChartData.js | 6 +-- .../methods/getAnalyticsOverviewData.js | 6 +-- .../server/methods/getFirstRoomMessage.js | 4 +- .../livechat/server/methods/removeAgent.js | 6 +-- .../server/methods/removeCustomField.js | 4 +- .../server/methods/removeDepartment.js | 6 +-- .../livechat/server/methods/removeManager.js | 6 +-- .../livechat/server/methods/removeTrigger.js | 4 +- .../server/methods/returnAsInquiry.js | 6 +-- .../livechat/server/methods/saveAgentInfo.ts | 7 +-- .../livechat/server/methods/saveAppearance.ts | 4 +- .../server/methods/saveCustomField.js | 4 +- .../livechat/server/methods/saveDepartment.js | 4 +- .../server/methods/saveDepartmentAgents.js | 6 +-- .../app/livechat/server/methods/saveInfo.js | 6 +-- .../server/methods/saveIntegration.ts | 4 +- .../livechat/server/methods/saveTrigger.js | 4 +- .../livechat/server/methods/searchAgent.js | 6 +-- .../livechat/server/methods/sendTranscript.js | 6 +-- .../livechat/server/methods/takeInquiry.ts | 4 +- .../app/livechat/server/methods/transfer.js | 6 +-- apps/meteor/app/livechat/server/startup.ts | 6 +-- .../mail-messages/server/methods/sendMail.ts | 6 +-- .../app/message-pin/server/pinMessage.ts | 9 ++-- .../server/admin/functions/addOAuthApp.ts | 4 +- .../server/admin/methods/deleteOAuthApp.ts | 4 +- .../server/admin/methods/updateOAuthApp.ts | 4 +- .../app/reactions/server/setReaction.ts | 5 ++- .../server/cronPruneMessages.ts | 42 ++++++++++-------- .../slackbridge/server/removeChannelLinks.js | 6 +-- .../server/methods/deleteCustomUserStatus.ts | 4 +- .../methods/insertOrUpdateUserStatus.js | 4 +- .../server/methods/removeCannedResponse.ts | 6 +-- .../server/methods/saveCannedResponse.js | 10 ++--- .../livechat-enterprise/server/api/rooms.ts | 4 +- .../server/methods/addMonitor.js | 6 +-- .../server/methods/removeBusinessHour.ts | 6 +-- .../server/methods/removeMonitor.js | 6 +-- .../server/methods/removeTag.js | 6 +-- .../server/methods/removeUnit.js | 6 +-- .../server/methods/saveTag.js | 6 +-- .../server/methods/saveUnit.js | 6 +-- apps/meteor/ee/server/api/ldap.ts | 4 +- apps/meteor/ee/server/api/licenses.ts | 6 +-- apps/meteor/ee/server/lib/audit/methods.ts | 14 +++--- .../server/api/methods/generateToken.js | 6 +-- .../server/api/methods/regenerateToken.js | 6 +-- .../server/api/methods/removeToken.js | 6 +-- apps/meteor/server/lib/pushConfig.ts | 6 +-- apps/meteor/server/lib/spotlight.js | 5 ++- .../meteor/server/methods/addAllUserToRoom.js | 6 +-- apps/meteor/server/methods/addRoomLeader.js | 6 +-- .../meteor/server/methods/addRoomModerator.js | 4 +- apps/meteor/server/methods/addRoomOwner.js | 6 +-- apps/meteor/server/methods/browseChannels.js | 8 ++-- apps/meteor/server/methods/channelsList.js | 10 ++--- .../server/methods/createDirectMessage.ts | 10 ++--- apps/meteor/server/methods/deleteUser.js | 4 +- apps/meteor/server/methods/getRoomNameById.js | 4 +- apps/meteor/server/methods/getUsersOfRoom.js | 5 ++- apps/meteor/server/methods/loadHistory.ts | 5 ++- apps/meteor/server/methods/muteUserInRoom.js | 6 +-- .../meteor/server/methods/removeRoomLeader.js | 6 +-- .../server/methods/removeRoomModerator.js | 6 +-- apps/meteor/server/methods/removeRoomOwner.ts | 5 ++- .../server/methods/removeUserFromRoom.ts | 5 ++- apps/meteor/server/methods/resetAvatar.js | 4 +- .../server/methods/setAvatarFromService.js | 6 +-- .../server/methods/setUserActiveStatus.ts | 4 +- .../meteor/server/methods/unmuteUserInRoom.js | 6 +-- apps/meteor/server/publications/room/index.ts | 5 ++- .../server/publications/settings/index.ts | 12 +++--- 160 files changed, 592 insertions(+), 534 deletions(-) diff --git a/apps/meteor/app/api/server/api.js b/apps/meteor/app/api/server/api.js index 021157b8ca3fe..edaf4ce84575e 100644 --- a/apps/meteor/app/api/server/api.js +++ b/apps/meteor/app/api/server/api.js @@ -11,7 +11,7 @@ import { Logger } from '../../../server/lib/logger/Logger'; import { getRestPayload } from '../../../server/lib/logger/logPayloads'; import { settings } from '../../settings/server'; import { metrics } from '../../metrics/server'; -import { hasPermission } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server'; import { getDefaultUserFields } from '../../utils/server/functions/getDefaultUserFields'; import { checkCodeForUser } from '../../2fa/server/code'; import { checkPermissionsForInvocation, checkPermissions } from './api.helpers'; @@ -218,7 +218,7 @@ export class APIClass extends Restivus { rateLimiterDictionary.hasOwnProperty(route) && settings.get('API_Enable_Rate_Limiter') === true && (process.env.NODE_ENV !== 'development' || settings.get('API_Enable_Rate_Limiter_Dev') === true) && - !(userId && hasPermission(userId, 'api-bypass-rate-limit')) + !(userId && Promise.await(hasPermissionAsync(userId, 'api-bypass-rate-limit'))) ); } diff --git a/apps/meteor/app/api/server/v1/channels.ts b/apps/meteor/app/api/server/v1/channels.ts index b042e2f5a711f..f10393eeebc72 100644 --- a/apps/meteor/app/api/server/v1/channels.ts +++ b/apps/meteor/app/api/server/v1/channels.ts @@ -22,7 +22,7 @@ import { Integrations, Messages, Rooms, Subscriptions, Uploads } from '@rocket.c import { Team } from '@rocket.chat/core-services'; import { Messages as MessagesSync, Subscriptions as SubscriptionsSync, Users as UsersSync } from '../../../models/server'; -import { canAccessRoomAsync, hasAtLeastOnePermission, hasPermission } from '../../../authorization/server'; +import { canAccessRoomAsync, hasAtLeastOnePermission, hasPermissionAsync } from '../../../authorization/server'; import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser'; import { API } from '../api'; import { addUserToFileObj } from '../helpers/addUserToFileObj'; @@ -269,12 +269,12 @@ API.v1.addRoute( // Special check for the permissions if ( - (await hasPermission(this.userId, 'view-joined-room')) && + (await hasPermissionAsyncAsync(this.userId, 'view-joined-room')) && !(await Subscriptions.findOneByRoomIdAndUserId(findResult._id, this.userId, { projection: { _id: 1 } })) ) { return API.v1.unauthorized(); } - if (!(await hasPermission(this.userId, 'view-c-room'))) { + if (!(await hasPermissionAsyncAsync(this.userId, 'view-c-room'))) { return API.v1.unauthorized(); } @@ -462,7 +462,7 @@ API.v1.addRoute( }, { async post() { - if (!(await hasPermission(this.userId, 'create-team'))) { + if (!(await hasPermissionAsync(this.userId, 'create-team'))) { return API.v1.unauthorized(); } @@ -472,7 +472,7 @@ API.v1.addRoute( return API.v1.failure('The parameter "channelId" or "channelName" is required'); } - if (channelId && !(await hasPermission(this.userId, 'edit-room', channelId))) { + if (channelId && !(await hasPermissionAsync(this.userId, 'edit-room', channelId))) { return API.v1.unauthorized(); } @@ -574,7 +574,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - const access = await hasPermission(this.userId, 'view-room-administration'); + const access = await hasPermissionAsync(this.userId, 'view-room-administration'); const { userId } = this.queryParams; let user = this.userId; let unreads = null; @@ -623,14 +623,14 @@ API.v1.addRoute( }, ); -function createChannelValidator(params: { +async function createChannelValidator(params: { user: { value: string }; name?: { key: string; value?: string }; members?: { key: string; value?: string[] }; customFields?: { key: string; value?: string }; teams?: { key: string; value?: string[] }; -}): void { - if (!hasPermission(params.user.value, 'create-c')) { +}) { + if (!(await hasPermissionAsync(params.user.value, 'create-c'))) { throw new Error('unauthorized'); } @@ -717,7 +717,7 @@ API.v1.addRoute( } if (bodyParams.teams) { - const canSeeAllTeams = await hasPermission(this.userId, 'view-all-teams'); + const canSeeAllTeams = await hasPermissionAsync(this.userId, 'view-all-teams'); const teams = await Team.listByNames(bodyParams.teams, { projection: { _id: 1 } }); const teamMembers = []; @@ -883,12 +883,12 @@ API.v1.addRoute( async get() { const { offset, count } = this.getPaginationItems(); const { sort, fields, query } = this.parseJsonQuery(); - const hasPermissionToSeeAllPublicChannels = await hasPermission(this.userId, 'view-c-room'); + const hasPermissionToSeeAllPublicChannels = await hasPermissionAsync(this.userId, 'view-c-room'); const ourQuery: Record = { ...query, t: 'c' }; if (!hasPermissionToSeeAllPublicChannels) { - if (!(await hasPermission(this.userId, 'view-joined-room'))) { + if (!(await hasPermissionAsync(this.userId, 'view-joined-room'))) { return API.v1.unauthorized(); } const roomIds = await SubscriptionsSync.findByUserIdAndType(this.userId, 'c', { @@ -983,7 +983,7 @@ API.v1.addRoute( checkedArchived: false, }); - if (findResult.broadcast && !(await hasPermission(this.userId, 'view-broadcast-member-list', findResult._id))) { + if (findResult.broadcast && !(await hasPermissionAsync(this.userId, 'view-broadcast-member-list', findResult._id))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/chat.ts b/apps/meteor/app/api/server/v1/chat.ts index f72bc7d2961b9..fd385769f307a 100644 --- a/apps/meteor/app/api/server/v1/chat.ts +++ b/apps/meteor/app/api/server/v1/chat.ts @@ -4,7 +4,7 @@ import { Messages, Users, Rooms, Subscriptions } from '@rocket.chat/models'; import { escapeRegExp } from '@rocket.chat/string-helpers'; import type { IMessage } from '@rocket.chat/core-typings'; -import { canAccessRoomId, roomAccessAttributes, hasPermission } from '../../../authorization/server'; +import { canAccessRoomId, roomAccessAttributes, hasPermissionAsync } from '../../../authorization/server'; import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser'; import { API } from '../api'; import { processWebhookMessage } from '../../../lib/server'; @@ -38,7 +38,11 @@ API.v1.addRoute( return API.v1.failure('The room id provided does not match where the message is from.'); } - if (this.bodyParams.asUser && msg.u._id !== this.userId && !hasPermission(this.userId, 'force-delete-message', msg.rid)) { + if ( + this.bodyParams.asUser && + msg.u._id !== this.userId && + !(await hasPermissionAsync(this.userId, 'force-delete-message', msg.rid)) + ) { return API.v1.failure('Unauthorized. You must have the permission "force-delete-message" to delete other\'s message as them.'); } diff --git a/apps/meteor/app/api/server/v1/cloud.ts b/apps/meteor/app/api/server/v1/cloud.ts index d70385bd35335..17e9f34b2bb69 100644 --- a/apps/meteor/app/api/server/v1/cloud.ts +++ b/apps/meteor/app/api/server/v1/cloud.ts @@ -1,7 +1,8 @@ import { check } from 'meteor/check'; import { API } from '../api'; -import { hasPermission, hasRole } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; +import { hasRole } from '../../../authorization/server'; import { saveRegistrationData } from '../../../cloud/server/functions/saveRegistrationData'; import { retrieveRegistrationStatus } from '../../../cloud/server/functions/retrieveRegistrationStatus'; import { startRegisterWorkspaceSetupWizard } from '../../../cloud/server/functions/startRegisterWorkspaceSetupWizard'; @@ -17,7 +18,7 @@ API.v1.addRoute( cloudBlob: String, }); - if (!hasPermission(this.userId, 'register-on-cloud')) { + if (!(await hasPermissionAsync(this.userId, 'register-on-cloud'))) { return API.v1.unauthorized(); } @@ -46,7 +47,7 @@ API.v1.addRoute( email: String, }); - if (!hasPermission(this.userId, 'manage-cloud')) { + if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) { return API.v1.unauthorized(); } @@ -66,7 +67,7 @@ API.v1.addRoute( { authRequired: true }, { async post() { - if (!hasPermission(this.userId, 'manage-cloud')) { + if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) { return API.v1.unauthorized(); } @@ -85,7 +86,7 @@ API.v1.addRoute( deviceCode: String, }); - if (!hasPermission(this.userId, 'manage-cloud')) { + if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/groups.ts b/apps/meteor/app/api/server/v1/groups.ts index 38dcb04dc91e4..fa30d6e6883eb 100644 --- a/apps/meteor/app/api/server/v1/groups.ts +++ b/apps/meteor/app/api/server/v1/groups.ts @@ -7,7 +7,7 @@ import type { Filter } from 'mongodb'; import { Rooms as RoomSync, Users as UsersSync, Messages as MessageSync, Subscriptions as SubscriptionsSync } from '../../../models/server'; import { - hasPermission, + hasPermissionAsync, hasAtLeastOnePermission, canAccessRoomAsync, hasAllPermission, @@ -227,7 +227,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - const access = await hasPermission(this.userId, 'view-room-administration'); + const access = await hasPermissionAsync(this.userId, 'view-room-administration'); const params = this.queryParams; let user = this.userId; let room; @@ -302,7 +302,7 @@ API.v1.addRoute( { authRequired: true }, { async post() { - if (!(await hasPermission(this.userId, 'create-p'))) { + if (!(await hasPermissionAsync(this.userId, 'create-p'))) { return API.v1.unauthorized(); } @@ -652,7 +652,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - if (!(await hasPermission(this.userId, 'view-room-administration'))) { + if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) { return API.v1.unauthorized(); } const { offset, count } = this.getPaginationItems(); @@ -688,7 +688,7 @@ API.v1.addRoute( userId: this.userId, }); - if (findResult.broadcast && !(await hasPermission(this.userId, 'view-broadcast-member-list', findResult.rid))) { + if (findResult.broadcast && !(await hasPermissionAsync(this.userId, 'view-broadcast-member-list', findResult.rid))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/im.ts b/apps/meteor/app/api/server/v1/im.ts index 19b0ee4c8a702..d95fd4c4ac6b4 100644 --- a/apps/meteor/app/api/server/v1/im.ts +++ b/apps/meteor/app/api/server/v1/im.ts @@ -15,7 +15,7 @@ import { Match, check } from 'meteor/check'; import { Subscriptions, Uploads, Messages, Rooms, Users } from '@rocket.chat/models'; import { canAccessRoomIdAsync } from '../../../authorization/server/functions/canAccessRoom'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser'; import { API } from '../api'; import { getRoomByNameOrIdWithOptionToJoin } from '../../../lib/server/functions/getRoomByNameOrIdWithOptionToJoin'; @@ -92,7 +92,8 @@ API.v1.addRoute( async post() { const { room } = await findDirectMessageRoom(this.bodyParams, this.userId); - const canAccess = (await canAccessRoomIdAsync(room._id, this.userId)) || hasPermission(this.userId, 'view-room-administration'); + const canAccess = + (await canAccessRoomIdAsync(room._id, this.userId)) || (await hasPermissionAsync(this.userId, 'view-room-administration')); if (!canAccess) { throw new Meteor.Error('error-not-allowed', 'Not allowed'); } @@ -137,7 +138,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - const access = hasPermission(this.userId, 'view-room-administration'); + const access = await hasPermissionAsync(this.userId, 'view-room-administration'); const { roomId, userId: ruserId } = this.requestParams(); if (!roomId) { throw new Meteor.Error('error-room-param-not-provided', 'Query param "roomId" is required'); @@ -379,7 +380,7 @@ API.v1.addRoute( }); } - if (!hasPermission(this.userId, 'view-room-administration')) { + if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) { return API.v1.unauthorized(); } @@ -461,7 +462,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - if (!hasPermission(this.userId, 'view-room-administration')) { + if (!(await hasPermissionAsync(this.userId, 'view-room-administration'))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/instances.ts b/apps/meteor/app/api/server/v1/instances.ts index e2b3b352580c0..0de85f1bed0d1 100644 --- a/apps/meteor/app/api/server/v1/instances.ts +++ b/apps/meteor/app/api/server/v1/instances.ts @@ -1,7 +1,7 @@ import { InstanceStatus } from '@rocket.chat/models'; import { Instance as InstanceService } from '../../../../ee/server/sdk'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { API } from '../api'; import { isRunningMs } from '../../../../server/lib/isRunningMs'; @@ -18,7 +18,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - if (!hasPermission(this.userId, 'view-statistics')) { + if (!(await hasPermissionAsync(this.userId, 'view-statistics'))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/integrations.ts b/apps/meteor/app/api/server/v1/integrations.ts index ab121b5a60355..9e7d87cc10553 100644 --- a/apps/meteor/app/api/server/v1/integrations.ts +++ b/apps/meteor/app/api/server/v1/integrations.ts @@ -54,7 +54,7 @@ API.v1.addRoute( const { id } = queryParams; const { offset, count } = this.getPaginationItems(); const { sort, fields: projection, query } = this.parseJsonQuery(); - const ourQuery = Object.assign(mountIntegrationHistoryQueryBasedOnPermissions(userId, id), query); + const ourQuery = Object.assign(await mountIntegrationHistoryQueryBasedOnPermissions(userId, id), query); const { cursor, totalCount } = IntegrationHistory.findPaginated(ourQuery, { sort: sort || { _updatedAt: -1 }, diff --git a/apps/meteor/app/api/server/v1/ldap.ts b/apps/meteor/app/api/server/v1/ldap.ts index 8d8bd3a2f3ec2..aec8e732506cc 100644 --- a/apps/meteor/app/api/server/v1/ldap.ts +++ b/apps/meteor/app/api/server/v1/ldap.ts @@ -1,7 +1,7 @@ import { Match, check } from 'meteor/check'; import { LDAP } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { settings } from '../../../settings/server'; import { API } from '../api'; import { SystemLogger } from '../../../../server/lib/logger/system'; @@ -15,7 +15,7 @@ API.v1.addRoute( throw new Error('error-invalid-user'); } - if (!hasPermission(this.userId, 'test-admin-options')) { + if (!(await hasPermissionAsync(this.userId, 'test-admin-options'))) { throw new Error('error-not-authorized'); } @@ -53,7 +53,7 @@ API.v1.addRoute( throw new Error('error-invalid-user'); } - if (!hasPermission(this.userId, 'test-admin-options')) { + if (!(await hasPermissionAsync(this.userId, 'test-admin-options'))) { throw new Error('error-not-authorized'); } diff --git a/apps/meteor/app/api/server/v1/mailer.ts b/apps/meteor/app/api/server/v1/mailer.ts index 4739bbe562c21..136c5c872dec1 100644 --- a/apps/meteor/app/api/server/v1/mailer.ts +++ b/apps/meteor/app/api/server/v1/mailer.ts @@ -1,7 +1,7 @@ import { isMailerProps, isMailerUnsubscribeProps } from '@rocket.chat/rest-typings'; import { API } from '../api'; -import { hasPermission } from '../../../authorization/server/functions/hasPermission'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; API.v1.addRoute( 'mailer', @@ -11,7 +11,7 @@ API.v1.addRoute( }, { async post() { - if (!hasPermission(this.userId, 'send-mail')) { + if (!(await hasPermissionAsync(this.userId, 'send-mail'))) { throw new Error('error-not-allowed'); } diff --git a/apps/meteor/app/api/server/v1/misc.ts b/apps/meteor/app/api/server/v1/misc.ts index 3efcdc58098d3..edaf9f673a92d 100644 --- a/apps/meteor/app/api/server/v1/misc.ts +++ b/apps/meteor/app/api/server/v1/misc.ts @@ -18,7 +18,7 @@ import { import type { IUser } from '@rocket.chat/core-typings'; import { Users as UsersRaw } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Users } from '../../../models/server'; import { settings } from '../../../settings/server'; import { API } from '../api'; @@ -464,8 +464,8 @@ API.v1.addRoute( 'stdout.queue', { authRequired: true }, { - get() { - if (!hasPermission(this.userId, 'view-logs')) { + async get() { + if (!(await hasPermissionAsync(this.userId, 'view-logs'))) { return API.v1.unauthorized(); } return API.v1.success({ queue: getLogs() }); diff --git a/apps/meteor/app/api/server/v1/permissions.ts b/apps/meteor/app/api/server/v1/permissions.ts index d03fab78e7fbf..a2676f665f16e 100644 --- a/apps/meteor/app/api/server/v1/permissions.ts +++ b/apps/meteor/app/api/server/v1/permissions.ts @@ -3,7 +3,7 @@ import type { IPermission } from '@rocket.chat/core-typings'; import { isBodyParamsValidPermissionUpdate } from '@rocket.chat/rest-typings'; import { Permissions, Roles } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { API } from '../api'; API.v1.addRoute( @@ -43,7 +43,7 @@ API.v1.addRoute( { authRequired: true }, { async post() { - if (!hasPermission(this.userId, 'access-permissions')) { + if (!(await hasPermissionAsync(this.userId, 'access-permissions'))) { return API.v1.failure('Editing permissions is not allowed', 'error-edit-permissions-not-allowed'); } diff --git a/apps/meteor/app/api/server/v1/rooms.ts b/apps/meteor/app/api/server/v1/rooms.ts index 34b1fa2704058..e33f139ab720b 100644 --- a/apps/meteor/app/api/server/v1/rooms.ts +++ b/apps/meteor/app/api/server/v1/rooms.ts @@ -6,7 +6,7 @@ import type { IRoom } from '@rocket.chat/core-typings'; import { Media } from '@rocket.chat/core-services'; import { API } from '../api'; -import { canAccessRoomAsync, canAccessRoomId, hasPermission } from '../../../authorization/server'; +import { canAccessRoomAsync, canAccessRoomId, hasPermissionAsync } from '../../../authorization/server'; import { getUploadFormData } from '../lib/getUploadFormData'; import { settings } from '../../../settings/server'; import { eraseRoom } from '../../../../server/methods/eraseRoom'; @@ -550,7 +550,7 @@ API.v1.addRoute( throw new Meteor.Error('error-invalid-params'); } - if (!(await hasPermission(this.userId, 'mail-messages', rid))) { + if (!(await hasPermissionAsync(this.userId, 'mail-messages', rid))) { throw new Meteor.Error('error-action-not-allowed', 'Mailing is not allowed'); } diff --git a/apps/meteor/app/api/server/v1/settings.ts b/apps/meteor/app/api/server/v1/settings.ts index fb96c86a8c0ab..05cb1bf47e36f 100644 --- a/apps/meteor/app/api/server/v1/settings.ts +++ b/apps/meteor/app/api/server/v1/settings.ts @@ -12,7 +12,7 @@ import { import { Settings } from '@rocket.chat/models'; import type { FindOptions } from 'mongodb'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import type { ResultFor } from '../api'; import { API } from '../api'; import { SettingsEvents, settings } from '../../../settings/server'; @@ -125,7 +125,7 @@ API.v1.addRoute( hidden: { $ne: true }, }; - if (!hasPermission(this.userId, 'view-privileged-setting')) { + if (!(await hasPermissionAsync(this.userId, 'view-privileged-setting'))) { ourQuery.public = true; } @@ -148,7 +148,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - if (!hasPermission(this.userId, 'view-privileged-setting')) { + if (!(await hasPermissionAsync(this.userId, 'view-privileged-setting'))) { return API.v1.unauthorized(); } const setting = await Settings.findOneNotHiddenById(this.urlParams._id); @@ -160,7 +160,7 @@ API.v1.addRoute( post: { twoFactorRequired: true, async action(): Promise> { - if (!hasPermission(this.userId, 'edit-privileged-setting')) { + if (!(await hasPermissionAsync(this.userId, 'edit-privileged-setting'))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/teams.ts b/apps/meteor/app/api/server/v1/teams.ts index 27dec0ee0c0a7..87fe420ccb946 100644 --- a/apps/meteor/app/api/server/v1/teams.ts +++ b/apps/meteor/app/api/server/v1/teams.ts @@ -17,7 +17,7 @@ import { Team } from '@rocket.chat/core-services'; import { removeUserFromRoom } from '../../../lib/server/functions/removeUserFromRoom'; import { Rooms, Users } from '../../../models/server'; -import { canAccessRoomAsync, hasAtLeastOnePermission, hasPermission } from '../../../authorization/server'; +import { canAccessRoomAsync, hasAtLeastOnePermission, hasPermissionAsync } from '../../../authorization/server'; import { API } from '../api'; API.v1.addRoute( @@ -45,7 +45,7 @@ API.v1.addRoute( { authRequired: true }, { async get() { - if (!hasPermission(this.userId, 'view-all-teams')) { + if (!(await hasPermissionAsync(this.userId, 'view-all-teams'))) { return API.v1.unauthorized(); } @@ -68,7 +68,7 @@ API.v1.addRoute( { authRequired: true }, { async post() { - if (!hasPermission(this.userId, 'create-team')) { + if (!(await hasPermissionAsync(this.userId, 'create-team'))) { return API.v1.unauthorized(); } @@ -128,7 +128,7 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - if (!hasPermission(this.userId, 'convert-team', team.roomId)) { + if (!(await hasPermissionAsync(this.userId, 'convert-team', team.roomId))) { return API.v1.unauthorized(); } @@ -178,7 +178,7 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - if (!hasPermission(this.userId, 'add-team-channel', team.roomId)) { + if (!(await hasPermissionAsync(this.userId, 'add-team-channel', team.roomId))) { return API.v1.unauthorized('error-no-permission-team-channel'); } @@ -204,11 +204,11 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - if (!hasPermission(this.userId, 'remove-team-channel', team.roomId)) { + if (!(await hasPermissionAsync(this.userId, 'remove-team-channel', team.roomId))) { return API.v1.unauthorized(); } - const canRemoveAny = !!hasPermission(this.userId, 'view-all-team-channels', team.roomId); + const canRemoveAny = !!(await hasPermissionAsync(this.userId, 'view-all-team-channels', team.roomId)); const { roomId } = this.bodyParams; @@ -239,10 +239,10 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - if (!hasPermission(this.userId, 'edit-team-channel', team.roomId)) { + if (!(await hasPermissionAsync(this.userId, 'edit-team-channel', team.roomId))) { return API.v1.unauthorized(); } - const canUpdateAny = !!hasPermission(this.userId, 'view-all-team-channels', team.roomId); + const canUpdateAny = !!(await hasPermissionAsync(this.userId, 'view-all-team-channels', team.roomId)); const room = await Team.updateRoom(this.userId, roomId, isDefault, canUpdateAny); @@ -284,10 +284,10 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - const allowPrivateTeam: boolean = hasPermission(this.userId, 'view-all-teams', team.roomId); + const allowPrivateTeam: boolean = await hasPermissionAsync(this.userId, 'view-all-teams', team.roomId); let getAllRooms = false; - if (hasPermission(this.userId, 'view-all-team-channels', team.roomId)) { + if (await hasPermissionAsync(this.userId, 'view-all-team-channels', team.roomId)) { getAllRooms = true; } @@ -345,11 +345,11 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - const allowPrivateTeam = hasPermission(this.userId, 'view-all-teams', team.roomId); + const allowPrivateTeam = await hasPermissionAsync(this.userId, 'view-all-teams', team.roomId); const { userId, canUserDelete } = this.queryParams; - if (!(this.userId === userId || hasPermission(this.userId, 'view-all-team-channels', team.roomId))) { + if (!(this.userId === userId || (await hasPermissionAsync(this.userId, 'view-all-team-channels', team.roomId)))) { return API.v1.unauthorized(); } @@ -404,7 +404,7 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - const canSeeAllMembers = hasPermission(this.userId, 'view-all-teams', team.roomId); + const canSeeAllMembers = await hasPermissionAsync(this.userId, 'view-all-teams', team.roomId); const query = { username: username ? new RegExp(escapeRegExp(username), 'i') : undefined, @@ -582,7 +582,8 @@ API.v1.addRoute( return API.v1.failure('Room not found'); } - const canViewInfo = (await canAccessRoomAsync(room, { _id: this.userId })) || hasPermission(this.userId, 'view-all-teams'); + const canViewInfo = + (await canAccessRoomAsync(room, { _id: this.userId })) || (await hasPermissionAsync(this.userId, 'view-all-teams')); if (!canViewInfo) { return API.v1.unauthorized(); @@ -608,7 +609,7 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - if (!hasPermission(this.userId, 'delete-team', team.roomId)) { + if (!(await hasPermissionAsync(this.userId, 'delete-team', team.roomId))) { return API.v1.unauthorized(); } @@ -674,7 +675,7 @@ API.v1.addRoute( return API.v1.failure('team-does-not-exist'); } - if (!hasPermission(this.userId, 'edit-team', team.roomId)) { + if (!(await hasPermissionAsync(this.userId, 'edit-team', team.roomId))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/api/server/v1/users.ts b/apps/meteor/app/api/server/v1/users.ts index 55cafc6dabb01..604617180d71c 100644 --- a/apps/meteor/app/api/server/v1/users.ts +++ b/apps/meteor/app/api/server/v1/users.ts @@ -24,7 +24,7 @@ import type { Filter } from 'mongodb'; import { Team, api } from '@rocket.chat/core-services'; import { Users, Subscriptions } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { settings } from '../../../settings/server'; import { validateCustomFields, @@ -143,7 +143,11 @@ API.v1.addRoute( { authRequired: true, validateParams: isUsersSetPreferencesParamsPOST }, { post() { - if (this.bodyParams.userId && this.bodyParams.userId !== this.userId && !hasPermission(this.userId, 'edit-other-user-info')) { + if ( + this.bodyParams.userId && + this.bodyParams.userId !== this.userId && + !(await hasPermissionAsync(this.userId, 'edit-other-user-info')) + ) { throw new Meteor.Error('error-action-not-allowed', 'Editing user is not allowed'); } const userId = this.bodyParams.userId ? this.bodyParams.userId : this.userId; @@ -178,7 +182,7 @@ API.v1.addRoute( { authRequired: true, validateParams: isUsersSetAvatarProps }, { async post() { - const canEditOtherUserAvatar = hasPermission(this.userId, 'edit-other-user-avatar'); + const canEditOtherUserAvatar = await hasPermissionAsync(this.userId, 'edit-other-user-avatar'); if (!settings.get('Accounts_AllowUserAvatarChange') && !canEditOtherUserAvatar) { throw new Meteor.Error('error-not-allowed', 'Change avatar is not allowed', { @@ -230,7 +234,7 @@ API.v1.addRoute( } const isAnotherUser = this.userId !== user._id; - if (isAnotherUser && !hasPermission(this.userId, 'edit-other-user-avatar')) { + if (isAnotherUser && !(await hasPermissionAsync(this.userId, 'edit-other-user-avatar'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed'); } } @@ -278,7 +282,7 @@ API.v1.addRoute( { authRequired: true }, { post() { - if (!hasPermission(this.userId, 'delete-user')) { + if (!(await hasPermissionAsync(this.userId, 'delete-user'))) { return API.v1.unauthorized(); } @@ -319,7 +323,7 @@ API.v1.addRoute( { authRequired: true, validateParams: isUserSetActiveStatusParamsPOST }, { post() { - if (!hasPermission(this.userId, 'edit-other-user-active-status')) { + if (!(await hasPermissionAsync(this.userId, 'edit-other-user-active-status'))) { return API.v1.unauthorized(); } @@ -337,7 +341,7 @@ API.v1.addRoute( { authRequired: true, validateParams: isUserDeactivateIdleParamsPOST }, { post() { - if (!hasPermission(this.userId, 'edit-other-user-active-status')) { + if (!(await hasPermissionAsync(this.userId, 'edit-other-user-active-status'))) { return API.v1.unauthorized(); } @@ -371,7 +375,7 @@ API.v1.addRoute( return API.v1.failure('User not found.'); } const myself = user._id === this.userId; - if (fields.userRooms === 1 && (myself || hasPermission(this.userId, 'view-other-user-channels'))) { + if (fields.userRooms === 1 && (myself || (await hasPermissionAsync(this.userId, 'view-other-user-channels')))) { return API.v1.success({ user: { ...user, @@ -408,18 +412,21 @@ API.v1.addRoute( }, { async get() { - if (!hasPermission(this.userId, 'view-d-room')) { + if (!(await hasPermissionAsync(this.userId, 'view-d-room'))) { return API.v1.unauthorized(); } - if (settings.get('API_Apply_permission_view-outside-room_on_users-list') && !hasPermission(this.userId, 'view-outside-room')) { + if ( + settings.get('API_Apply_permission_view-outside-room_on_users-list') && + !(await hasPermissionAsync(this.userId, 'view-outside-room')) + ) { return API.v1.unauthorized(); } const { offset, count } = this.getPaginationItems(); const { sort, fields, query } = this.parseJsonQuery(); - const nonEmptyQuery = getNonEmptyQuery(query, hasPermission(this.userId, 'view-full-other-user-info')); + const nonEmptyQuery = getNonEmptyQuery(query, await hasPermissionAsync(this.userId, 'view-full-other-user-info')); const nonEmptyFields = getNonEmptyFields(fields); const inclusiveFields = getInclusiveFields(nonEmptyFields); @@ -554,7 +561,7 @@ API.v1.addRoute( if (settings.get('Accounts_AllowUserAvatarChange') && user._id === this.userId) { Meteor.runAsUser(this.userId, () => Meteor.call('resetAvatar')); - } else if (hasPermission(this.userId, 'edit-other-user-avatar')) { + } else if (await hasPermissionAsync(this.userId, 'edit-other-user-avatar')) { Meteor.runAsUser(this.userId, () => Meteor.call('resetAvatar', user._id)); } else { throw new Meteor.Error('error-not-allowed', 'Reset avatar is not allowed', { @@ -679,7 +686,7 @@ API.v1.addRoute( { authRequired: true }, { get() { - if (!hasPermission(this.userId, 'create-personal-access-tokens')) { + if (!(await hasPermissionAsync(this.userId, 'create-personal-access-tokens'))) { throw new Meteor.Error('not-authorized', 'Not Authorized'); } @@ -939,7 +946,7 @@ API.v1.addRoute( throw new Meteor.Error('error-not-allowed', 'Not allowed'); } - if (!hasPermission(this.userId, 'edit-other-user-e2ee')) { + if (!(await hasPermissionAsync(this.userId, 'edit-other-user-e2ee'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed'); } @@ -963,7 +970,7 @@ API.v1.addRoute( // // reset own keys if ('userId' in this.bodyParams || 'username' in this.bodyParams || 'user' in this.bodyParams) { // reset other user keys - if (!hasPermission(this.userId, 'edit-other-user-totp')) { + if (!(await hasPermissionAsync(this.userId, 'edit-other-user-totp'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed'); } @@ -1001,7 +1008,7 @@ API.v1.addRoute( const { userId } = this.queryParams; // If the caller has permission to view all teams, there's no need to filter the teams - const adminId = hasPermission(this.userId, 'view-all-teams') ? undefined : this.userId; + const adminId = (await hasPermissionAsync(this.userId, 'view-all-teams')) ? undefined : this.userId; const teams = await Team.findBySubscribedUserIds(userId, adminId); @@ -1019,7 +1026,7 @@ API.v1.addRoute( post() { const userId = this.bodyParams.userId || this.userId; - if (userId !== this.userId && !hasPermission(this.userId, 'logout-other-user')) { + if (userId !== this.userId && !(await hasPermissionAsync(this.userId, 'logout-other-user'))) { return API.v1.unauthorized(); } @@ -1087,7 +1094,7 @@ API.v1.addRoute( if (this.isUserFromParams()) { return Meteor.users.findOne(this.userId) as IUser; } - if (hasPermission(this.userId, 'edit-other-user-info')) { + if (await hasPermissionAsync(this.userId, 'edit-other-user-info')) { return this.getUserFromParams(); } })(); diff --git a/apps/meteor/app/api/server/v1/voip/rooms.ts b/apps/meteor/app/api/server/v1/voip/rooms.ts index 874f0eadea3a8..7354285374c66 100644 --- a/apps/meteor/app/api/server/v1/voip/rooms.ts +++ b/apps/meteor/app/api/server/v1/voip/rooms.ts @@ -5,7 +5,7 @@ import { VoipRoom, LivechatVisitors, Users } from '@rocket.chat/models'; import { LivechatVoip } from '@rocket.chat/core-services'; import { API } from '../../api'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { typedJsonParse } from '../../../../../lib/typedJSONParse'; type DateParam = { start?: string; end?: string }; @@ -166,8 +166,9 @@ API.v1.addRoute( const { createdAt: createdAtParam, closedAt: closedAtParam } = this.requestParams(); // Reusing same L room permissions for simplicity - const hasAdminAccess = hasPermission(this.userId, 'view-livechat-rooms'); - const hasAgentAccess = hasPermission(this.userId, 'view-l-room') && agents?.includes(this.userId) && agents?.length === 1; + const hasAdminAccess = await hasPermissionAsync(this.userId, 'view-livechat-rooms'); + const hasAgentAccess = + (await hasPermissionAsync(this.userId, 'view-l-room')) && agents?.includes(this.userId) && agents?.length === 1; if (!hasAdminAccess && !hasAgentAccess) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/assets/server/assets.ts b/apps/meteor/app/assets/server/assets.ts index a8778caea4a0c..54483fe577029 100644 --- a/apps/meteor/app/assets/server/assets.ts +++ b/apps/meteor/app/assets/server/assets.ts @@ -15,7 +15,7 @@ import { Settings } from '@rocket.chat/models'; import { settings, settingsRegistry } from '../../settings/server'; import { getURL } from '../../utils/lib/getURL'; import { getExtension } from '../../utils/lib/mimeTypes'; -import { hasPermission } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission'; import { RocketChatFile } from '../../file/server'; import { methodDeprecationLogger } from '../../lib/server/lib/deprecationWarningLogger'; @@ -443,7 +443,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - refreshClients() { + async refreshClients() { methodDeprecationLogger.warn('refreshClients will be deprecated in future versions of Rocket.Chat'); if (!Meteor.userId()) { @@ -452,7 +452,7 @@ Meteor.methods({ }); } - const _hasPermission = hasPermission(Meteor.userId() as string, 'manage-assets'); + const _hasPermission = await hasPermissionAsync(Meteor.userId() as string, 'manage-assets'); if (!_hasPermission) { throw new Meteor.Error('error-action-not-allowed', 'Managing assets not allowed', { method: 'refreshClients', @@ -463,14 +463,14 @@ Meteor.methods({ return RocketChatAssets.refreshClients(); }, - unsetAsset(asset) { + async unsetAsset(asset) { if (!Meteor.userId()) { throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'unsetAsset', }); } - const _hasPermission = hasPermission(Meteor.userId() as string, 'manage-assets'); + const _hasPermission = await hasPermissionAsync(Meteor.userId() as string, 'manage-assets'); if (!_hasPermission) { throw new Meteor.Error('error-action-not-allowed', 'Managing assets not allowed', { method: 'unsetAsset', @@ -481,14 +481,14 @@ Meteor.methods({ return RocketChatAssets.unsetAsset(asset); }, - setAsset(binaryContent, contentType, asset) { + async setAsset(binaryContent, contentType, asset) { if (!Meteor.userId()) { throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'setAsset', }); } - const _hasPermission = hasPermission(Meteor.userId() as string, 'manage-assets'); + const _hasPermission = await hasPermissionAsync(Meteor.userId() as string, 'manage-assets'); if (!_hasPermission) { throw new Meteor.Error('error-action-not-allowed', 'Managing assets not allowed', { method: 'setAsset', diff --git a/apps/meteor/app/authorization/server/methods/addPermissionToRole.ts b/apps/meteor/app/authorization/server/methods/addPermissionToRole.ts index 6e8f16674a42f..33bf7eb196f6e 100644 --- a/apps/meteor/app/authorization/server/methods/addPermissionToRole.ts +++ b/apps/meteor/app/authorization/server/methods/addPermissionToRole.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Permissions } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../functions/hasPermission'; +import { hasPermissionAsync } from '../functions/hasPermission'; import { CONSTANTS, AuthorizationUtils } from '../../lib'; declare module '@rocket.chat/ui-contexts' { @@ -33,8 +33,8 @@ Meteor.methods({ if ( !uid || - !hasPermission(uid, 'access-permissions') || - (permission.level === CONSTANTS.SETTINGS_LEVEL && !hasPermission(uid, 'access-setting-permissions')) + !(await hasPermissionAsync(uid, 'access-permissions')) || + (permission.level === CONSTANTS.SETTINGS_LEVEL && !(await hasPermissionAsync(uid, 'access-setting-permissions'))) ) { throw new Meteor.Error('error-action-not-allowed', 'Adding permission is not allowed', { method: 'authorization:addPermissionToRole', diff --git a/apps/meteor/app/authorization/server/methods/addUserToRole.ts b/apps/meteor/app/authorization/server/methods/addUserToRole.ts index d8ffbbcc95045..75bb8061f8487 100644 --- a/apps/meteor/app/authorization/server/methods/addUserToRole.ts +++ b/apps/meteor/app/authorization/server/methods/addUserToRole.ts @@ -6,7 +6,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Users } from '../../../models/server'; import { settings } from '../../../settings/server'; -import { hasPermission } from '../functions/hasPermission'; +import { hasPermissionAsync } from '../functions/hasPermission'; import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; declare module '@rocket.chat/ui-contexts' { @@ -20,7 +20,7 @@ Meteor.methods({ async 'authorization:addUserToRole'(roleId: IRole['_id'], username: IUser['username'], scope: IRoom['_id'] | undefined) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'access-permissions')) { + if (!userId || !(await hasPermissionAsync(userId, 'access-permissions'))) { throw new Meteor.Error('error-action-not-allowed', 'Accessing permissions is not allowed', { method: 'authorization:addUserToRole', action: 'Accessing_permissions', @@ -46,7 +46,7 @@ Meteor.methods({ apiDeprecationLogger.warn(`Calling authorization:addUserToRole with role names will be deprecated in future versions of Rocket.Chat`); } - if (role._id === 'admin' && !hasPermission(userId, 'assign-admin-role')) { + if (role._id === 'admin' && !(await hasPermissionAsync(userId, 'assign-admin-role'))) { throw new Meteor.Error('error-action-not-allowed', 'Assigning admin is not allowed', { method: 'authorization:addUserToRole', action: 'Assign_admin', diff --git a/apps/meteor/app/authorization/server/methods/deleteRole.ts b/apps/meteor/app/authorization/server/methods/deleteRole.ts index b409bdae46825..787bac9b0c1cb 100644 --- a/apps/meteor/app/authorization/server/methods/deleteRole.ts +++ b/apps/meteor/app/authorization/server/methods/deleteRole.ts @@ -4,7 +4,7 @@ import { Roles } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { DeleteResult } from 'mongodb'; -import { hasPermission } from '../functions/hasPermission'; +import { hasPermissionAsync } from '../functions/hasPermission'; import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; declare module '@rocket.chat/ui-contexts' { @@ -18,7 +18,7 @@ Meteor.methods({ async 'authorization:deleteRole'(roleId) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'access-permissions')) { + if (!userId || !(await hasPermissionAsync(userId, 'access-permissions'))) { throw new Meteor.Error('error-action-not-allowed', 'Accessing permissions is not allowed', { method: 'authorization:deleteRole', action: 'Accessing_permissions', diff --git a/apps/meteor/app/authorization/server/methods/removeRoleFromPermission.ts b/apps/meteor/app/authorization/server/methods/removeRoleFromPermission.ts index 2280354d34178..123c6bfb1fdfd 100644 --- a/apps/meteor/app/authorization/server/methods/removeRoleFromPermission.ts +++ b/apps/meteor/app/authorization/server/methods/removeRoleFromPermission.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Permissions } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../functions/hasPermission'; +import { hasPermissionAsync } from '../functions/hasPermission'; import { CONSTANTS } from '../../lib'; declare module '@rocket.chat/ui-contexts' { @@ -25,8 +25,8 @@ Meteor.methods({ if ( !uid || - !hasPermission(uid, 'access-permissions') || - (permission.level === CONSTANTS.SETTINGS_LEVEL && !hasPermission(uid, 'access-setting-permissions')) + !(await hasPermissionAsync(uid, 'access-permissions')) || + (permission.level === CONSTANTS.SETTINGS_LEVEL && !(await hasPermissionAsync(uid, 'access-setting-permissions'))) ) { throw new Meteor.Error('error-action-not-allowed', 'Removing permission is not allowed', { method: 'authorization:removeRoleFromPermission', diff --git a/apps/meteor/app/authorization/server/methods/removeUserFromRole.ts b/apps/meteor/app/authorization/server/methods/removeUserFromRole.ts index e152404227247..15598d8abdeab 100644 --- a/apps/meteor/app/authorization/server/methods/removeUserFromRole.ts +++ b/apps/meteor/app/authorization/server/methods/removeUserFromRole.ts @@ -6,7 +6,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Users } from '../../../models/server'; import { settings } from '../../../settings/server'; -import { hasPermission } from '../functions/hasPermission'; +import { hasPermissionAsync } from '../functions/hasPermission'; import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; declare module '@rocket.chat/ui-contexts' { @@ -20,7 +20,7 @@ Meteor.methods({ async 'authorization:removeUserFromRole'(roleId, username, scope) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'access-permissions')) { + if (!userId || !(await hasPermissionAsync(userId, 'access-permissions'))) { throw new Meteor.Error('error-action-not-allowed', 'Access permissions is not allowed', { method: 'authorization:removeUserFromRole', action: 'Accessing_permissions', diff --git a/apps/meteor/app/autotranslate/server/methods/getSupportedLanguages.ts b/apps/meteor/app/autotranslate/server/methods/getSupportedLanguages.ts index 045d81c18a103..dad0287477295 100644 --- a/apps/meteor/app/autotranslate/server/methods/getSupportedLanguages.ts +++ b/apps/meteor/app/autotranslate/server/methods/getSupportedLanguages.ts @@ -3,7 +3,7 @@ import { DDPRateLimiter } from 'meteor/ddp-rate-limiter'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { ISupportedLanguage } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { TranslationProviderRegistry } from '..'; import { settings } from '../../../settings/server'; @@ -27,7 +27,7 @@ Meteor.methods({ }); } - if (!hasPermission(userId, 'auto-translate')) { + if (!(await hasPermissionAsync(userId, 'auto-translate'))) { throw new Meteor.Error('error-action-not-allowed', 'Auto-Translate is not allowed', { method: 'autoTranslate.saveSettings', }); diff --git a/apps/meteor/app/autotranslate/server/methods/saveSettings.ts b/apps/meteor/app/autotranslate/server/methods/saveSettings.ts index e9ec5748c0440..b102ee470fcb7 100644 --- a/apps/meteor/app/autotranslate/server/methods/saveSettings.ts +++ b/apps/meteor/app/autotranslate/server/methods/saveSettings.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Subscriptions } from '../../../models/server'; declare module '@rocket.chat/ui-contexts' { @@ -21,7 +21,7 @@ Meteor.methods({ }); } - if (!hasPermission(userId, 'auto-translate')) { + if (!(await hasPermissionAsync(userId, 'auto-translate'))) { throw new Meteor.Error('error-action-not-allowed', 'Auto-Translate is not allowed', { method: 'autoTranslate.saveSettings', }); diff --git a/apps/meteor/app/channel-settings/server/methods/saveRoomSettings.ts b/apps/meteor/app/channel-settings/server/methods/saveRoomSettings.ts index ae4f6de0ee194..1d8632b5cbd3a 100644 --- a/apps/meteor/app/channel-settings/server/methods/saveRoomSettings.ts +++ b/apps/meteor/app/channel-settings/server/methods/saveRoomSettings.ts @@ -6,7 +6,7 @@ import { Team } from '@rocket.chat/core-services'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { setRoomAvatar } from '../../../lib/server/functions/setRoomAvatar'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Rooms } from '../../../models/server'; import { saveRoomName } from '../functions/saveRoomName'; import { saveRoomTopic } from '../functions/saveRoomTopic'; @@ -64,7 +64,7 @@ const hasRetentionPolicy = (room: IRoom & { retention?: any }): room is IRoomWit const validators: RoomSettingsValidators = { default({ userId }) { - if (!hasPermission(userId, 'view-room-administration')) { + if (!(await hasPermissionAsync(userId, 'view-room-administration'))) { throw new Meteor.Error('error-action-not-allowed', 'Viewing room administration is not allowed', { method: 'saveRoomSettings', action: 'Viewing_room_administration', @@ -72,7 +72,7 @@ const validators: RoomSettingsValidators = { } }, featured({ userId }) { - if (!hasPermission(userId, 'view-room-administration')) { + if (!(await hasPermissionAsync(userId, 'view-room-administration'))) { throw new Meteor.Error('error-action-not-allowed', 'Viewing room administration is not allowed', { method: 'saveRoomSettings', action: 'Viewing_room_administration', @@ -84,14 +84,14 @@ const validators: RoomSettingsValidators = { return; } - if (value === 'c' && !hasPermission(userId, 'create-c')) { + if (value === 'c' && !(await hasPermissionAsync(userId, 'create-c'))) { throw new Meteor.Error('error-action-not-allowed', 'Changing a private group to a public channel is not allowed', { method: 'saveRoomSettings', action: 'Change_Room_Type', }); } - if (value === 'p' && !hasPermission(userId, 'create-p')) { + if (value === 'p' && !(await hasPermissionAsync(userId, 'create-p'))) { throw new Meteor.Error('error-action-not-allowed', 'Changing a public channel to a private room is not allowed', { method: 'saveRoomSettings', action: 'Change_Room_Type', @@ -107,7 +107,7 @@ const validators: RoomSettingsValidators = { }); } - if (room.t !== 'd' && !hasPermission(userId, 'toggle-room-e2e-encryption', rid)) { + if (room.t !== 'd' && !(await hasPermissionAsync(userId, 'toggle-room-e2e-encryption', rid))) { throw new Meteor.Error('error-action-not-allowed', 'You do not have permission to toggle E2E encryption', { method: 'saveRoomSettings', action: 'Change_Room_Encrypted', @@ -123,7 +123,7 @@ const validators: RoomSettingsValidators = { }); } - if (!hasPermission(userId, 'edit-room-retention-policy', rid) && value !== room.retention.enabled) { + if (!(await hasPermissionAsync(userId, 'edit-room-retention-policy', rid)) && value !== room.retention.enabled) { throw new Meteor.Error('error-action-not-allowed', 'Editing room retention policy is not allowed', { method: 'saveRoomSettings', action: 'Editing_room', @@ -138,7 +138,7 @@ const validators: RoomSettingsValidators = { }); } - if (!hasPermission(userId, 'edit-room-retention-policy', rid) && value !== room.retention.maxAge) { + if (!(await hasPermissionAsync(userId, 'edit-room-retention-policy', rid)) && value !== room.retention.maxAge) { throw new Meteor.Error('error-action-not-allowed', 'Editing room retention policy is not allowed', { method: 'saveRoomSettings', action: 'Editing_room', @@ -153,7 +153,7 @@ const validators: RoomSettingsValidators = { }); } - if (!hasPermission(userId, 'edit-room-retention-policy', rid) && value !== room.retention.excludePinned) { + if (!(await hasPermissionAsync(userId, 'edit-room-retention-policy', rid)) && value !== room.retention.excludePinned) { throw new Meteor.Error('error-action-not-allowed', 'Editing room retention policy is not allowed', { method: 'saveRoomSettings', action: 'Editing_room', @@ -168,7 +168,7 @@ const validators: RoomSettingsValidators = { }); } - if (!hasPermission(userId, 'edit-room-retention-policy', rid) && value !== room.retention.filesOnly) { + if (!(await hasPermissionAsync(userId, 'edit-room-retention-policy', rid)) && value !== room.retention.filesOnly) { throw new Meteor.Error('error-action-not-allowed', 'Editing room retention policy is not allowed', { method: 'saveRoomSettings', action: 'Editing_room', @@ -183,7 +183,7 @@ const validators: RoomSettingsValidators = { }); } - if (!hasPermission(userId, 'edit-room-retention-policy', rid) && value !== room.retention.ignoreThreads) { + if (!(await hasPermissionAsync(userId, 'edit-room-retention-policy', rid)) && value !== room.retention.ignoreThreads) { throw new Meteor.Error('error-action-not-allowed', 'Editing room retention policy is not allowed', { method: 'saveRoomSettings', action: 'Editing_room', @@ -191,7 +191,7 @@ const validators: RoomSettingsValidators = { } }, roomAvatar({ userId, rid }) { - if (!hasPermission(userId, 'edit-room-avatar', rid)) { + if (!(await hasPermissionAsync(userId, 'edit-room-avatar', rid))) { throw new Meteor.Error('error-action-not-allowed', 'Editing a room avatar is not allowed', { method: 'saveRoomSettings', action: 'Editing_room', @@ -431,7 +431,7 @@ async function saveRoomSettings( }); } - if (!hasPermission(uid, 'edit-room', rid)) { + if (!(await hasPermissionAsync(uid, 'edit-room', rid))) { if (!(Object.keys(settings).includes('encrypted') && room.t === 'd')) { throw new Meteor.Error('error-action-not-allowed', 'Editing room is not allowed', { method: 'saveRoomSettings', @@ -456,8 +456,8 @@ async function saveRoomSettings( } // validations - for (const setting of Object.keys(settings) as (keyof RoomSettings)[]) { - validate(setting, { + for await (const setting of Object.keys(settings) as (keyof RoomSettings)[]) { + await validate(setting, { userId: uid, value: settings[setting], room, diff --git a/apps/meteor/app/cloud/server/methods.ts b/apps/meteor/app/cloud/server/methods.ts index 9713df0a98233..fc284c6a92a7f 100644 --- a/apps/meteor/app/cloud/server/methods.ts +++ b/apps/meteor/app/cloud/server/methods.ts @@ -12,7 +12,7 @@ import { disconnectWorkspace } from './functions/disconnectWorkspace'; import { syncWorkspace } from './functions/syncWorkspace'; import { checkUserHasCloudLogin } from './functions/checkUserHasCloudLogin'; import { userLogout } from './functions/userLogout'; -import { hasPermission } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server'; import { buildWorkspaceRegistrationData } from './functions/buildRegistrationData'; declare module '@rocket.chat/ui-contexts' { @@ -49,7 +49,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:checkRegisterStatus', }); @@ -66,7 +66,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:getWorkspaceRegisterData', }); @@ -83,7 +83,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:registerWorkspace', }); @@ -100,7 +100,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:syncWorkspace', }); @@ -119,7 +119,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:connectWorkspace', }); @@ -141,7 +141,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:connectServer', }); @@ -157,7 +157,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:reconnectWorkspace', }); @@ -174,7 +174,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:getOAuthAuthorizationUrl', }); @@ -194,7 +194,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:finishOAuthAuthorization', }); @@ -210,7 +210,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:checkUserLoggedIn', }); @@ -226,7 +226,7 @@ Meteor.methods({ }); } - if (!hasPermission(uid, 'manage-cloud')) { + if (!(await hasPermissionAsync(uid, 'manage-cloud'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'cloud:logout', }); diff --git a/apps/meteor/app/crowd/server/crowd.js b/apps/meteor/app/crowd/server/crowd.js index a277c40776295..47db17ea7dad2 100644 --- a/apps/meteor/app/crowd/server/crowd.js +++ b/apps/meteor/app/crowd/server/crowd.js @@ -7,7 +7,7 @@ import { Logger } from '../../logger/server'; import { _setRealName } from '../../lib/server'; import { Users } from '../../models/server'; import { settings } from '../../settings/server'; -import { hasPermission } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server'; import { deleteUser } from '../../lib/server/functions'; import { setUserActiveStatus } from '../../lib/server/functions/setUserActiveStatus'; @@ -336,7 +336,7 @@ Meteor.startup(() => { }); Meteor.methods({ - crowd_test_connection() { + async crowd_test_connection() { const user = Meteor.user(); if (!user) { throw new Meteor.Error('error-invalid-user', 'Invalid user', { @@ -344,7 +344,7 @@ Meteor.methods({ }); } - if (!hasPermission(user._id, 'test-admin-options')) { + if (!(await hasPermissionAsync(user._id, 'test-admin-options'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'crowd_test_connection', }); @@ -376,7 +376,7 @@ Meteor.methods({ throw new Meteor.Error('crowd_disabled'); } - if (!hasPermission(user._id, 'sync-auth-services-users')) { + if (!Promise.await(hasPermissionAsync(user._id, 'sync-auth-services-users'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'crowd_sync_users', }); diff --git a/apps/meteor/app/custom-sounds/server/methods/deleteCustomSound.ts b/apps/meteor/app/custom-sounds/server/methods/deleteCustomSound.ts index 5091686305105..2979a237f8243 100644 --- a/apps/meteor/app/custom-sounds/server/methods/deleteCustomSound.ts +++ b/apps/meteor/app/custom-sounds/server/methods/deleteCustomSound.ts @@ -4,7 +4,7 @@ import { api } from '@rocket.chat/core-services'; import type { ICustomSound } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { RocketChatFileCustomSoundsInstance } from '../startup/custom-sounds'; declare module '@rocket.chat/ui-contexts' { @@ -18,7 +18,7 @@ Meteor.methods({ async deleteCustomSound(_id) { let sound = null; - if (this.userId && hasPermission(this.userId, 'manage-sounds')) { + if (this.userId && (await hasPermissionAsync(this.userId, 'manage-sounds'))) { sound = await CustomSounds.findOneById(_id); } else { throw new Meteor.Error('not_authorized'); diff --git a/apps/meteor/app/custom-sounds/server/methods/insertOrUpdateSound.ts b/apps/meteor/app/custom-sounds/server/methods/insertOrUpdateSound.ts index cf573347b24fe..020ff591c57ea 100644 --- a/apps/meteor/app/custom-sounds/server/methods/insertOrUpdateSound.ts +++ b/apps/meteor/app/custom-sounds/server/methods/insertOrUpdateSound.ts @@ -4,7 +4,7 @@ import { CustomSounds } from '@rocket.chat/models'; import { api } from '@rocket.chat/core-services'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { RocketChatFileCustomSoundsInstance } from '../startup/custom-sounds'; export type ICustomSoundData = { @@ -29,7 +29,7 @@ declare module '@rocket.chat/ui-contexts' { Meteor.methods({ async insertOrUpdateSound(soundData) { - if (!this.userId || !hasPermission(this.userId, 'manage-sounds')) { + if (!this.userId || !(await hasPermissionAsync(this.userId, 'manage-sounds'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/custom-sounds/server/methods/uploadCustomSound.ts b/apps/meteor/app/custom-sounds/server/methods/uploadCustomSound.ts index faf181b20b894..b699c85cac5a9 100644 --- a/apps/meteor/app/custom-sounds/server/methods/uploadCustomSound.ts +++ b/apps/meteor/app/custom-sounds/server/methods/uploadCustomSound.ts @@ -3,7 +3,7 @@ import { api } from '@rocket.chat/core-services'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { RequiredField } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { RocketChatFile } from '../../../file/server'; import { RocketChatFileCustomSoundsInstance } from '../startup/custom-sounds'; import type { ICustomSoundData } from './insertOrUpdateSound'; @@ -17,7 +17,7 @@ declare module '@rocket.chat/ui-contexts' { Meteor.methods({ uploadCustomSound(binaryContent, contentType, soundData) { - if (!this.userId || !hasPermission(this.userId, 'manage-sounds')) { + if (!this.userId || !(await hasPermissionAsync(this.userId, 'manage-sounds'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/emoji-custom/server/methods/deleteEmojiCustom.js b/apps/meteor/app/emoji-custom/server/methods/deleteEmojiCustom.js index 45ec8cfb5ae9f..d7c3df70cb2fb 100644 --- a/apps/meteor/app/emoji-custom/server/methods/deleteEmojiCustom.js +++ b/apps/meteor/app/emoji-custom/server/methods/deleteEmojiCustom.js @@ -2,12 +2,12 @@ import { Meteor } from 'meteor/meteor'; import { EmojiCustom } from '@rocket.chat/models'; import { api } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { RocketChatFileEmojiCustomInstance } from '../startup/emoji-custom'; Meteor.methods({ async deleteEmojiCustom(emojiID) { - if (!hasPermission(this.userId, 'manage-emoji')) { + if (!(await hasPermissionAsync(this.userId, 'manage-emoji'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/emoji-custom/server/methods/insertOrUpdateEmoji.js b/apps/meteor/app/emoji-custom/server/methods/insertOrUpdateEmoji.js index c8f77d7e7597e..e58ec2d6efb25 100644 --- a/apps/meteor/app/emoji-custom/server/methods/insertOrUpdateEmoji.js +++ b/apps/meteor/app/emoji-custom/server/methods/insertOrUpdateEmoji.js @@ -4,13 +4,13 @@ import limax from 'limax'; import { EmojiCustom } from '@rocket.chat/models'; import { api } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { RocketChatFileEmojiCustomInstance } from '../startup/emoji-custom'; import { trim } from '../../../../lib/utils/stringUtils'; Meteor.methods({ async insertOrUpdateEmoji(emojiData) { - if (!hasPermission(this.userId, 'manage-emoji')) { + if (!(await hasPermissionAsync(this.userId, 'manage-emoji'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/emoji-custom/server/methods/uploadEmojiCustom.js b/apps/meteor/app/emoji-custom/server/methods/uploadEmojiCustom.js index c15f11b65b9a0..c825e7e3628eb 100644 --- a/apps/meteor/app/emoji-custom/server/methods/uploadEmojiCustom.js +++ b/apps/meteor/app/emoji-custom/server/methods/uploadEmojiCustom.js @@ -3,7 +3,7 @@ import limax from 'limax'; import sharp from 'sharp'; import { api, Media } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { RocketChatFile } from '../../../file/server'; import { RocketChatFileEmojiCustomInstance } from '../startup/emoji-custom'; @@ -19,7 +19,7 @@ Meteor.methods({ async uploadEmojiCustom(binaryContent, contentType, emojiData) { // technically, since this method doesnt have any datatype validations, users can // upload videos as emojis. The FE won't play them, but they will waste space for sure. - if (!hasPermission(this.userId, 'manage-emoji')) { + if (!(await hasPermissionAsync(this.userId, 'manage-emoji'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/file-upload/lib/FileUploadBase.js b/apps/meteor/app/file-upload/lib/FileUploadBase.js index 661b2dba1022c..d6a6ec87c2083 100644 --- a/apps/meteor/app/file-upload/lib/FileUploadBase.js +++ b/apps/meteor/app/file-upload/lib/FileUploadBase.js @@ -5,7 +5,7 @@ import { Random } from '@rocket.chat/random'; import { UploadFS } from 'meteor/jalik:ufs'; import _ from 'underscore'; -import { canAccessRoomAsync, hasPermission } from '../../authorization'; +import { canAccessRoomAsync, hasPermissionAsync } from '../../authorization'; import { settings } from '../../settings'; // set ufs temp dir to $TMPDIR/ufs instead of /tmp/ufs if the variable is set @@ -36,10 +36,14 @@ UploadFS.config.defaultStorePermissions = new UploadFS.StorePermissions({ return false; }, update(userId, doc) { - return hasPermission(Meteor.userId(), 'delete-message', doc.rid) || (settings.get('Message_AllowDeleting') && userId === doc.userId); + return Promise.await( + hasPermissionAsync(Meteor.userId(), 'delete-message', doc.rid) || (settings.get('Message_AllowDeleting') && userId === doc.userId), + ); }, remove(userId, doc) { - return hasPermission(Meteor.userId(), 'delete-message', doc.rid) || (settings.get('Message_AllowDeleting') && userId === doc.userId); + return Promise.await( + hasPermissionAsync(Meteor.userId(), 'delete-message', doc.rid) || (settings.get('Message_AllowDeleting') && userId === doc.userId), + ); }, }); diff --git a/apps/meteor/app/file-upload/server/lib/FileUpload.js b/apps/meteor/app/file-upload/server/lib/FileUpload.js index 9c746556eb476..4d068aef95175 100644 --- a/apps/meteor/app/file-upload/server/lib/FileUpload.js +++ b/apps/meteor/app/file-upload/server/lib/FileUpload.js @@ -20,7 +20,7 @@ import Users from '../../../models/server/models/Users'; import Rooms from '../../../models/server/models/Rooms'; import Subscriptions from '../../../models/server/models/Subscriptions'; import { mime } from '../../../utils/lib/mimeTypes'; -import { hasPermission } from '../../../authorization/server/functions/hasPermission'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { canAccessRoomAsync } from '../../../authorization/server/functions/canAccessRoom'; import { fileUploadIsValidContentType } from '../../../utils/lib/fileUploadRestrictions'; import { isValidJWT, generateJWT } from '../../../utils/server/lib/JWTHelper'; @@ -217,10 +217,10 @@ export const FileUpload = { } if (file.rid) { - if (!hasPermission(Meteor.userId(), 'edit-room-avatar', file.rid)) { + if (!Promise.await(hasPermissionAsync(Meteor.userId(), 'edit-room-avatar', file.rid))) { throw new Meteor.Error('error-not-allowed', 'Change avatar is not allowed'); } - } else if (Meteor.userId() !== file.userId && !hasPermission(Meteor.userId(), 'edit-other-user-avatar')) { + } else if (Meteor.userId() !== file.userId && !Promise.await(hasPermissionAsync(Meteor.userId(), 'edit-other-user-avatar'))) { throw new Meteor.Error('error-not-allowed', 'Change avatar is not allowed'); } @@ -412,7 +412,7 @@ export const FileUpload = { }, avatarRoomOnFinishUpload(file) { - if (!hasPermission(Meteor.userId(), 'edit-room-avatar', file.rid)) { + if (!Promise.await(hasPermissionAsync(Meteor.userId(), 'edit-room-avatar', file.rid))) { throw new Meteor.Error('error-not-allowed', 'Change avatar is not allowed'); } }, @@ -421,7 +421,7 @@ export const FileUpload = { return FileUpload.avatarRoomOnFinishUpload(file); } - if (Meteor.userId() !== file.userId && !hasPermission(Meteor.userId(), 'edit-other-user-avatar')) { + if (Meteor.userId() !== file.userId && !Promise.await(hasPermissionAsync(Meteor.userId(), 'edit-other-user-avatar'))) { throw new Meteor.Error('error-not-allowed', 'Change avatar is not allowed'); } // update file record to match user's username diff --git a/apps/meteor/app/importer/server/methods/downloadPublicImportFile.ts b/apps/meteor/app/importer/server/methods/downloadPublicImportFile.ts index 74532bb72c570..13906258d6321 100644 --- a/apps/meteor/app/importer/server/methods/downloadPublicImportFile.ts +++ b/apps/meteor/app/importer/server/methods/downloadPublicImportFile.ts @@ -8,7 +8,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { RocketChatImportFileInstance } from '../startup/store'; import { ProgressStep } from '../../lib/ImporterProgressStep'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Importers } from '..'; function downloadHttpFile(fileUrl: string, writeStream: fs.WriteStream): void { @@ -89,14 +89,14 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - downloadPublicImportFile(fileUrl: string, importerKey: string) { + async downloadPublicImportFile(fileUrl: string, importerKey: string) { const userId = Meteor.userId(); if (!userId) { throw new Meteor.Error('error-invalid-user', 'Invalid user', 'downloadPublicImportFile'); } - if (!hasPermission(userId, 'run-import')) { + if (!(await hasPermissionAsync(userId, 'run-import'))) { throw new Meteor.Error('error-action-not-allowed', 'Importing is not allowed', 'downloadPublicImportFile'); } diff --git a/apps/meteor/app/importer/server/methods/getImportFileData.ts b/apps/meteor/app/importer/server/methods/getImportFileData.ts index 5247e5d3eda9f..8a557137941ae 100644 --- a/apps/meteor/app/importer/server/methods/getImportFileData.ts +++ b/apps/meteor/app/importer/server/methods/getImportFileData.ts @@ -6,7 +6,7 @@ import type { IImportFileData } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { RocketChatImportFileInstance } from '../startup/store'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Imports } from '../../../models/server'; import { ProgressStep } from '../../lib/ImporterProgressStep'; import { Importers } from '..'; @@ -74,7 +74,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', 'getImportFileData'); } - if (!hasPermission(userId, 'run-import')) { + if (!(await hasPermissionAsync(userId, 'run-import'))) { throw new Meteor.Error('error-action-not-allowed', 'Importing is not allowed', 'getImportFileData'); } diff --git a/apps/meteor/app/importer/server/methods/getImportProgress.ts b/apps/meteor/app/importer/server/methods/getImportProgress.ts index 59900b044e9fd..6ad0ecd7dda49 100644 --- a/apps/meteor/app/importer/server/methods/getImportProgress.ts +++ b/apps/meteor/app/importer/server/methods/getImportProgress.ts @@ -2,7 +2,7 @@ import type { IImportProgress } from '@rocket.chat/core-typings'; import { Meteor } from 'meteor/meteor'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Imports } from '../../../models/server'; import { Importers } from '..'; @@ -31,13 +31,13 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - getImportProgress() { + async getImportProgress() { const userId = Meteor.userId(); if (!userId) { throw new Meteor.Error('error-invalid-user', 'Invalid user', 'getImportProgress'); } - if (!hasPermission(userId, 'run-import')) { + if (!(await hasPermissionAsync(userId, 'run-import'))) { throw new Meteor.Error('error-action-not-allowed', 'Importing is not allowed', 'setupImporter'); } diff --git a/apps/meteor/app/importer/server/methods/getLatestImportOperations.ts b/apps/meteor/app/importer/server/methods/getLatestImportOperations.ts index cd6f691e93815..0fe21467460fc 100644 --- a/apps/meteor/app/importer/server/methods/getLatestImportOperations.ts +++ b/apps/meteor/app/importer/server/methods/getLatestImportOperations.ts @@ -3,7 +3,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { IImport } from '@rocket.chat/core-typings'; import { Imports } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; export const executeGetLatestImportOperations = () => { const data = Imports.find( @@ -25,14 +25,14 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - getLatestImportOperations() { + async getLatestImportOperations() { const userId = Meteor.userId(); if (!userId) { throw new Meteor.Error('error-invalid-user', 'Invalid user', 'getLatestImportOperations'); } - if (!hasPermission(userId, 'view-import-operations')) { + if (!(await hasPermissionAsync(userId, 'view-import-operations'))) { throw new Meteor.Error('not_authorized', 'User not authorized', 'getLatestImportOperations'); } diff --git a/apps/meteor/app/importer/server/methods/startImport.ts b/apps/meteor/app/importer/server/methods/startImport.ts index 3572aefd310fa..20878f9051ab7 100644 --- a/apps/meteor/app/importer/server/methods/startImport.ts +++ b/apps/meteor/app/importer/server/methods/startImport.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import type { StartImportParamsPOST } from '@rocket.chat/rest-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Imports } from '../../../models/server'; import { Importers, Selection, SelectionChannel, SelectionUser } from '..'; @@ -47,14 +47,14 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - startImport({ input }: StartImportParamsPOST) { + async startImport({ input }: StartImportParamsPOST) { const userId = Meteor.userId(); // Takes name and object with users / channels selected to import if (!userId) { throw new Meteor.Error('error-invalid-user', 'Invalid user', 'startImport'); } - if (!hasPermission(userId, 'run-import')) { + if (!(await (userId, 'run-import'))) { throw new Meteor.Error('error-action-not-allowed', 'Importing is not allowed', 'startImport'); } diff --git a/apps/meteor/app/importer/server/methods/uploadImportFile.ts b/apps/meteor/app/importer/server/methods/uploadImportFile.ts index 7b8281aed55ff..74082c065c78f 100644 --- a/apps/meteor/app/importer/server/methods/uploadImportFile.ts +++ b/apps/meteor/app/importer/server/methods/uploadImportFile.ts @@ -4,7 +4,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { RocketChatFile } from '../../../file/server'; import { RocketChatImportFileInstance } from '../startup/store'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { ProgressStep } from '../../lib/ImporterProgressStep'; import { Importers } from '..'; @@ -52,14 +52,14 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - uploadImportFile(binaryContent, contentType, fileName, importerKey) { + async uploadImportFile(binaryContent, contentType, fileName, importerKey) { const userId = Meteor.userId(); if (!userId) { throw new Meteor.Error('error-invalid-user', 'Invalid user', 'uploadImportFile'); } - if (!hasPermission(userId, 'run-import')) { + if (!(await hasPermissionAsync(userId, 'run-import'))) { throw new Meteor.Error('error-action-not-allowed', 'Importing is not allowed', 'uploadImportFile'); } diff --git a/apps/meteor/app/integrations/server/lib/mountQueriesBasedOnPermission.js b/apps/meteor/app/integrations/server/lib/mountQueriesBasedOnPermission.js index a17187c891d26..782121144690f 100644 --- a/apps/meteor/app/integrations/server/lib/mountQueriesBasedOnPermission.js +++ b/apps/meteor/app/integrations/server/lib/mountQueriesBasedOnPermission.js @@ -1,15 +1,15 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; export const mountIntegrationQueryBasedOnPermissions = async (userId) => { if (!userId) { throw new Meteor.Error('You must provide the userId to the "mountIntegrationQueryBasedOnPermissions" fucntion.'); } - const canViewAllOutgoingIntegrations = await hasPermission(userId, 'manage-outgoing-integrations'); - const canViewAllIncomingIntegrations = await hasPermission(userId, 'manage-incoming-integrations'); - const canViewOnlyOwnOutgoingIntegrations = await hasPermission(userId, 'manage-own-outgoing-integrations'); - const canViewOnlyOwnIncomingIntegrations = await hasPermission(userId, 'manage-own-incoming-integrations'); + const canViewAllOutgoingIntegrations = await hasPermissionAsync(userId, 'manage-outgoing-integrations'); + const canViewAllIncomingIntegrations = await hasPermissionAsync(userId, 'manage-incoming-integrations'); + const canViewOnlyOwnOutgoingIntegrations = await hasPermissionAsync(userId, 'manage-own-outgoing-integrations'); + const canViewOnlyOwnIncomingIntegrations = await hasPermissionAsync(userId, 'manage-own-incoming-integrations'); const query = {}; @@ -36,7 +36,7 @@ export const mountIntegrationQueryBasedOnPermissions = async (userId) => { return query; }; -export const mountIntegrationHistoryQueryBasedOnPermissions = (userId, integrationId) => { +export const mountIntegrationHistoryQueryBasedOnPermissions = async (userId, integrationId) => { if (!userId) { throw new Meteor.Error('You must provide the userId to the "mountIntegrationHistoryQueryBasedOnPermissions" fucntion.'); } @@ -44,8 +44,8 @@ export const mountIntegrationHistoryQueryBasedOnPermissions = (userId, integrati throw new Meteor.Error('You must provide the integrationId to the "mountIntegrationHistoryQueryBasedOnPermissions" fucntion.'); } - const canViewOnlyOwnOutgoingIntegrations = hasPermission(userId, 'manage-own-outgoing-integrations'); - const canViewAllOutgoingIntegrations = hasPermission(userId, 'manage-outgoing-integrations'); + const canViewOnlyOwnOutgoingIntegrations = await hasPermissionAsync(userId, 'manage-own-outgoing-integrations'); + const canViewAllOutgoingIntegrations = await (userId, 'manage-outgoing-integrations'); if (!canViewAllOutgoingIntegrations && canViewOnlyOwnOutgoingIntegrations) { return { 'integration._id': integrationId, 'integration._createdBy._id': userId }; } diff --git a/apps/meteor/app/integrations/server/methods/clearIntegrationHistory.ts b/apps/meteor/app/integrations/server/methods/clearIntegrationHistory.ts index b466c5723885e..e1f716e914cf2 100644 --- a/apps/meteor/app/integrations/server/methods/clearIntegrationHistory.ts +++ b/apps/meteor/app/integrations/server/methods/clearIntegrationHistory.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Integrations, IntegrationHistory } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import notifications from '../../../notifications/server/lib/Notifications'; declare module '@rocket.chat/ui-contexts' { @@ -22,9 +22,9 @@ Meteor.methods({ }); } - if (hasPermission(this.userId, 'manage-outgoing-integrations')) { + if (await hasPermissionAsync(this.userId, 'manage-outgoing-integrations')) { integration = await Integrations.findOneById(integrationId); - } else if (hasPermission(this.userId, 'manage-own-outgoing-integrations')) { + } else if (await hasPermissionAsync(this.userId, 'manage-own-outgoing-integrations')) { integration = await Integrations.findOne({ '_id': integrationId, '_createdBy._id': this.userId, diff --git a/apps/meteor/app/integrations/server/methods/incoming/addIncomingIntegration.ts b/apps/meteor/app/integrations/server/methods/incoming/addIncomingIntegration.ts index 2efc4176aea26..6d55166b9111c 100644 --- a/apps/meteor/app/integrations/server/methods/incoming/addIncomingIntegration.ts +++ b/apps/meteor/app/integrations/server/methods/incoming/addIncomingIntegration.ts @@ -7,7 +7,7 @@ import type { INewIncomingIntegration, IIncomingIntegration } from '@rocket.chat import { Integrations, Roles } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission, hasAllPermission } from '../../../../authorization/server'; +import { hasPermissionAsync, hasAllPermission } from '../../../../authorization/server/functions/hasPermission'; import { Users, Rooms, Subscriptions } from '../../../../models/server'; const validChannelChars = ['@', '#']; @@ -39,7 +39,11 @@ Meteor.methods({ }), ); - if (!userId || (!hasPermission(userId, 'manage-incoming-integrations') && !hasPermission(userId, 'manage-own-incoming-integrations'))) { + if ( + !userId || + (!(await hasPermissionAsync(userId, 'manage-incoming-integrations')) && + !(await hasPermissionAsync(userId, 'manage-own-incoming-integrations'))) + ) { throw new Meteor.Error('not_authorized', 'Unauthorized', { method: 'addIncomingIntegration', }); diff --git a/apps/meteor/app/integrations/server/methods/incoming/deleteIncomingIntegration.ts b/apps/meteor/app/integrations/server/methods/incoming/deleteIncomingIntegration.ts index d1438341880a2..bd1b578badad9 100644 --- a/apps/meteor/app/integrations/server/methods/incoming/deleteIncomingIntegration.ts +++ b/apps/meteor/app/integrations/server/methods/incoming/deleteIncomingIntegration.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Integrations } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -16,9 +16,9 @@ Meteor.methods({ let integration; const { userId } = this; - if (userId && hasPermission(userId, 'manage-incoming-integrations')) { + if (userId && (await hasPermissionAsync(userId, 'manage-incoming-integrations'))) { integration = Integrations.findOneById(integrationId); - } else if (userId && hasPermission(userId, 'manage-own-incoming-integrations')) { + } else if (userId && (await hasPermissionAsync(userId, 'manage-own-incoming-integrations'))) { integration = Integrations.findOne({ '_id': integrationId, '_createdBy._id': userId, diff --git a/apps/meteor/app/integrations/server/methods/incoming/updateIncomingIntegration.js b/apps/meteor/app/integrations/server/methods/incoming/updateIncomingIntegration.js index 8f9153a587ded..2631d2de3b34e 100644 --- a/apps/meteor/app/integrations/server/methods/incoming/updateIncomingIntegration.js +++ b/apps/meteor/app/integrations/server/methods/incoming/updateIncomingIntegration.js @@ -4,7 +4,7 @@ import _ from 'underscore'; import { Integrations, Roles } from '@rocket.chat/models'; import { Rooms, Users, Subscriptions } from '../../../../models/server'; -import { hasAllPermission, hasPermission } from '../../../../authorization/server'; +import { hasAllPermission, hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; const validChannelChars = ['@', '#']; @@ -28,9 +28,9 @@ Meteor.methods({ let currentIntegration; - if (hasPermission(this.userId, 'manage-incoming-integrations')) { + if (await hasPermissionAsync(this.userId, 'manage-incoming-integrations')) { currentIntegration = await Integrations.findOneById(integrationId); - } else if (hasPermission(this.userId, 'manage-own-incoming-integrations')) { + } else if (await hasPermissionAsync(this.userId, 'manage-own-incoming-integrations')) { currentIntegration = await Integrations.findOne({ '_id': integrationId, '_createdBy._id': this.userId, diff --git a/apps/meteor/app/integrations/server/methods/outgoing/addOutgoingIntegration.ts b/apps/meteor/app/integrations/server/methods/outgoing/addOutgoingIntegration.ts index 74610a7d5e714..46c3a3ea703b8 100644 --- a/apps/meteor/app/integrations/server/methods/outgoing/addOutgoingIntegration.ts +++ b/apps/meteor/app/integrations/server/methods/outgoing/addOutgoingIntegration.ts @@ -4,7 +4,7 @@ import type { INewOutgoingIntegration, IOutgoingIntegration } from '@rocket.chat import { Integrations } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { validateOutgoingIntegration } from '../../lib/validateOutgoingIntegration'; declare module '@rocket.chat/ui-contexts' { @@ -18,10 +18,6 @@ Meteor.methods({ async addOutgoingIntegration(integration: INewOutgoingIntegration): Promise { const { userId } = this; - if (!userId || (!hasPermission(userId, 'manage-outgoing-integrations') && !hasPermission(userId, 'manage-own-outgoing-integrations'))) { - throw new Meteor.Error('not_authorized'); - } - check( integration, Match.ObjectIncluding({ @@ -49,6 +45,14 @@ Meteor.methods({ }), ); + if ( + !userId || + (!(await hasPermissionAsync(userId, 'manage-outgoing-integrations')) && + !(await hasPermissionAsync(userId, 'manage-own-outgoing-integrations'))) + ) { + throw new Meteor.Error('not_authorized'); + } + const integrationData = validateOutgoingIntegration(integration, userId); const result = await Integrations.insertOne(integrationData); diff --git a/apps/meteor/app/integrations/server/methods/outgoing/deleteOutgoingIntegration.ts b/apps/meteor/app/integrations/server/methods/outgoing/deleteOutgoingIntegration.ts index 4dc1962865d39..add27cb9e01ad 100644 --- a/apps/meteor/app/integrations/server/methods/outgoing/deleteOutgoingIntegration.ts +++ b/apps/meteor/app/integrations/server/methods/outgoing/deleteOutgoingIntegration.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Integrations, IntegrationHistory } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -21,9 +21,9 @@ Meteor.methods({ }); } - if (hasPermission(this.userId, 'manage-outgoing-integrations')) { + if (await hasPermissionAsync(this.userId, 'manage-outgoing-integrations')) { integration = Integrations.findOneById(integrationId); - } else if (hasPermission(this.userId, 'manage-own-outgoing-integrations')) { + } else if (await hasPermissionAsync(this.userId, 'manage-own-outgoing-integrations')) { integration = Integrations.findOne({ '_id': integrationId, '_createdBy._id': this.userId, diff --git a/apps/meteor/app/integrations/server/methods/outgoing/replayOutgoingIntegration.ts b/apps/meteor/app/integrations/server/methods/outgoing/replayOutgoingIntegration.ts index 7c599bcea81b7..d6bfdbaedb9cd 100644 --- a/apps/meteor/app/integrations/server/methods/outgoing/replayOutgoingIntegration.ts +++ b/apps/meteor/app/integrations/server/methods/outgoing/replayOutgoingIntegration.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Integrations, IntegrationHistory } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { triggerHandler } from '../../lib/triggerHandler'; declare module '@rocket.chat/ui-contexts' { @@ -22,9 +22,9 @@ Meteor.methods({ }); } - if (hasPermission(this.userId, 'manage-outgoing-integrations')) { + if (await hasPermissionAsync(this.userId, 'manage-outgoing-integrations')) { integration = await Integrations.findOneById(integrationId); - } else if (hasPermission(this.userId, 'manage-own-outgoing-integrations')) { + } else if (await hasPermissionAsync(this.userId, 'manage-own-outgoing-integrations')) { integration = await Integrations.findOne({ '_id': integrationId, '_createdBy._id': this.userId, diff --git a/apps/meteor/app/integrations/server/methods/outgoing/updateOutgoingIntegration.js b/apps/meteor/app/integrations/server/methods/outgoing/updateOutgoingIntegration.js index 8ddae4b48cabc..8b2a9344e678b 100644 --- a/apps/meteor/app/integrations/server/methods/outgoing/updateOutgoingIntegration.js +++ b/apps/meteor/app/integrations/server/methods/outgoing/updateOutgoingIntegration.js @@ -1,7 +1,7 @@ import { Meteor } from 'meteor/meteor'; import { Integrations } from '@rocket.chat/models'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { Users } from '../../../../models/server'; import { validateOutgoingIntegration } from '../../lib/validateOutgoingIntegration'; @@ -17,9 +17,9 @@ Meteor.methods({ let currentIntegration; - if (hasPermission(this.userId, 'manage-outgoing-integrations')) { + if (await hasPermissionAsync(this.userId, 'manage-outgoing-integrations')) { currentIntegration = await Integrations.findOneById(integrationId); - } else if (hasPermission(this.userId, 'manage-own-outgoing-integrations')) { + } else if (await hasPermissionAsync(this.userId, 'manage-own-outgoing-integrations')) { currentIntegration = await Integrations.findOne({ '_id': integrationId, '_createdBy._id': this.userId, diff --git a/apps/meteor/app/invites/server/functions/findOrCreateInvite.js b/apps/meteor/app/invites/server/functions/findOrCreateInvite.js index 222ce04ce2e84..0d586ddc67dab 100644 --- a/apps/meteor/app/invites/server/functions/findOrCreateInvite.js +++ b/apps/meteor/app/invites/server/functions/findOrCreateInvite.js @@ -3,7 +3,7 @@ import { Random } from '@rocket.chat/random'; import { Invites } from '@rocket.chat/models'; import { api } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Subscriptions, Rooms } from '../../../models/server'; import { settings } from '../../../settings/server'; import { getURL } from '../../../utils/lib/getURL'; @@ -37,7 +37,7 @@ export const findOrCreateInvite = async (userId, invite) => { }); } - if (!hasPermission(userId, 'create-invite-links', invite.rid)) { + if (!(await hasPermissionAsync(userId, 'create-invite-links', invite.rid))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/invites/server/functions/listInvites.js b/apps/meteor/app/invites/server/functions/listInvites.js index 9ee3fb9792046..1faacdcdb3e71 100644 --- a/apps/meteor/app/invites/server/functions/listInvites.js +++ b/apps/meteor/app/invites/server/functions/listInvites.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; import { Invites } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; export const listInvites = async (userId) => { if (!userId) { throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'listInvites' }); } - if (!hasPermission(userId, 'create-invite-links')) { + if (!(await hasPermissionAsync(userId, 'create-invite-links'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/invites/server/functions/removeInvite.js b/apps/meteor/app/invites/server/functions/removeInvite.js index 1ca068473ae2b..a7042e9739318 100644 --- a/apps/meteor/app/invites/server/functions/removeInvite.js +++ b/apps/meteor/app/invites/server/functions/removeInvite.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; import { Invites } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; export const removeInvite = async (userId, invite) => { if (!userId || !invite) { return false; } - if (!hasPermission(userId, 'create-invite-links')) { + if (!(await (userId, 'create-invite-links'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/invites/server/functions/sendInvitationEmail.ts b/apps/meteor/app/invites/server/functions/sendInvitationEmail.ts index 917edfc41f0c9..d6ede6110319e 100644 --- a/apps/meteor/app/invites/server/functions/sendInvitationEmail.ts +++ b/apps/meteor/app/invites/server/functions/sendInvitationEmail.ts @@ -3,7 +3,7 @@ import { check } from 'meteor/check'; import { Settings } from '@rocket.chat/models'; import * as Mailer from '../../../mailer/server/api'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { settings } from '../../../settings/server'; let html = ''; @@ -20,7 +20,7 @@ export const sendInvitationEmail = async (userId: string, emails: string[]) => { method: 'sendInvitationEmail', }); } - if (!hasPermission(userId, 'bulk-register-user')) { + if (!(await hasPermissionAsync(userId, 'bulk-register-user'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'sendInvitationEmail', }); diff --git a/apps/meteor/app/lib/server/functions/getFullUserData.ts b/apps/meteor/app/lib/server/functions/getFullUserData.ts index 9be81206436c7..e01dcac83a4bb 100644 --- a/apps/meteor/app/lib/server/functions/getFullUserData.ts +++ b/apps/meteor/app/lib/server/functions/getFullUserData.ts @@ -3,7 +3,7 @@ import type { IUser } from '@rocket.chat/core-typings'; import { Logger } from '../../../logger/server'; import { settings } from '../../../settings/server'; import { Users } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; const logger = new Logger('getFullUserData'); @@ -76,7 +76,7 @@ export async function getFullUserDataByIdOrUsername( const caller = Users.findOneById(userId, { fields: { username: 1 } }); const targetUser = filterId || filterUsername; const myself = (filterId && targetUser === userId) || (filterUsername && targetUser === caller.username); - const canViewAllInfo = !!myself || hasPermission(userId, 'view-full-other-user-info'); + const canViewAllInfo = !!myself || (await hasPermissionAsync(userId, 'view-full-other-user-info')); const fields = getFields(canViewAllInfo); diff --git a/apps/meteor/app/lib/server/functions/index.ts b/apps/meteor/app/lib/server/functions/index.ts index 857644be5f848..f438a6b333746 100644 --- a/apps/meteor/app/lib/server/functions/index.ts +++ b/apps/meteor/app/lib/server/functions/index.ts @@ -4,7 +4,6 @@ export { archiveRoom } from './archiveRoom'; export { attachMessage } from './attachMessage'; export { checkEmailAvailability } from './checkEmailAvailability'; export { checkUsernameAvailability } from './checkUsernameAvailability'; -export { cleanRoomHistory } from './cleanRoomHistory'; export { createRoom } from './createRoom'; export { createDirectRoom } from './createDirectRoom'; export { deleteMessage } from './deleteMessage'; diff --git a/apps/meteor/app/lib/server/functions/saveUser.js b/apps/meteor/app/lib/server/functions/saveUser.js index e1f57c5f0ac3b..71fd0d48fb337 100644 --- a/apps/meteor/app/lib/server/functions/saveUser.js +++ b/apps/meteor/app/lib/server/functions/saveUser.js @@ -6,6 +6,7 @@ import { isUserFederated } from '@rocket.chat/core-typings'; import * as Mailer from '../../../mailer/server/api'; import { getRoles, hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { settings } from '../../../settings/server'; import { passwordPolicy } from '../lib/passwordPolicy'; import { validateEmailDomain } from '../lib'; @@ -380,7 +381,7 @@ export const saveUser = async function (userId, userData) { if ( userData.password && userData.password.trim() && - hasPermission(userId, 'edit-other-user-password') && + (await hasPermissionAsync(userId, 'edit-other-user-password')) && passwordPolicy.validate(userData.password) ) { Accounts.setPassword(userData._id, userData.password.trim()); diff --git a/apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.js b/apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.js index bbdb93b654f83..bad95861f46d6 100644 --- a/apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.js +++ b/apps/meteor/app/lib/server/lib/sendNotificationsOnMessage.js @@ -1,7 +1,7 @@ import { Meteor } from 'meteor/meteor'; import moment from 'moment'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { settings } from '../../../settings/server'; import { callbacks } from '../../../../lib/callbacks'; import { Subscriptions, Users } from '../../../models/server'; @@ -67,7 +67,7 @@ export const sendNotification = async ({ const roomType = room.t; // If the user doesn't have permission to view direct messages, don't send notification of direct messages. - if (roomType === 'd' && !hasPermission(subscription.u._id, 'view-d-room')) { + if (roomType === 'd' && !(await hasPermissionAsync(subscription.u._id, 'view-d-room'))) { return; } diff --git a/apps/meteor/app/lib/server/methods/addOAuthService.ts b/apps/meteor/app/lib/server/methods/addOAuthService.ts index 6e086a9bee4d8..b5131263471b1 100644 --- a/apps/meteor/app/lib/server/methods/addOAuthService.ts +++ b/apps/meteor/app/lib/server/methods/addOAuthService.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission''; import { addOAuthService } from '../functions/addOAuthService'; declare module '@rocket.chat/ui-contexts' { @@ -13,7 +13,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - addOAuthService(name) { + async addOAuthService(name) { check(name, String); const userId = Meteor.userId(); @@ -22,7 +22,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'addOAuthService' }); } - if (hasPermission(userId, 'add-oauth-service') !== true) { + if (await hasPermissionAsync(userId, 'add-oauth-service') !== true) { throw new Meteor.Error('error-action-not-allowed', 'Adding OAuth Services is not allowed', { method: 'addOAuthService', action: 'Adding_OAuth_Services', diff --git a/apps/meteor/app/lib/server/methods/addUsersToRoom.js b/apps/meteor/app/lib/server/methods/addUsersToRoom.js index 4afb779f4f001..19d5843b5e541 100644 --- a/apps/meteor/app/lib/server/methods/addUsersToRoom.js +++ b/apps/meteor/app/lib/server/methods/addUsersToRoom.js @@ -5,7 +5,7 @@ import { api } from '@rocket.chat/core-services'; import { isRoomFederated } from '@rocket.chat/core-typings'; import { Rooms, Subscriptions, Users } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { addUserToRoom } from '../functions'; import { callbacks } from '../../../../lib/callbacks'; import { Federation } from '../../../../server/services/federation/Federation'; @@ -42,11 +42,11 @@ Meteor.methods({ // Can add to any room you're in, with permission, otherwise need specific room type permission let canAddUser = false; - if (userInRoom && hasPermission(userId, 'add-user-to-joined-room', room._id)) { + if (userInRoom && (await hasPermissionAsync(userId, 'add-user-to-joined-room', room._id))) { canAddUser = true; - } else if (room.t === 'c' && hasPermission(userId, 'add-user-to-any-c-room')) { + } else if (room.t === 'c' && (await hasPermissionAsync(userId, 'add-user-to-any-c-room'))) { canAddUser = true; - } else if (room.t === 'p' && hasPermission(userId, 'add-user-to-any-p-room')) { + } else if (room.t === 'p' && (await hasPermissionAsync(userId, 'add-user-to-any-p-room'))) { canAddUser = true; } diff --git a/apps/meteor/app/lib/server/methods/archiveRoom.ts b/apps/meteor/app/lib/server/methods/archiveRoom.ts index 854c40c85d475..37de8d08e8f48 100644 --- a/apps/meteor/app/lib/server/methods/archiveRoom.ts +++ b/apps/meteor/app/lib/server/methods/archiveRoom.ts @@ -3,7 +3,7 @@ import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Rooms } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { archiveRoom } from '../functions'; import { roomCoordinator } from '../../../../server/lib/rooms/roomCoordinator'; import { RoomMemberActions } from '../../../../definition/IRoomTypeConfig'; @@ -16,7 +16,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - archiveRoom(rid) { + async archiveRoom(rid) { check(rid, String); const userId = Meteor.userId(); @@ -35,7 +35,7 @@ Meteor.methods({ throw new Meteor.Error('error-direct-message-room', `rooms type: ${room.t} can not be archived`, { method: 'archiveRoom' }); } - if (!hasPermission(userId, 'archive-room', room._id)) { + if (!(await hasPermissionAsync(userId, 'archive-room', room._id))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'archiveRoom' }); } diff --git a/apps/meteor/app/lib/server/methods/cleanRoomHistory.js b/apps/meteor/app/lib/server/methods/cleanRoomHistory.js index 1deff9d23754f..f4e96070722c8 100644 --- a/apps/meteor/app/lib/server/methods/cleanRoomHistory.js +++ b/apps/meteor/app/lib/server/methods/cleanRoomHistory.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { cleanRoomHistory } from '../functions/cleanRoomHistory'; Meteor.methods({ - cleanRoomHistory({ + async cleanRoomHistory({ roomId, latest, oldest, @@ -33,7 +33,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'cleanRoomHistory' }); } - if (!hasPermission(userId, 'clean-channel-history', roomId)) { + if (!(await hasPermissionAsync(userId, 'clean-channel-history', roomId))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'cleanRoomHistory' }); } diff --git a/apps/meteor/app/lib/server/methods/createChannel.ts b/apps/meteor/app/lib/server/methods/createChannel.ts index 110b1cf6ba590..e1216884b747e 100644 --- a/apps/meteor/app/lib/server/methods/createChannel.ts +++ b/apps/meteor/app/lib/server/methods/createChannel.ts @@ -3,7 +3,7 @@ import { Match, check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { ICreatedRoom } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { createRoom } from '../functions'; declare module '@rocket.chat/ui-contexts' { @@ -20,7 +20,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - createChannel(name, members, readOnly = false, customFields = {}, extraData = {}) { + async createChannel(name, members, readOnly = false, customFields = {}, extraData = {}) { check(name, String); check(members, Match.Optional([String])); @@ -32,7 +32,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'createChannel' }); } - if (!hasPermission(uid, 'create-c')) { + if (!(await hasPermissionAsync(uid, 'create-c'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'createChannel' }); } return createRoom('c', name, user.username, members, readOnly, { diff --git a/apps/meteor/app/lib/server/methods/createPrivateGroup.js b/apps/meteor/app/lib/server/methods/createPrivateGroup.js index e4cad416a2d9a..9e90abe422330 100644 --- a/apps/meteor/app/lib/server/methods/createPrivateGroup.js +++ b/apps/meteor/app/lib/server/methods/createPrivateGroup.js @@ -1,7 +1,7 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { createRoom } from '../functions'; Meteor.methods({ @@ -15,7 +15,7 @@ Meteor.methods({ }); } - if (!hasPermission(Meteor.userId(), 'create-p')) { + if (!await hasPermissionAsync(Meteor.userId(), 'create-p')) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'createPrivateGroup' }); } diff --git a/apps/meteor/app/lib/server/methods/createToken.ts b/apps/meteor/app/lib/server/methods/createToken.ts index 26e77bd168b47..441a10982de0c 100644 --- a/apps/meteor/app/lib/server/methods/createToken.ts +++ b/apps/meteor/app/lib/server/methods/createToken.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Accounts } from 'meteor/accounts-base'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -12,13 +12,13 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - createToken(userId) { + async createToken(userId) { const uid = Meteor.userId(); if ( !['yes', 'true'].includes(String(process.env.CREATE_TOKENS_FOR_USERS)) || !uid || - (uid !== userId && !hasPermission(uid, 'user-generate-access-token')) + (uid !== userId && !(await hasPermissionAsync(uid, 'user-generate-access-token'))) ) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'createToken' }); } diff --git a/apps/meteor/app/lib/server/methods/filterATAllTag.js b/apps/meteor/app/lib/server/methods/filterATAllTag.js index d24a21e3e3e57..67717f4114f2d 100644 --- a/apps/meteor/app/lib/server/methods/filterATAllTag.js +++ b/apps/meteor/app/lib/server/methods/filterATAllTag.js @@ -4,13 +4,13 @@ import _ from 'underscore'; import moment from 'moment'; import { api } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { callbacks } from '../../../../lib/callbacks'; import { Users } from '../../../models/server'; callbacks.add( 'beforeSaveMessage', - function (message) { + async function (message) { // If the message was edited, or is older than 60 seconds (imported) // the notifications will be skipped, so we can also skip this validation if (message.editedAt || (message.ts && Math.abs(moment(message.ts).diff()) > 60000)) { @@ -20,7 +20,10 @@ callbacks.add( // Test if the message mentions include @all. if (message.mentions != null && _.pluck(message.mentions, '_id').some((item) => item === 'all')) { // Check if the user has permissions to use @all in both global and room scopes. - if (!hasPermission(message.u._id, 'mention-all') && !hasPermission(message.u._id, 'mention-all', message.rid)) { + if ( + !(await hasPermissionAsync(message.u._id, 'mention-all')) && + !(await hasPermissionAsync(message.u._id, 'mention-all', message.rid)) + ) { // Get the language of the user for the error notification. const { language } = Users.findOneById(message.u._id); const action = TAPi18n.__('Notify_all_in_this_room', {}, language); diff --git a/apps/meteor/app/lib/server/methods/filterATHereTag.js b/apps/meteor/app/lib/server/methods/filterATHereTag.js index 0afc62b7df642..33f804df64b05 100644 --- a/apps/meteor/app/lib/server/methods/filterATHereTag.js +++ b/apps/meteor/app/lib/server/methods/filterATHereTag.js @@ -4,13 +4,13 @@ import _ from 'underscore'; import moment from 'moment'; import { api } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { callbacks } from '../../../../lib/callbacks'; import { Users } from '../../../models/server'; callbacks.add( 'beforeSaveMessage', - function (message) { + async function (message) { // If the message was edited, or is older than 60 seconds (imported) // the notifications will be skipped, so we can also skip this validation if (message.editedAt || (message.ts && Math.abs(moment(message.ts).diff()) > 60000)) { @@ -20,7 +20,10 @@ callbacks.add( // Test if the message mentions include @here. if (message.mentions != null && _.pluck(message.mentions, '_id').some((item) => item === 'here')) { // Check if the user has permissions to use @here in both global and room scopes. - if (!hasPermission(message.u._id, 'mention-here') && !hasPermission(message.u._id, 'mention-here', message.rid)) { + if ( + !(await hasPermissionAsync(message.u._id, 'mention-here')) && + !(await hasPermissionAsync(message.u._id, 'mention-here', message.rid)) + ) { // Get the language of the user for the error notification. const { language } = Users.findOneById(message.u._id); const action = TAPi18n.__('Notify_active_in_this_room', {}, language); diff --git a/apps/meteor/app/lib/server/methods/getChannelHistory.ts b/apps/meteor/app/lib/server/methods/getChannelHistory.ts index e8f1df549eced..dbe328b6e6683 100644 --- a/apps/meteor/app/lib/server/methods/getChannelHistory.ts +++ b/apps/meteor/app/lib/server/methods/getChannelHistory.ts @@ -4,7 +4,8 @@ import _ from 'underscore'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { IMessage } from '@rocket.chat/core-typings'; -import { canAccessRoomAsync, hasPermission } from '../../../authorization/server'; +import { canAccessRoomAsync } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Subscriptions, Messages, Rooms } from '../../../models/server'; import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser'; import { getHiddenSystemMessages } from '../lib/getHiddenSystemMessages'; @@ -50,7 +51,7 @@ Meteor.methods({ // Make sure they can access the room if ( room.t === 'c' && - !hasPermission(fromUserId, 'preview-c-room') && + !(await hasPermissionAsync(fromUserId, 'preview-c-room')) && !Subscriptions.findOneByRoomIdAndUserId(rid, fromUserId, { fields: { _id: 1 } }) ) { return false; diff --git a/apps/meteor/app/lib/server/methods/getRoomJoinCode.ts b/apps/meteor/app/lib/server/methods/getRoomJoinCode.ts index a3695c065a53e..519533d98e918 100644 --- a/apps/meteor/app/lib/server/methods/getRoomJoinCode.ts +++ b/apps/meteor/app/lib/server/methods/getRoomJoinCode.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Rooms } from '../../../models/server'; declare module '@rocket.chat/ui-contexts' { @@ -13,7 +13,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - getRoomJoinCode(rid) { + async getRoomJoinCode(rid) { check(rid, String); const userId = Meteor.userId(); @@ -22,7 +22,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'getJoinCode' }); } - if (!hasPermission(userId, 'view-join-code')) { + if (!(await hasPermissionAsync(userId, 'view-join-code'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'getJoinCode' }); } diff --git a/apps/meteor/app/lib/server/methods/joinRoom.ts b/apps/meteor/app/lib/server/methods/joinRoom.ts index 2dfea1be0dbd7..4b748d2158e1f 100644 --- a/apps/meteor/app/lib/server/methods/joinRoom.ts +++ b/apps/meteor/app/lib/server/methods/joinRoom.ts @@ -3,7 +3,8 @@ import { check } from 'meteor/check'; import type { IRoom } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission, canAccessRoomAsync } from '../../../authorization/server'; +import { canAccessRoomAsync } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Rooms } from '../../../models/server'; import { addUserToRoom } from '../functions'; import { roomCoordinator } from '../../../../server/lib/rooms/roomCoordinator'; @@ -39,7 +40,7 @@ Meteor.methods({ if (!(await canAccessRoomAsync(room, user))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'joinRoom' }); } - if (room.joinCodeRequired === true && code !== room.joinCode && !hasPermission(user._id, 'join-without-join-code')) { + if (room.joinCodeRequired === true && code !== room.joinCode && !(await hasPermissionAsync(user._id, 'join-without-join-code'))) { throw new Meteor.Error('error-code-invalid', 'Invalid Room Password', { method: 'joinRoom', }); diff --git a/apps/meteor/app/lib/server/methods/leaveRoom.ts b/apps/meteor/app/lib/server/methods/leaveRoom.ts index 77d87fad892d0..dde67e5b3438f 100644 --- a/apps/meteor/app/lib/server/methods/leaveRoom.ts +++ b/apps/meteor/app/lib/server/methods/leaveRoom.ts @@ -4,7 +4,8 @@ import type { IUser } from '@rocket.chat/core-typings'; import { Roles } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission, hasRole } from '../../../authorization/server'; +import { hasRole } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Subscriptions, Rooms } from '../../../models/server'; import { removeUserFromRoom } from '../functions'; import { roomCoordinator } from '../../../../server/lib/rooms/roomCoordinator'; @@ -32,7 +33,10 @@ Meteor.methods({ throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'leaveRoom' }); } - if ((room.t === 'c' && !hasPermission(user._id, 'leave-c')) || (room.t === 'p' && !hasPermission(user._id, 'leave-p'))) { + if ( + (room.t === 'c' && !(await hasPermissionAsync(user._id, 'leave-c'))) || + (room.t === 'p' && !(await hasPermissionAsync(user._id, 'leave-p'))) + ) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'leaveRoom' }); } diff --git a/apps/meteor/app/lib/server/methods/refreshOAuthService.ts b/apps/meteor/app/lib/server/methods/refreshOAuthService.ts index 1e27414505bde..6e0a829518f1c 100644 --- a/apps/meteor/app/lib/server/methods/refreshOAuthService.ts +++ b/apps/meteor/app/lib/server/methods/refreshOAuthService.ts @@ -3,7 +3,7 @@ import { ServiceConfiguration } from 'meteor/service-configuration'; import { Settings } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -22,7 +22,7 @@ Meteor.methods({ }); } - if (hasPermission(userId, 'add-oauth-service') !== true) { + if ((await hasPermissionAsync(userId, 'add-oauth-service')) !== true) { throw new Meteor.Error('error-action-not-allowed', 'Refresh OAuth Services is not allowed', { method: 'refreshOAuthService', action: 'Refreshing_OAuth_Services', diff --git a/apps/meteor/app/lib/server/methods/removeOAuthService.ts b/apps/meteor/app/lib/server/methods/removeOAuthService.ts index e948196367772..6c19b22591568 100644 --- a/apps/meteor/app/lib/server/methods/removeOAuthService.ts +++ b/apps/meteor/app/lib/server/methods/removeOAuthService.ts @@ -4,7 +4,7 @@ import { check } from 'meteor/check'; import { Settings } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -25,7 +25,7 @@ Meteor.methods({ }); } - if (hasPermission(userId, 'add-oauth-service') !== true) { + if ((await hasPermissionAsync(userId, 'add-oauth-service')) !== true) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'removeOAuthService' }); } diff --git a/apps/meteor/app/lib/server/methods/restartServer.ts b/apps/meteor/app/lib/server/methods/restartServer.ts index 453ff0b80f7ff..d98665fc38a48 100644 --- a/apps/meteor/app/lib/server/methods/restartServer.ts +++ b/apps/meteor/app/lib/server/methods/restartServer.ts @@ -1,7 +1,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -14,14 +14,14 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - restart_server() { + async restart_server() { const uid = Meteor.userId(); if (!uid) { throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'restart_server' }); } - if (hasPermission(uid, 'restart-server') !== true) { + if ((await hasPermissionAsync(uid, 'restart-server')) !== true) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'restart_server' }); } diff --git a/apps/meteor/app/lib/server/methods/saveSetting.js b/apps/meteor/app/lib/server/methods/saveSetting.js index 4e8829fb07bcd..b2381230aa000 100644 --- a/apps/meteor/app/lib/server/methods/saveSetting.js +++ b/apps/meteor/app/lib/server/methods/saveSetting.js @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import { Settings } from '@rocket.chat/models'; -import { hasPermission, hasAllPermission } from '../../../authorization/server'; +import { hasPermissionAsync, hasAllPermission } from '../../../authorization/server/functions/hasPermission'; import { getSettingPermissionId } from '../../../authorization/lib'; import { twoFactorRequired } from '../../../2fa/server/twoFactorRequired'; @@ -16,7 +16,7 @@ Meteor.methods({ } if ( - !hasPermission(uid, 'edit-privileged-setting') && + !(await hasPermissionAsync(uid, 'edit-privileged-setting')) && !hasAllPermission(uid, ['manage-selected-settings', getSettingPermissionId(_id)]) ) { // TODO use the same function diff --git a/apps/meteor/app/lib/server/methods/saveSettings.ts b/apps/meteor/app/lib/server/methods/saveSettings.ts index f471c5a6bfbde..7a1cec27a4b8e 100644 --- a/apps/meteor/app/lib/server/methods/saveSettings.ts +++ b/apps/meteor/app/lib/server/methods/saveSettings.ts @@ -4,7 +4,7 @@ import { Settings } from '@rocket.chat/models'; import type { ISetting } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { getSettingPermissionId } from '../../../authorization/lib'; import { twoFactorRequired } from '../../../2fa/server/twoFactorRequired'; @@ -34,14 +34,14 @@ Meteor.methods({ method: 'saveSetting', }); } - const editPrivilegedSetting = hasPermission(uid, 'edit-privileged-setting'); - const manageSelectedSettings = hasPermission(uid, 'manage-selected-settings'); + const editPrivilegedSetting = await hasPermissionAsync(uid, 'edit-privileged-setting'); + const manageSelectedSettings = await hasPermissionAsync(uid, 'manage-selected-settings'); await Promise.all( params.map(async ({ _id, value }) => { // Verify the _id passed in is a string. check(_id, String); - if (!editPrivilegedSetting && !(manageSelectedSettings && hasPermission(uid, getSettingPermissionId(_id)))) { + if (!editPrivilegedSetting && !(manageSelectedSettings && (await hasPermissionAsync(uid, getSettingPermissionId(_id))))) { return settingsNotAllowed.push(_id); } diff --git a/apps/meteor/app/lib/server/methods/setAdminStatus.ts b/apps/meteor/app/lib/server/methods/setAdminStatus.ts index 6759e66284efd..b15cc35e03eb9 100644 --- a/apps/meteor/app/lib/server/methods/setAdminStatus.ts +++ b/apps/meteor/app/lib/server/methods/setAdminStatus.ts @@ -3,7 +3,7 @@ import { Match, check } from 'meteor/check'; import { isUserFederated } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -13,7 +13,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - setAdminStatus(userId, admin) { + async setAdminStatus(userId, admin) { check(userId, String); check(admin, Match.Optional(Boolean)); @@ -23,7 +23,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'setAdminStatus' }); } - if (hasPermission(uid, 'assign-admin-role') !== true) { + if ((await hasPermissionAsync(uid, 'assign-admin-role')) !== true) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'setAdminStatus' }); } diff --git a/apps/meteor/app/lib/server/methods/unarchiveRoom.ts b/apps/meteor/app/lib/server/methods/unarchiveRoom.ts index 5c2ca5878b37f..ba8c4e84c96fa 100644 --- a/apps/meteor/app/lib/server/methods/unarchiveRoom.ts +++ b/apps/meteor/app/lib/server/methods/unarchiveRoom.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Rooms } from '../../../models/server'; import { unarchiveRoom } from '../functions'; @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - unarchiveRoom(rid) { + async unarchiveRoom(rid) { check(rid, String); const userId = Meteor.userId(); @@ -29,7 +29,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'unarchiveRoom' }); } - if (!hasPermission(userId, 'unarchive-room', room._id)) { + if (!(await hasPermissionAsync(userId, 'unarchive-room', room._id))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'unarchiveRoom' }); } diff --git a/apps/meteor/app/lib/server/methods/updateMessage.ts b/apps/meteor/app/lib/server/methods/updateMessage.ts index 66b48cc5c08c6..3b2b84098926c 100644 --- a/apps/meteor/app/lib/server/methods/updateMessage.ts +++ b/apps/meteor/app/lib/server/methods/updateMessage.ts @@ -6,7 +6,8 @@ import type { IEditedMessage, IUser } from '@rocket.chat/core-typings'; import { Messages } from '../../../models/server'; import { settings } from '../../../settings/server'; -import { hasPermission, canSendMessage } from '../../../authorization/server'; +import { canSendMessage } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { updateMessage } from '../functions'; const allowedEditedFields = ['tshow', 'alias', 'attachments', 'avatar', 'emoji', 'msg']; @@ -19,7 +20,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - updateMessage(message) { + async updateMessage(message) { check(message, Match.ObjectIncluding({ _id: String })); const uid = Meteor.userId(); @@ -56,7 +57,7 @@ Meteor.methods({ throw new Meteor.Error('error-message-change-to-thread', 'Cannot update message to a thread', { method: 'updateMessage' }); } - const _hasPermission = hasPermission(uid, 'edit-message', message.rid); + const _hasPermission = await hasPermissionAsync(uid, 'edit-message', message.rid); const editAllowed = settings.get('Message_AllowEditing'); const editOwn = originalMessage.u && originalMessage.u._id === uid; @@ -68,7 +69,7 @@ Meteor.methods({ } const blockEditInMinutes = settings.get('Message_AllowEditing_BlockEditInMinutes'); - const bypassBlockTimeLimit = hasPermission(uid, 'bypass-time-limit-edit-and-delete'); + const bypassBlockTimeLimit = await hasPermissionAsync(uid, 'bypass-time-limit-edit-and-delete'); if (!bypassBlockTimeLimit && Match.test(blockEditInMinutes, Number) && blockEditInMinutes !== 0) { let currentTsDiff = 0; diff --git a/apps/meteor/app/livechat/imports/server/rest/departments.ts b/apps/meteor/app/livechat/imports/server/rest/departments.ts index ffb7a342fe5fb..83e204dc8dc77 100644 --- a/apps/meteor/app/livechat/imports/server/rest/departments.ts +++ b/apps/meteor/app/livechat/imports/server/rest/departments.ts @@ -3,7 +3,7 @@ import { Match, check } from 'meteor/check'; import { LivechatDepartment, LivechatDepartmentAgents } from '@rocket.chat/models'; import { API } from '../../../../api/server'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { Livechat } from '../../../server/lib/Livechat'; import { findDepartments, @@ -104,8 +104,8 @@ API.v1.addRoute( return API.v1.success({ department, agents }); }, async put() { - const permissionToSave = hasPermission(this.userId, 'manage-livechat-departments'); - const permissionToAddAgents = hasPermission(this.userId, 'add-livechat-department-agents'); + const permissionToSave = await hasPermissionAsync(this.userId, 'manage-livechat-departments'); + const permissionToAddAgents = await hasPermissionAsync(this.userId, 'add-livechat-department-agents'); check(this.urlParams, { _id: String, diff --git a/apps/meteor/app/livechat/imports/server/rest/rooms.ts b/apps/meteor/app/livechat/imports/server/rest/rooms.ts index 1a417236c75ee..044898598ea1f 100644 --- a/apps/meteor/app/livechat/imports/server/rest/rooms.ts +++ b/apps/meteor/app/livechat/imports/server/rest/rooms.ts @@ -3,7 +3,7 @@ import { LivechatRooms } from '@rocket.chat/models'; import { API } from '../../../../api/server'; import { findRooms } from '../../../server/api/lib/rooms'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; const validateDateParams = (property: string, date?: string) => { let parsedDate: { start?: string; end?: string } | undefined = undefined; @@ -35,8 +35,9 @@ API.v1.addRoute( const createdAtParam = validateDateParams('createdAt', createdAt); const closedAtParam = validateDateParams('closedAt', closedAt); - const hasAdminAccess = hasPermission(this.userId, 'view-livechat-rooms'); - const hasAgentAccess = hasPermission(this.userId, 'view-l-room') && agents?.includes(this.userId) && agents?.length === 1; + const hasAdminAccess = await hasPermissionAsync(this.userId, 'view-livechat-rooms'); + const hasAgentAccess = + (await hasPermissionAsync(this.userId, 'view-l-room')) && agents?.includes(this.userId) && agents?.length === 1; if (!hasAdminAccess && !hasAgentAccess) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/livechat/server/api/v1/room.ts b/apps/meteor/app/livechat/server/api/v1/room.ts index 8d738ece7e830..e0c2363119ddd 100644 --- a/apps/meteor/app/livechat/server/api/v1/room.ts +++ b/apps/meteor/app/livechat/server/api/v1/room.ts @@ -24,7 +24,7 @@ import { Livechat } from '../../lib/Livechat'; import { Livechat as LivechatTyped } from '../../lib/LivechatTyped'; import { normalizeTransferredByData } from '../../lib/Helper'; import { findVisitorInfo } from '../lib/visitors'; -import { canAccessRoomAsync, hasPermission } from '../../../../authorization/server'; +import { canAccessRoomAsync } from '../../../../authorization/server'; import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { addUserToRoom } from '../../../../lib/server/functions'; import { apiDeprecationLogger } from '../../../../lib/server/lib/deprecationWarningLogger'; @@ -376,7 +376,7 @@ API.v1.addRoute( throw new Error('invalid-room-visitor'); } - room = Livechat.changeRoomVisitor(this.userId, rid, visitor); + room = await Livechat.changeRoomVisitor(this.userId, rid, visitor); return API.v1.success(deprecationWarning({ endpoint: 'livechat/room.visitor', versionWillBeRemoved: '6.0', response: { room } })); }, @@ -424,7 +424,10 @@ API.v1.addRoute( throw new Error('error-invalid-room'); } - if ((!room.servedBy || room.servedBy._id !== this.userId) && !hasPermission(this.userId, 'save-others-livechat-room-info')) { + if ( + (!room.servedBy || room.servedBy._id !== this.userId) && + !(await hasPermissionAsync(this.userId, 'save-others-livechat-room-info')) + ) { return API.v1.unauthorized(); } diff --git a/apps/meteor/app/livechat/server/lib/Livechat.js b/apps/meteor/app/livechat/server/lib/Livechat.js index a8d3a9a4fba2a..73e159d088622 100644 --- a/apps/meteor/app/livechat/server/lib/Livechat.js +++ b/apps/meteor/app/livechat/server/lib/Livechat.js @@ -39,6 +39,7 @@ import { } from '../../../models/server'; import { Logger } from '../../../logger/server'; import { hasPermission, hasRole, canAccessRoomAsync, roomAccessAttributes } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import * as Mailer from '../../../mailer/server/api'; import { sendMessage } from '../../../lib/server/functions/sendMessage'; import { updateMessage } from '../../../lib/server/functions/updateMessage'; @@ -403,7 +404,7 @@ export const Livechat = { const customFields = {}; - if ((!userId || hasPermission(userId, 'edit-livechat-room-customfields')) && Object.keys(livechatData).length) { + if ((!userId || (await hasPermissionAsync(userId, 'edit-livechat-room-customfields'))) && Object.keys(livechatData).length) { Livechat.logger.debug(`Saving custom fields for visitor ${_id}`); const fields = LivechatCustomField.findByScope('visitor'); for await (const field of fields) { @@ -539,7 +540,7 @@ export const Livechat = { const { livechatData = {} } = roomData; const customFields = {}; - if ((!userId || hasPermission(userId, 'edit-livechat-room-customfields')) && Object.keys(livechatData).length) { + if ((!userId || (await hasPermissionAsync(userId, 'edit-livechat-room-customfields'))) && Object.keys(livechatData).length) { Livechat.logger.debug(`Updating custom fields on room ${roomData._id}`); const fields = LivechatCustomField.findByScope('room'); for await (const field of fields) { @@ -1247,23 +1248,23 @@ export const Livechat = { }); }, - changeRoomVisitor(userId, roomId, visitor) { - const user = Promise.await(Users.findOneById(userId)); + async changeRoomVisitor(userId, roomId, visitor) { + const user = await Users.findOneById(userId); if (!user) { throw new Error('error-user-not-found'); } - if (!hasPermission(userId, 'change-livechat-room-visitor')) { + if (!(await hasPermissionAsync(userId, 'change-livechat-room-visitor'))) { throw new Error('error-not-authorized'); } - const room = Promise.await(LivechatRooms.findOneById(roomId, { ...roomAccessAttributes, _id: 1, t: 1 })); + const room = await LivechatRooms.findOneById(roomId, { ...roomAccessAttributes, _id: 1, t: 1 }); if (!room) { throw new Meteor.Error('invalid-room'); } - if (!Promise.await(canAccessRoomAsync(room, user))) { + if (!(await canAccessRoomAsync(room, user))) { throw new Error('error-not-allowed'); } diff --git a/apps/meteor/app/livechat/server/methods/addAgent.js b/apps/meteor/app/livechat/server/methods/addAgent.js index 145b78282f949..c7d0936f0c8b7 100644 --- a/apps/meteor/app/livechat/server/methods/addAgent.js +++ b/apps/meteor/app/livechat/server/methods/addAgent.js @@ -1,13 +1,13 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; import { Livechat } from '../lib/Livechat'; Meteor.methods({ - 'livechat:addAgent'(username) { + async 'livechat:addAgent'(username) { methodDeprecationLogger.warn('livechat:addAgent will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-agents')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-agents'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:addAgent' }); } diff --git a/apps/meteor/app/livechat/server/methods/addManager.js b/apps/meteor/app/livechat/server/methods/addManager.js index 228831afe62b7..5787436e1b421 100644 --- a/apps/meteor/app/livechat/server/methods/addManager.js +++ b/apps/meteor/app/livechat/server/methods/addManager.js @@ -1,13 +1,13 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Livechat } from '../lib/Livechat'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; Meteor.methods({ - 'livechat:addManager'(username) { + async 'livechat:addManager'(username) { methodDeprecationLogger.warn('livechat:addManager will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-managers')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-managers'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:addManager' }); } diff --git a/apps/meteor/app/livechat/server/methods/changeLivechatStatus.ts b/apps/meteor/app/livechat/server/methods/changeLivechatStatus.ts index aba9b4638a207..6962340f4bc55 100644 --- a/apps/meteor/app/livechat/server/methods/changeLivechatStatus.ts +++ b/apps/meteor/app/livechat/server/methods/changeLivechatStatus.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Livechat } from '../lib/Livechat'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import Users from '../../../models/server/models/Users'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - 'livechat:changeLivechatStatus'({ status, agentId = Meteor.userId() } = {}) { + async 'livechat:changeLivechatStatus'({ status, agentId = Meteor.userId() } = {}) { methodDeprecationLogger.warn( 'livechat:changeLivechatStatus is deprecated and will be removed in future versions of Rocket.Chat. Use /api/v1/livechat/agent.status REST API instead.', ); @@ -53,7 +53,7 @@ Meteor.methods({ } if (agentId !== uid) { - if (!hasPermission(uid, 'manage-livechat-agents')) { + if (!(await hasPermissionAsync(uid, 'manage-livechat-agents'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveAgentInfo', }); diff --git a/apps/meteor/app/livechat/server/methods/getAgentOverviewData.js b/apps/meteor/app/livechat/server/methods/getAgentOverviewData.js index 20af1d8f37e0e..67879d1e6c8e2 100644 --- a/apps/meteor/app/livechat/server/methods/getAgentOverviewData.js +++ b/apps/meteor/app/livechat/server/methods/getAgentOverviewData.js @@ -1,13 +1,13 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission''; import { Livechat } from '../lib/Livechat'; import { Users } from '../../../models/server'; Meteor.methods({ - 'livechat:getAgentOverviewData'(options) { + async 'livechat:getAgentOverviewData'(options) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'view-livechat-manager')) { + if (!userId || !await hasPermissionAsync(userId, 'view-livechat-manager')) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:getAgentOverviewData', }); diff --git a/apps/meteor/app/livechat/server/methods/getAnalyticsChartData.js b/apps/meteor/app/livechat/server/methods/getAnalyticsChartData.js index 29e3fc187b392..bf2b4042e373d 100644 --- a/apps/meteor/app/livechat/server/methods/getAnalyticsChartData.js +++ b/apps/meteor/app/livechat/server/methods/getAnalyticsChartData.js @@ -1,13 +1,13 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server'; import { Users } from '../../../models/server'; import { Livechat } from '../lib/Livechat'; Meteor.methods({ - 'livechat:getAnalyticsChartData'(options) { + async 'livechat:getAnalyticsChartData'(options) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'view-livechat-manager')) { + if (!userId || !(await hasPermissionAsync(userId, 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:getAnalyticsChartData', }); diff --git a/apps/meteor/app/livechat/server/methods/getAnalyticsOverviewData.js b/apps/meteor/app/livechat/server/methods/getAnalyticsOverviewData.js index 019df9ef19812..eb2b78914c48a 100644 --- a/apps/meteor/app/livechat/server/methods/getAnalyticsOverviewData.js +++ b/apps/meteor/app/livechat/server/methods/getAnalyticsOverviewData.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Users } from '../../../models/server'; import { settings } from '../../../settings/server'; import { Livechat } from '../lib/Livechat'; Meteor.methods({ - 'livechat:getAnalyticsOverviewData'(options) { + async 'livechat:getAnalyticsOverviewData'(options) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'view-livechat-manager')) { + if (!userId || !(await hasPermissionAsync(userId, 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:getAnalyticsOverviewData', }); diff --git a/apps/meteor/app/livechat/server/methods/getFirstRoomMessage.js b/apps/meteor/app/livechat/server/methods/getFirstRoomMessage.js index 8747afb85d137..7f659f4a6cccb 100644 --- a/apps/meteor/app/livechat/server/methods/getFirstRoomMessage.js +++ b/apps/meteor/app/livechat/server/methods/getFirstRoomMessage.js @@ -2,13 +2,13 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { LivechatRooms, Messages } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; Meteor.methods({ 'livechat:getFirstRoomMessage'({ rid }) { methodDeprecationLogger.warn('livechat:getFirstRoomMessage will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-l-room')) { + if (!Meteor.userId() || !await hasPermissionAsync(Meteor.userId(), 'view-l-room')) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:getFirstRoomMessage', }); diff --git a/apps/meteor/app/livechat/server/methods/removeAgent.js b/apps/meteor/app/livechat/server/methods/removeAgent.js index 3c32c2ab9a49a..49ea9f7914b76 100644 --- a/apps/meteor/app/livechat/server/methods/removeAgent.js +++ b/apps/meteor/app/livechat/server/methods/removeAgent.js @@ -1,13 +1,13 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Livechat } from '../lib/Livechat'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; Meteor.methods({ - 'livechat:removeAgent'(username) { + async 'livechat:removeAgent'(username) { methodDeprecationLogger.warn('livechat:removeAgent will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-agents')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-agents'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeAgent', }); diff --git a/apps/meteor/app/livechat/server/methods/removeCustomField.js b/apps/meteor/app/livechat/server/methods/removeCustomField.js index 3eaca777d867a..b80f8c572d983 100644 --- a/apps/meteor/app/livechat/server/methods/removeCustomField.js +++ b/apps/meteor/app/livechat/server/methods/removeCustomField.js @@ -2,11 +2,11 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { LivechatCustomField } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; Meteor.methods({ async 'livechat:removeCustomField'(_id) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-livechat-manager')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeCustomField', }); diff --git a/apps/meteor/app/livechat/server/methods/removeDepartment.js b/apps/meteor/app/livechat/server/methods/removeDepartment.js index 33c0a7bbe0608..f1a53a629f449 100644 --- a/apps/meteor/app/livechat/server/methods/removeDepartment.js +++ b/apps/meteor/app/livechat/server/methods/removeDepartment.js @@ -1,17 +1,17 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; import { DepartmentHelper } from '../lib/Departments'; Meteor.methods({ - 'livechat:removeDepartment'(_id) { + async 'livechat:removeDepartment'(_id) { methodDeprecationLogger.warn('livechat:removeDepartment will be deprecated in future versions of Rocket.Chat'); check(_id, String); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-departments')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-departments'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeDepartment', }); diff --git a/apps/meteor/app/livechat/server/methods/removeManager.js b/apps/meteor/app/livechat/server/methods/removeManager.js index c0c70ef1def9e..d2a03e7c47742 100644 --- a/apps/meteor/app/livechat/server/methods/removeManager.js +++ b/apps/meteor/app/livechat/server/methods/removeManager.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Livechat } from '../lib/Livechat'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; Meteor.methods({ - 'livechat:removeManager'(username) { + async 'livechat:removeManager'(username) { methodDeprecationLogger.warn('livechat:removeManager will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-managers')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-managers'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeManager', }); diff --git a/apps/meteor/app/livechat/server/methods/removeTrigger.js b/apps/meteor/app/livechat/server/methods/removeTrigger.js index 946b5f68be6fb..2eac79e01becb 100644 --- a/apps/meteor/app/livechat/server/methods/removeTrigger.js +++ b/apps/meteor/app/livechat/server/methods/removeTrigger.js @@ -2,11 +2,11 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { LivechatTrigger } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; Meteor.methods({ async 'livechat:removeTrigger'(triggerId) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-livechat-manager')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeTrigger', }); diff --git a/apps/meteor/app/livechat/server/methods/returnAsInquiry.js b/apps/meteor/app/livechat/server/methods/returnAsInquiry.js index 139ac78ae0b18..f4f07581423bd 100644 --- a/apps/meteor/app/livechat/server/methods/returnAsInquiry.js +++ b/apps/meteor/app/livechat/server/methods/returnAsInquiry.js @@ -1,12 +1,12 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { LivechatRooms } from '../../../models/server'; import { Livechat } from '../lib/Livechat'; Meteor.methods({ - 'livechat:returnAsInquiry'(rid, departmentId) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-l-room')) { + async 'livechat:returnAsInquiry'(rid, departmentId) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-l-room'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:returnAsInquiry', }); diff --git a/apps/meteor/app/livechat/server/methods/saveAgentInfo.ts b/apps/meteor/app/livechat/server/methods/saveAgentInfo.ts index 7bbdbf75693d6..60e7cc51ca442 100644 --- a/apps/meteor/app/livechat/server/methods/saveAgentInfo.ts +++ b/apps/meteor/app/livechat/server/methods/saveAgentInfo.ts @@ -1,7 +1,8 @@ import { Meteor } from 'meteor/meteor'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission, hasRole } from '../../../authorization/server'; +import { hasRole } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Livechat } from '../lib/Livechat'; import { Users } from '../../../models/server'; @@ -13,9 +14,9 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - 'livechat:saveAgentInfo'(_id, agentData, agentDepartments) { + async 'livechat:saveAgentInfo'(_id, agentData, agentDepartments) { const uid = Meteor.userId(); - if (!uid || !hasPermission(uid, 'manage-livechat-agents')) { + if (!uid || !(await hasPermissionAsync(uid, 'manage-livechat-agents'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveAgentInfo', }); diff --git a/apps/meteor/app/livechat/server/methods/saveAppearance.ts b/apps/meteor/app/livechat/server/methods/saveAppearance.ts index 2ce78f3812bc4..50c83923d7bd7 100644 --- a/apps/meteor/app/livechat/server/methods/saveAppearance.ts +++ b/apps/meteor/app/livechat/server/methods/saveAppearance.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Settings } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { Meteor.methods({ async 'livechat:saveAppearance'(settings) { const uid = Meteor.userId(); - if (!uid || !hasPermission(uid, 'view-livechat-manager')) { + if (!uid || !(await hasPermissionAsync(uid, 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveAppearance', }); diff --git a/apps/meteor/app/livechat/server/methods/saveCustomField.js b/apps/meteor/app/livechat/server/methods/saveCustomField.js index 384f1502d60fd..9fa015bee0328 100644 --- a/apps/meteor/app/livechat/server/methods/saveCustomField.js +++ b/apps/meteor/app/livechat/server/methods/saveCustomField.js @@ -2,11 +2,11 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import { LivechatCustomField } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; Meteor.methods({ async 'livechat:saveCustomField'(_id, customFieldData) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-livechat-manager')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveCustomField', }); diff --git a/apps/meteor/app/livechat/server/methods/saveDepartment.js b/apps/meteor/app/livechat/server/methods/saveDepartment.js index 96ceb8dff6ca0..f2807298e3610 100644 --- a/apps/meteor/app/livechat/server/methods/saveDepartment.js +++ b/apps/meteor/app/livechat/server/methods/saveDepartment.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission''; import { LivechatEnterprise } from '../../../../ee/app/livechat-enterprise/server/lib/LivechatEnterprise'; Meteor.methods({ async 'livechat:saveDepartment'(_id, departmentData, departmentAgents) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-departments')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-departments'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveDepartment', }); diff --git a/apps/meteor/app/livechat/server/methods/saveDepartmentAgents.js b/apps/meteor/app/livechat/server/methods/saveDepartmentAgents.js index 26e5f4136de36..6b8fd1320a262 100644 --- a/apps/meteor/app/livechat/server/methods/saveDepartmentAgents.js +++ b/apps/meteor/app/livechat/server/methods/saveDepartmentAgents.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Livechat } from '../lib/Livechat'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; Meteor.methods({ - 'livechat:saveDepartmentAgents'(_id, departmentAgents) { + async 'livechat:saveDepartmentAgents'(_id, departmentAgents) { methodDeprecationLogger.warn('livechat:saveDepartmentAgents will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'add-livechat-department-agents')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'add-livechat-department-agents'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveDepartmentAgents', }); diff --git a/apps/meteor/app/livechat/server/methods/saveInfo.js b/apps/meteor/app/livechat/server/methods/saveInfo.js index c0f612441be7e..1b910aa5f10eb 100644 --- a/apps/meteor/app/livechat/server/methods/saveInfo.js +++ b/apps/meteor/app/livechat/server/methods/saveInfo.js @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import { isOmnichannelRoom } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { LivechatRooms } from '../../../models/server'; import { callbacks } from '../../../../lib/callbacks'; import { Livechat } from '../lib/Livechat'; @@ -18,7 +18,7 @@ Meteor.methods({ ); const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'view-l-room')) { + if (!userId || !(await hasPermissionAsync(userId, 'view-l-room'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveInfo' }); } @@ -50,7 +50,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-room', 'Invalid room', { method: 'livechat:saveInfo' }); } - if ((!room.servedBy || room.servedBy._id !== userId) && !hasPermission(userId, 'save-others-livechat-room-info')) { + if ((!room.servedBy || room.servedBy._id !== userId) && !(await hasPermissionAsync(userId, 'save-others-livechat-room-info'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveInfo' }); } diff --git a/apps/meteor/app/livechat/server/methods/saveIntegration.ts b/apps/meteor/app/livechat/server/methods/saveIntegration.ts index 6036d8f18f237..47363864c097a 100644 --- a/apps/meteor/app/livechat/server/methods/saveIntegration.ts +++ b/apps/meteor/app/livechat/server/methods/saveIntegration.ts @@ -2,7 +2,7 @@ import { Settings } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { trim } from '../../../../lib/utils/stringUtils'; declare module '@rocket.chat/ui-contexts' { @@ -15,7 +15,7 @@ declare module '@rocket.chat/ui-contexts' { Meteor.methods({ async 'livechat:saveIntegration'(values) { const uid = Meteor.userId(); - if (!uid || !hasPermission(uid, 'view-livechat-manager')) { + if (!uid || !(await hasPermissionAsync(uid, 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveIntegration', }); diff --git a/apps/meteor/app/livechat/server/methods/saveTrigger.js b/apps/meteor/app/livechat/server/methods/saveTrigger.js index a322ad04a5917..0f268aacddbb2 100644 --- a/apps/meteor/app/livechat/server/methods/saveTrigger.js +++ b/apps/meteor/app/livechat/server/methods/saveTrigger.js @@ -2,11 +2,11 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import { LivechatTrigger } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; Meteor.methods({ async 'livechat:saveTrigger'(trigger) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-livechat-manager')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveTrigger', }); diff --git a/apps/meteor/app/livechat/server/methods/searchAgent.js b/apps/meteor/app/livechat/server/methods/searchAgent.js index 39e149b67b20b..bb3dd04179063 100644 --- a/apps/meteor/app/livechat/server/methods/searchAgent.js +++ b/apps/meteor/app/livechat/server/methods/searchAgent.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Users } from '../../../models/server'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; Meteor.methods({ - 'livechat:searchAgent'(username) { + async 'livechat:searchAgent'(username) { methodDeprecationLogger.warn('livechat:searchAgent will be deprecated in future versions of Rocket.Chat'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-livechat-manager')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-livechat-manager'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:searchAgent', }); diff --git a/apps/meteor/app/livechat/server/methods/sendTranscript.js b/apps/meteor/app/livechat/server/methods/sendTranscript.js index 4cea1442e1e53..f4890709efd67 100644 --- a/apps/meteor/app/livechat/server/methods/sendTranscript.js +++ b/apps/meteor/app/livechat/server/methods/sendTranscript.js @@ -3,15 +3,15 @@ import { check } from 'meteor/check'; import { DDPRateLimiter } from 'meteor/ddp-rate-limiter'; import { Users } from '../../../models/server'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Livechat } from '../lib/LivechatTyped'; Meteor.methods({ - 'livechat:sendTranscript'(token, rid, email, subject) { + async 'livechat:sendTranscript'(token, rid, email, subject) { check(rid, String); check(email, String); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'send-omnichannel-chat-transcript')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'send-omnichannel-chat-transcript'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:sendTranscript', }); diff --git a/apps/meteor/app/livechat/server/methods/takeInquiry.ts b/apps/meteor/app/livechat/server/methods/takeInquiry.ts index 4ccdf740a5d39..c1b3cdab1fa56 100644 --- a/apps/meteor/app/livechat/server/methods/takeInquiry.ts +++ b/apps/meteor/app/livechat/server/methods/takeInquiry.ts @@ -1,7 +1,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { Users, LivechatInquiry } from '../../../models/server'; import { RoutingManager } from '../lib/RoutingManager'; @@ -15,7 +15,7 @@ declare module '@rocket.chat/ui-contexts' { Meteor.methods({ async 'livechat:takeInquiry'(inquiryId, options) { const uid = Meteor.userId(); - if (!uid || !hasPermission(uid, 'view-l-room')) { + if (!uid || !(await hasPermissionAsync(uid, 'view-l-room'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:takeInquiry', }); diff --git a/apps/meteor/app/livechat/server/methods/transfer.js b/apps/meteor/app/livechat/server/methods/transfer.js index 4384d7651c252..56bd4c5daa85a 100644 --- a/apps/meteor/app/livechat/server/methods/transfer.js +++ b/apps/meteor/app/livechat/server/methods/transfer.js @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import { LivechatVisitors } from '@rocket.chat/models'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { LivechatRooms, Subscriptions, Users } from '../../../models/server'; import { Livechat } from '../lib/Livechat'; import { normalizeTransferredByData } from '../lib/Helper'; @@ -13,7 +13,7 @@ import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarn Meteor.methods({ async 'livechat:transfer'(transferData) { methodDeprecationLogger.warn('livechat:transfer method is deprecated in favor of "livechat/room.forward" endpoint'); - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'view-l-room')) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'view-l-room'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:transfer' }); } @@ -37,7 +37,7 @@ Meteor.methods({ const subscription = Subscriptions.findOneByRoomIdAndUserId(room._id, Meteor.userId(), { fields: { _id: 1 }, }); - if (!subscription && !hasPermission(Meteor.userId(), 'transfer-livechat-guest')) { + if (!subscription && !(await hasPermissionAsync(Meteor.userId(), 'transfer-livechat-guest'))) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'livechat:transfer', }); diff --git a/apps/meteor/app/livechat/server/startup.ts b/apps/meteor/app/livechat/server/startup.ts index ef3bd387d2682..db39798f267fd 100644 --- a/apps/meteor/app/livechat/server/startup.ts +++ b/apps/meteor/app/livechat/server/startup.ts @@ -11,7 +11,7 @@ import { settings } from '../../settings/server'; import { LivechatAgentActivityMonitor } from './statistics/LivechatAgentActivityMonitor'; import { businessHourManager } from './business-hour'; import { createDefaultBusinessHourIfNotExists } from './business-hour/Helper'; -import { hasPermission } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission'; import { Livechat } from './lib/Livechat'; import { RoutingManager } from './lib/RoutingManager'; @@ -38,8 +38,8 @@ Meteor.startup(async () => { callbacks.add( 'beforeJoinRoom', - function (user, room) { - if (isOmnichannelRoom(room) && !hasPermission(user._id, 'view-l-room')) { + async function (user, room) { + if (isOmnichannelRoom(room) && !(await hasPermissionAsync(user._id, 'view-l-room'))) { throw new Meteor.Error('error-user-is-not-agent', 'User is not an Omnichannel Agent', { method: 'beforeJoinRoom', }); diff --git a/apps/meteor/app/mail-messages/server/methods/sendMail.ts b/apps/meteor/app/mail-messages/server/methods/sendMail.ts index 4ed5e9dce7e1d..a9552ca542fcd 100644 --- a/apps/meteor/app/mail-messages/server/methods/sendMail.ts +++ b/apps/meteor/app/mail-messages/server/methods/sendMail.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Mailer } from '../lib/Mailer'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger'; declare module '@rocket.chat/ui-contexts' { @@ -13,12 +13,12 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - 'Mailer.sendMail'(from, subject, body, dryrun, query) { + async 'Mailer.sendMail'(from, subject, body, dryrun, query) { methodDeprecationLogger.warn('Mailer.sendMail will be deprecated in future versions of Rocket.Chat'); const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'send-mail')) { + if (!userId || !(await hasPermissionAsync(userId, 'send-mail'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'Mailer.sendMail', }); diff --git a/apps/meteor/app/message-pin/server/pinMessage.ts b/apps/meteor/app/message-pin/server/pinMessage.ts index 47d6c4385cc03..1a71f899f9dba 100644 --- a/apps/meteor/app/message-pin/server/pinMessage.ts +++ b/apps/meteor/app/message-pin/server/pinMessage.ts @@ -8,7 +8,8 @@ import { settings } from '../../settings/server'; import { callbacks } from '../../../lib/callbacks'; import { isTheLastMessage } from '../../lib/server'; import { getUserAvatarURL } from '../../utils/lib/getUserAvatarURL'; -import { canAccessRoomAsync, hasPermission, roomAccessAttributes } from '../../authorization/server'; +import { canAccessRoomAsync, roomAccessAttributes } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission'; import { Subscriptions, Messages, Users, Rooms } from '../../models/server'; import { Apps, AppEvents } from '../../../ee/server/apps/orchestrator'; import { isTruthy } from '../../../lib/isTruthy'; @@ -76,7 +77,7 @@ Meteor.methods({ }); } - if (!hasPermission(userId, 'pin-message', originalMessage.rid)) { + if (!(await hasPermissionAsync(userId, 'pin-message', originalMessage.rid))) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'pinMessage' }); } @@ -117,7 +118,7 @@ Meteor.methods({ } // App IPostMessagePinned event hook - Promise.await(Apps.triggerEvent(AppEvents.IPostMessagePinned, originalMessage, Meteor.user(), originalMessage.pinned)); + await Apps.triggerEvent(AppEvents.IPostMessagePinned, originalMessage, Meteor.user(), originalMessage.pinned); return Messages.createWithTypeRoomIdMessageAndUser('message_pinned', originalMessage.rid, '', me, { attachments: [ @@ -166,7 +167,7 @@ Meteor.methods({ }); } - if (!hasPermission(userId, 'pin-message', originalMessage.rid)) { + if (!(await hasPermissionAsync(userId, 'pin-message', originalMessage.rid))) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'unpinMessage' }); } diff --git a/apps/meteor/app/oauth2-server-config/server/admin/functions/addOAuthApp.ts b/apps/meteor/app/oauth2-server-config/server/admin/functions/addOAuthApp.ts index a135106bce74b..0113f595e0a94 100644 --- a/apps/meteor/app/oauth2-server-config/server/admin/functions/addOAuthApp.ts +++ b/apps/meteor/app/oauth2-server-config/server/admin/functions/addOAuthApp.ts @@ -4,7 +4,7 @@ import { OAuthApps, Users } from '@rocket.chat/models'; import type { OauthAppsAddParams } from '@rocket.chat/rest-typings'; import type { IOAuthApps, IUser } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { parseUriList } from './parseUriList'; export async function addOAuthApp(applicationParams: OauthAppsAddParams, uid: IUser['_id'] | undefined): Promise { @@ -19,7 +19,7 @@ export async function addOAuthApp(applicationParams: OauthAppsAddParams, uid: IU throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'addOAuthApp' }); } - if (!hasPermission(uid, 'manage-oauth-apps')) { + if (!(await hasPermissionAsync(uid, 'manage-oauth-apps'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'addOAuthApp' }); } diff --git a/apps/meteor/app/oauth2-server-config/server/admin/methods/deleteOAuthApp.ts b/apps/meteor/app/oauth2-server-config/server/admin/methods/deleteOAuthApp.ts index bfda73c2f8f2f..f9803ba2c2270 100644 --- a/apps/meteor/app/oauth2-server-config/server/admin/methods/deleteOAuthApp.ts +++ b/apps/meteor/app/oauth2-server-config/server/admin/methods/deleteOAuthApp.ts @@ -3,7 +3,7 @@ import { OAuthApps } from '@rocket.chat/models'; import type { IOAuthApps } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -18,7 +18,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'deleteOAuthApp' }); } - if (!hasPermission(this.userId, 'manage-oauth-apps')) { + if (!(await hasPermissionAsync(this.userId, 'manage-oauth-apps'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'deleteOAuthApp' }); } diff --git a/apps/meteor/app/oauth2-server-config/server/admin/methods/updateOAuthApp.ts b/apps/meteor/app/oauth2-server-config/server/admin/methods/updateOAuthApp.ts index 10164d678f079..bf1aa9fd23388 100644 --- a/apps/meteor/app/oauth2-server-config/server/admin/methods/updateOAuthApp.ts +++ b/apps/meteor/app/oauth2-server-config/server/admin/methods/updateOAuthApp.ts @@ -3,7 +3,7 @@ import { OAuthApps } from '@rocket.chat/models'; import type { IOAuthApps } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../authorization/server'; +import { hasPermissionAsync } from '../../../../authorization/server/functions/hasPermission'; import { Users } from '../../../../models/server'; import { parseUriList } from '../functions/parseUriList'; @@ -20,7 +20,7 @@ Meteor.methods({ throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'updateOAuthApp' }); } - if (!hasPermission(this.userId, 'manage-oauth-apps')) { + if (!(await hasPermissionAsync(this.userId, 'manage-oauth-apps'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'updateOAuthApp' }); } diff --git a/apps/meteor/app/reactions/server/setReaction.ts b/apps/meteor/app/reactions/server/setReaction.ts index 751466bb25bbd..b6dedebd1a940 100644 --- a/apps/meteor/app/reactions/server/setReaction.ts +++ b/apps/meteor/app/reactions/server/setReaction.ts @@ -10,7 +10,8 @@ import { Messages, Rooms } from '../../models/server'; import { callbacks } from '../../../lib/callbacks'; import { emoji } from '../../emoji/server'; import { isTheLastMessage, msgStream } from '../../lib/server'; -import { canAccessRoomAsync, hasPermission } from '../../authorization/server'; +import { canAccessRoomAsync } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission'; import { AppEvents, Apps } from '../../../ee/server/apps/orchestrator'; const removeUserReaction = (message: IMessage, reaction: string, username: string) => { @@ -34,7 +35,7 @@ async function setReaction(room: IRoom, user: IUser, message: IMessage, reaction }); } - if (room.ro === true && !room.reactWhenReadOnly && !hasPermission(user._id, 'post-readonly', room._id)) { + if (room.ro === true && !room.reactWhenReadOnly && !(await hasPermissionAsync(user._id, 'post-readonly', room._id))) { // Unless the user was manually unmuted if (!(room.unmuted || []).includes(user.username as string)) { throw new Error("You can't send messages because the room is readonly."); diff --git a/apps/meteor/app/retention-policy/server/cronPruneMessages.ts b/apps/meteor/app/retention-policy/server/cronPruneMessages.ts index e479e6bb73f9a..1141a30850b8c 100644 --- a/apps/meteor/app/retention-policy/server/cronPruneMessages.ts +++ b/apps/meteor/app/retention-policy/server/cronPruneMessages.ts @@ -3,7 +3,7 @@ import type { IRoomWithRetentionPolicy } from '@rocket.chat/core-typings'; import { settings } from '../../settings/server'; import { Rooms } from '../../models/server'; -import { cleanRoomHistory } from '../../lib/server'; +import { cleanRoomHistory } from '../../lib/server/functions/cleanRoomHistory'; const maxTimes = { c: 0, @@ -37,15 +37,17 @@ function job(): void { }, { fields: { _id: 1 } }, ).forEach(({ _id: rid }: IRoomWithRetentionPolicy) => { - cleanRoomHistory({ - rid, - latest, - oldest, - filesOnly, - excludePinned, - ignoreDiscussion, - ignoreThreads, - }); + Promise.await( + cleanRoomHistory({ + rid, + latest, + oldest, + filesOnly, + excludePinned, + ignoreDiscussion, + ignoreThreads, + }), + ); }); }); @@ -56,15 +58,17 @@ function job(): void { }).forEach((room: IRoomWithRetentionPolicy) => { const { maxAge = 30, filesOnly, excludePinned, ignoreThreads } = room.retention; const latest = new Date(now.getTime() - toDays(maxAge)); - cleanRoomHistory({ - rid: room._id, - latest, - oldest, - filesOnly, - excludePinned, - ignoreDiscussion, - ignoreThreads, - }); + Promise.await( + cleanRoomHistory({ + rid: room._id, + latest, + oldest, + filesOnly, + excludePinned, + ignoreDiscussion, + ignoreThreads, + }), + ); }); } diff --git a/apps/meteor/app/slackbridge/server/removeChannelLinks.js b/apps/meteor/app/slackbridge/server/removeChannelLinks.js index 6ffc252806aa4..88da2a2bc1f58 100644 --- a/apps/meteor/app/slackbridge/server/removeChannelLinks.js +++ b/apps/meteor/app/slackbridge/server/removeChannelLinks.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; import { Rooms } from '../../models/server'; -import { hasPermission } from '../../authorization/server'; +import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission'; import { settings } from '../../settings/server'; Meteor.methods({ - removeSlackBridgeChannelLinks() { + await removeSlackBridgeChannelLinks() { const user = Meteor.user(); if (!user) { throw new Meteor.Error('error-invalid-user', 'Invalid user', { @@ -13,7 +13,7 @@ Meteor.methods({ }); } - if (!hasPermission(user._id, 'remove-slackbridge-links')) { + if (!await hasPermissionAsync(user._id, 'remove-slackbridge-links')) { throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'removeSlackBridgeChannelLinks', }); diff --git a/apps/meteor/app/user-status/server/methods/deleteCustomUserStatus.ts b/apps/meteor/app/user-status/server/methods/deleteCustomUserStatus.ts index 85a99a96c1cd5..b0ab4d17e3ac7 100644 --- a/apps/meteor/app/user-status/server/methods/deleteCustomUserStatus.ts +++ b/apps/meteor/app/user-status/server/methods/deleteCustomUserStatus.ts @@ -3,7 +3,7 @@ import { CustomUserStatus } from '@rocket.chat/models'; import { api } from '@rocket.chat/core-services'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; declare module '@rocket.chat/ui-contexts' { // eslint-disable-next-line @typescript-eslint/naming-convention @@ -14,7 +14,7 @@ declare module '@rocket.chat/ui-contexts' { Meteor.methods({ async deleteCustomUserStatus(userStatusID) { - if (!this.userId || !hasPermission(this.userId, 'manage-user-status')) { + if (!this.userId || !(await hasPermissionAsync(this.userId, 'manage-user-status'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/app/user-status/server/methods/insertOrUpdateUserStatus.js b/apps/meteor/app/user-status/server/methods/insertOrUpdateUserStatus.js index a933c48207789..fc76158556a94 100644 --- a/apps/meteor/app/user-status/server/methods/insertOrUpdateUserStatus.js +++ b/apps/meteor/app/user-status/server/methods/insertOrUpdateUserStatus.js @@ -2,12 +2,12 @@ import { Meteor } from 'meteor/meteor'; import { CustomUserStatus } from '@rocket.chat/models'; import { api } from '@rocket.chat/core-services'; -import { hasPermission } from '../../../authorization/server'; +import { hasPermissionAsync } from '../../../authorization/server/functions/hasPermission'; import { trim } from '../../../../lib/utils/stringUtils'; Meteor.methods({ async insertOrUpdateUserStatus(userStatusData) { - if (!hasPermission(this.userId, 'manage-user-status')) { + if (!(await hasPermissionAsync(this.userId, 'manage-user-status'))) { throw new Meteor.Error('not_authorized'); } diff --git a/apps/meteor/ee/app/canned-responses/server/methods/removeCannedResponse.ts b/apps/meteor/ee/app/canned-responses/server/methods/removeCannedResponse.ts index 3afefed321b08..7a2494fab08e6 100644 --- a/apps/meteor/ee/app/canned-responses/server/methods/removeCannedResponse.ts +++ b/apps/meteor/ee/app/canned-responses/server/methods/removeCannedResponse.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import CannedResponse from '../../../models/server/models/CannedResponse'; import notifications from '../../../../../app/notifications/server/lib/Notifications'; @@ -14,10 +14,10 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - removeCannedResponse(_id) { + async removeCannedResponse(_id) { const uid = Meteor.userId(); - if (!uid || !hasPermission(uid, 'remove-canned-responses')) { + if (!uid || !(await (uid, 'remove-canned-responses'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'removeCannedResponse', }); diff --git a/apps/meteor/ee/app/canned-responses/server/methods/saveCannedResponse.js b/apps/meteor/ee/app/canned-responses/server/methods/saveCannedResponse.js index f35a9a8f57b25..8e52074fd2482 100644 --- a/apps/meteor/ee/app/canned-responses/server/methods/saveCannedResponse.js +++ b/apps/meteor/ee/app/canned-responses/server/methods/saveCannedResponse.js @@ -1,16 +1,16 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import CannedResponse from '../../../models/server/models/CannedResponse'; import LivechatDepartment from '../../../../../app/models/server/models/LivechatDepartment'; import { Users } from '../../../../../app/models/server'; import notifications from '../../../../../app/notifications/server/lib/Notifications'; Meteor.methods({ - saveCannedResponse(_id, responseData) { + async saveCannedResponse(_id, responseData) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'save-canned-responses')) { + if (!userId || !(await hasPermissionAsync(userId, 'save-canned-responses'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'saveCannedResponse' }); } @@ -24,14 +24,14 @@ Meteor.methods({ departmentId: Match.Maybe(String), }); - const canSaveAll = hasPermission(userId, 'save-all-canned-responses'); + const canSaveAll = await hasPermissionAsync(userId, 'save-all-canned-responses'); if (!canSaveAll && ['global'].includes(responseData.scope)) { throw new Meteor.Error('error-not-allowed', 'Not allowed to modify canned responses on *global* scope', { method: 'saveCannedResponse', }); } - const canSaveDepartment = hasPermission(userId, 'save-department-canned-responses'); + const canSaveDepartment = await hasPermissionAsync(userId, 'save-department-canned-responses'); if (!canSaveAll && !canSaveDepartment && ['department'].includes(responseData.scope)) { throw new Meteor.Error('error-not-allowed', 'Not allowed to modify canned responses on *department* scope', { method: 'saveCannedResponse', diff --git a/apps/meteor/ee/app/livechat-enterprise/server/api/rooms.ts b/apps/meteor/ee/app/livechat-enterprise/server/api/rooms.ts index 0c16b1ee93459..877afc90d7d4d 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/api/rooms.ts +++ b/apps/meteor/ee/app/livechat-enterprise/server/api/rooms.ts @@ -4,7 +4,7 @@ import { isPOSTLivechatRoomPriorityParams } from '@rocket.chat/rest-typings'; import { LivechatRooms } from '@rocket.chat/models'; import { API } from '../../../../../app/api/server'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { Subscriptions } from '../../../../../app/models/server'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; import { removePriorityFromRoom, updateRoomPriority } from './lib/priorities'; @@ -42,7 +42,7 @@ API.v1.addRoute( } const subscription = Subscriptions.findOneByRoomIdAndUserId(roomId, user._id, { _id: 1 }); - if (!subscription && !hasPermission(this.userId, 'on-hold-others-livechat-room')) { + if (!subscription && !(await hasPermissionAsync(this.userId, 'on-hold-others-livechat-room'))) { return API.v1.failure('Not authorized'); } diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/addMonitor.js b/apps/meteor/ee/app/livechat-enterprise/server/methods/addMonitor.js index 4c5d8321a0bdb..0aea3544f8abe 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/addMonitor.js +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/addMonitor.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; Meteor.methods({ - 'livechat:addMonitor'(username) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-monitors')) { + async 'livechat:addMonitor'(username) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-monitors'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:addMonitor' }); } diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeBusinessHour.ts b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeBusinessHour.ts index 0b304e91c7f68..1f32091d3bede 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeBusinessHour.ts +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeBusinessHour.ts @@ -1,7 +1,7 @@ import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { businessHourManager } from '../../../../../app/livechat/server/business-hour'; declare module '@rocket.chat/ui-contexts' { @@ -12,10 +12,10 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - 'livechat:removeBusinessHour'(id: string, type: string) { + async 'livechat:removeBusinessHour'(id: string, type: string) { const userId = Meteor.userId(); - if (!userId || !hasPermission(userId, 'view-livechat-business-hours')) { + if (!userId || !(await hasPermissionAsync(userId, 'view-livechat-business-hours'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeBusinessHour', }); diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeMonitor.js b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeMonitor.js index 7a818bb08c5c6..db2822bf05e36 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeMonitor.js +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeMonitor.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; Meteor.methods({ - 'livechat:removeMonitor'(username) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-monitors')) { + async 'livechat:removeMonitor'(username) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-monitors'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeMonitor', }); diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeTag.js b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeTag.js index db324c3e1c5fe..97b03df954715 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeTag.js +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeTag.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; Meteor.methods({ - 'livechat:removeTag'(id) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-tags')) { + async 'livechat:removeTag'(id) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-tags'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeTag' }); } diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeUnit.js b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeUnit.js index 0c19942cdadd5..49a42a2384970 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/removeUnit.js +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/removeUnit.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; Meteor.methods({ - 'livechat:removeUnit'(id) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-units')) { + async 'livechat:removeUnit'(id) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-units'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:removeUnit' }); } diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/saveTag.js b/apps/meteor/ee/app/livechat-enterprise/server/methods/saveTag.js index ec100c6d507c6..4c4052147943d 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/saveTag.js +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/saveTag.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; Meteor.methods({ - 'livechat:saveTag'(_id, tagData, tagDepartments) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-tags')) { + async 'livechat:saveTag'(_id, tagData, tagDepartments) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-tags'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveTags' }); } diff --git a/apps/meteor/ee/app/livechat-enterprise/server/methods/saveUnit.js b/apps/meteor/ee/app/livechat-enterprise/server/methods/saveUnit.js index 701682b556f26..4d79131ffa7bf 100644 --- a/apps/meteor/ee/app/livechat-enterprise/server/methods/saveUnit.js +++ b/apps/meteor/ee/app/livechat-enterprise/server/methods/saveUnit.js @@ -1,11 +1,11 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { LivechatEnterprise } from '../lib/LivechatEnterprise'; Meteor.methods({ - 'livechat:saveUnit'(_id, unitData, unitMonitors, unitDepartments) { - if (!Meteor.userId() || !hasPermission(Meteor.userId(), 'manage-livechat-units')) { + async 'livechat:saveUnit'(_id, unitData, unitMonitors, unitDepartments) { + if (!Meteor.userId() || !(await hasPermissionAsync(Meteor.userId(), 'manage-livechat-units'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'livechat:saveUnit' }); } diff --git a/apps/meteor/ee/server/api/ldap.ts b/apps/meteor/ee/server/api/ldap.ts index acda37c995673..567af87ea80de 100644 --- a/apps/meteor/ee/server/api/ldap.ts +++ b/apps/meteor/ee/server/api/ldap.ts @@ -1,4 +1,4 @@ -import { hasPermission } from '../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../app/authorization/server/functions/hasPermission'; import { settings } from '../../../app/settings/server'; import { API } from '../../../app/api/server/api'; import { LDAPEE } from '../sdk'; @@ -16,7 +16,7 @@ API.v1.addRoute( throw new Error('error-invalid-user'); } - if (!hasPermission(this.userId, 'sync-auth-services-users')) { + if (!(await hasPermissionAsync(this.userId, 'sync-auth-services-users'))) { throw new Error('error-not-authorized'); } diff --git a/apps/meteor/ee/server/api/licenses.ts b/apps/meteor/ee/server/api/licenses.ts index 331370140f5d0..88082b53f4f41 100644 --- a/apps/meteor/ee/server/api/licenses.ts +++ b/apps/meteor/ee/server/api/licenses.ts @@ -4,7 +4,7 @@ import { Settings } from '@rocket.chat/models'; import { getLicenses, validateFormat, flatModules, getMaxActiveUsers, isEnterprise } from '../../app/license/server/license'; import { Users } from '../../../app/models/server'; import { API } from '../../../app/api/server/api'; -import { hasPermission } from '../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../app/authorization/server/functions/hasPermission'; import type { ILicense } from '../../app/license/definition/ILicense'; function licenseTransform(license: ILicense): ILicense { @@ -19,7 +19,7 @@ API.v1.addRoute( { authRequired: true }, { get() { - if (!hasPermission(this.userId, 'view-privileged-setting')) { + if (!(await hasPermissionAsync(this.userId, 'view-privileged-setting'))) { return API.v1.unauthorized(); } @@ -41,7 +41,7 @@ API.v1.addRoute( license: String, }); - if (!hasPermission(this.userId, 'edit-privileged-setting')) { + if (!(await hasPermissionAsync(this.userId, 'edit-privileged-setting'))) { return API.v1.unauthorized(); } diff --git a/apps/meteor/ee/server/lib/audit/methods.ts b/apps/meteor/ee/server/lib/audit/methods.ts index cc4cbd8173bc9..e845fabcf81af 100644 --- a/apps/meteor/ee/server/lib/audit/methods.ts +++ b/apps/meteor/ee/server/lib/audit/methods.ts @@ -9,7 +9,7 @@ import type { Mongo } from 'meteor/mongo'; import AuditLog from './AuditLog'; import { LivechatRooms, Rooms, Messages, Users } from '../../../../app/models/server'; -import { hasPermission } from '../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../app/authorization/server/functions/hasPermission'; import { updateCounter } from '../../../../app/statistics/server'; import type { IAuditLog } from '../../../definition/IAuditLog'; @@ -77,12 +77,12 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - auditGetOmnichannelMessages({ startDate, endDate, users: usernames, msg, type, visitor, agent }) { + async auditGetOmnichannelMessages({ startDate, endDate, users: usernames, msg, type, visitor, agent }) { check(startDate, Date); check(endDate, Date); const user = Meteor.user(); - if (!user || !hasPermission(user._id, 'can-audit')) { + if (!user || !(await hasPermissionAsync(user._id, 'can-audit'))) { throw new Meteor.Error('Not allowed'); } @@ -117,12 +117,12 @@ Meteor.methods({ return messages; }, - auditGetMessages({ rid, startDate, endDate, users: usernames, msg, type, visitor, agent }) { + async auditGetMessages({ rid, startDate, endDate, users: usernames, msg, type, visitor, agent }) { check(startDate, Date); check(endDate, Date); const user = Meteor.user(); - if (!user || !hasPermission(user._id, 'can-audit')) { + if (!user || !(await hasPermissionAsync(user._id, 'can-audit'))) { throw new Meteor.Error('Not allowed'); } @@ -169,11 +169,11 @@ Meteor.methods({ return messages; }, - auditGetAuditions({ startDate, endDate }) { + async auditGetAuditions({ startDate, endDate }) { check(startDate, Date); check(endDate, Date); const uid = Meteor.userId(); - if (!uid || !hasPermission(uid, 'can-audit-log')) { + if (!uid || !(await hasPermissionAsync(uid, 'can-audit-log'))) { throw new Meteor.Error('Not allowed'); } return AuditLog.find({ diff --git a/apps/meteor/imports/personal-access-tokens/server/api/methods/generateToken.js b/apps/meteor/imports/personal-access-tokens/server/api/methods/generateToken.js index 8f745bae948a5..8d388dcfb9227 100644 --- a/apps/meteor/imports/personal-access-tokens/server/api/methods/generateToken.js +++ b/apps/meteor/imports/personal-access-tokens/server/api/methods/generateToken.js @@ -2,18 +2,18 @@ import { Meteor } from 'meteor/meteor'; import { Random } from '@rocket.chat/random'; import { Accounts } from 'meteor/accounts-base'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { Users } from '../../../../../app/models/server'; import { twoFactorRequired } from '../../../../../app/2fa/server/twoFactorRequired'; Meteor.methods({ - 'personalAccessTokens:generateToken': twoFactorRequired(function ({ tokenName, bypassTwoFactor }) { + 'personalAccessTokens:generateToken': twoFactorRequired(async function ({ tokenName, bypassTwoFactor }) { if (!Meteor.userId()) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken', }); } - if (!hasPermission(Meteor.userId(), 'create-personal-access-tokens')) { + if (!(await hasPermissionAsync(Meteor.userId(), 'create-personal-access-tokens'))) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:generateToken', }); diff --git a/apps/meteor/imports/personal-access-tokens/server/api/methods/regenerateToken.js b/apps/meteor/imports/personal-access-tokens/server/api/methods/regenerateToken.js index dea5bd513d952..e34269e8172a8 100644 --- a/apps/meteor/imports/personal-access-tokens/server/api/methods/regenerateToken.js +++ b/apps/meteor/imports/personal-access-tokens/server/api/methods/regenerateToken.js @@ -1,17 +1,17 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { Users } from '../../../../../app/models/server'; import { twoFactorRequired } from '../../../../../app/2fa/server/twoFactorRequired'; Meteor.methods({ - 'personalAccessTokens:regenerateToken': twoFactorRequired(function ({ tokenName }) { + 'personalAccessTokens:regenerateToken': twoFactorRequired(async function ({ tokenName }) { if (!Meteor.userId()) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:regenerateToken', }); } - if (!hasPermission(Meteor.userId(), 'create-personal-access-tokens')) { + if (!(await hasPermissionAsync(Meteor.userId(), 'create-personal-access-tokens'))) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:regenerateToken', }); diff --git a/apps/meteor/imports/personal-access-tokens/server/api/methods/removeToken.js b/apps/meteor/imports/personal-access-tokens/server/api/methods/removeToken.js index d8b3567ed91c3..380a883f2719f 100644 --- a/apps/meteor/imports/personal-access-tokens/server/api/methods/removeToken.js +++ b/apps/meteor/imports/personal-access-tokens/server/api/methods/removeToken.js @@ -1,17 +1,17 @@ import { Meteor } from 'meteor/meteor'; -import { hasPermission } from '../../../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../../../app/authorization/server/functions/hasPermission'; import { Users } from '../../../../../app/models/server'; import { twoFactorRequired } from '../../../../../app/2fa/server/twoFactorRequired'; Meteor.methods({ - 'personalAccessTokens:removeToken': twoFactorRequired(function ({ tokenName }) { + 'personalAccessTokens:removeToken': twoFactorRequired(async function ({ tokenName }) { if (!Meteor.userId()) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:removeToken', }); } - if (!hasPermission(Meteor.userId(), 'create-personal-access-tokens')) { + if (!(await hasPermissionAsync(Meteor.userId(), 'create-personal-access-tokens'))) { throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'personalAccessTokens:removeToken', }); diff --git a/apps/meteor/server/lib/pushConfig.ts b/apps/meteor/server/lib/pushConfig.ts index a97576a5809d1..4bfd3f2432c73 100644 --- a/apps/meteor/server/lib/pushConfig.ts +++ b/apps/meteor/server/lib/pushConfig.ts @@ -3,7 +3,7 @@ import { TAPi18n } from 'meteor/rocketchat:tap-i18n'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { getWorkspaceAccessToken } from '../../app/cloud/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { settings } from '../../app/settings/server'; import { appTokensCollection, Push } from '../../app/push/server'; @@ -15,7 +15,7 @@ declare module '@rocket.chat/ui-contexts' { } Meteor.methods({ - push_test() { + async push_test() { const user = Meteor.user(); if (!user) { @@ -24,7 +24,7 @@ Meteor.methods({ }); } - if (!hasPermission(user._id, 'test-admin-options')) { + if (!(await hasPermissionAsync(user._id, 'test-admin-options'))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'push_test', }); diff --git a/apps/meteor/server/lib/spotlight.js b/apps/meteor/server/lib/spotlight.js index b51e5e7192b9b..a0d055612386b 100644 --- a/apps/meteor/server/lib/spotlight.js +++ b/apps/meteor/server/lib/spotlight.js @@ -1,7 +1,8 @@ import { escapeRegExp } from '@rocket.chat/string-helpers'; import { Users, Subscriptions as SubscriptionsRaw } from '@rocket.chat/models'; -import { hasAllPermission, hasPermission, canAccessRoomAsync, roomAccessAttributes } from '../../app/authorization/server'; +import { hasAllPermission, canAccessRoomAsync, roomAccessAttributes } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Subscriptions, Rooms } from '../../app/models/server'; import { settings } from '../../app/settings/server'; import { readSecondaryPreferred } from '../database/readSecondaryPreferred'; @@ -10,7 +11,7 @@ import { trim } from '../../lib/utils/stringUtils'; export class Spotlight { fetchRooms(userId, rooms) { - if (!settings.get('Store_Last_Message') || hasPermission(userId, 'preview-c-room')) { + if (!settings.get('Store_Last_Message') || Promise.await(hasPermissionAsync(userId, 'preview-c-room'))) { return rooms; } diff --git a/apps/meteor/server/methods/addAllUserToRoom.js b/apps/meteor/server/methods/addAllUserToRoom.js index 2b7c278c91ce3..1deb720bb6641 100644 --- a/apps/meteor/server/methods/addAllUserToRoom.js +++ b/apps/meteor/server/methods/addAllUserToRoom.js @@ -1,17 +1,17 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Rooms, Subscriptions, Messages } from '../../app/models/server'; import { settings } from '../../app/settings/server'; import { callbacks } from '../../lib/callbacks'; Meteor.methods({ - addAllUserToRoom(rid, activeUsersOnly = false) { + async addAllUserToRoom(rid, activeUsersOnly = false) { check(rid, String); check(activeUsersOnly, Boolean); - if (!hasPermission(this.userId, 'add-all-to-room')) { + if (!(await hasPermissionAsync(this.userId, 'add-all-to-room'))) { throw new Meteor.Error(403, 'Access to Method Forbidden', { method: 'addAllToRoom', }); diff --git a/apps/meteor/server/methods/addRoomLeader.js b/apps/meteor/server/methods/addRoomLeader.js index 637c0fc086f11..133bebf158e1f 100644 --- a/apps/meteor/server/methods/addRoomLeader.js +++ b/apps/meteor/server/methods/addRoomLeader.js @@ -2,12 +2,12 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { api, Team } from '@rocket.chat/core-services'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Subscriptions, Messages } from '../../app/models/server'; import { settings } from '../../app/settings/server'; Meteor.methods({ - addRoomLeader(rid, userId) { + async addRoomLeader(rid, userId) { check(rid, String); check(userId, String); @@ -17,7 +17,7 @@ Meteor.methods({ }); } - if (!hasPermission(Meteor.userId(), 'set-leader', rid)) { + if (!(await hasPermissionAsync(Meteor.userId(), 'set-leader', rid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'addRoomLeader', }); diff --git a/apps/meteor/server/methods/addRoomModerator.js b/apps/meteor/server/methods/addRoomModerator.js index 40b1f87e42a43..a9eb5b0db48de 100644 --- a/apps/meteor/server/methods/addRoomModerator.js +++ b/apps/meteor/server/methods/addRoomModerator.js @@ -3,7 +3,7 @@ import { check } from 'meteor/check'; import { api, Team } from '@rocket.chat/core-services'; import { isRoomFederated } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Subscriptions, Messages, Rooms } from '../../app/models/server'; import { settings } from '../../app/settings/server'; @@ -19,7 +19,7 @@ Meteor.methods({ } const room = Rooms.findOneById(rid, { fields: { t: 1, federated: 1 } }); - if (!hasPermission(Meteor.userId(), 'set-moderator', rid) && !isRoomFederated(room)) { + if (!await hasPermissionAsync(Meteor.userId(), 'set-moderator', rid) && !isRoomFederated(room)) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'addRoomModerator', }); diff --git a/apps/meteor/server/methods/addRoomOwner.js b/apps/meteor/server/methods/addRoomOwner.js index 0c298ae96ce1e..3e1f36e6c18ff 100644 --- a/apps/meteor/server/methods/addRoomOwner.js +++ b/apps/meteor/server/methods/addRoomOwner.js @@ -3,12 +3,12 @@ import { check } from 'meteor/check'; import { api, Team } from '@rocket.chat/core-services'; import { isRoomFederated } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Subscriptions, Messages, Rooms } from '../../app/models/server'; import { settings } from '../../app/settings/server'; Meteor.methods({ - addRoomOwner(rid, userId) { + async addRoomOwner(rid, userId) { check(rid, String); check(userId, String); @@ -19,7 +19,7 @@ Meteor.methods({ } const room = Rooms.findOneById(rid, { fields: { t: 1, federated: 1 } }); - if (!hasPermission(Meteor.userId(), 'set-owner', rid) && !isRoomFederated(room)) { + if (!(await hasPermissionAsync(Meteor.userId(), 'set-owner', rid)) && !isRoomFederated(room)) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'addRoomOwner', }); diff --git a/apps/meteor/server/methods/browseChannels.js b/apps/meteor/server/methods/browseChannels.js index e3c579b76539a..0f52736c51f6b 100644 --- a/apps/meteor/server/methods/browseChannels.js +++ b/apps/meteor/server/methods/browseChannels.js @@ -5,7 +5,7 @@ import { escapeRegExp } from '@rocket.chat/string-helpers'; import { Rooms, Users } from '@rocket.chat/models'; import { Team } from '@rocket.chat/core-services'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Subscriptions } from '../../app/models/server'; import { settings } from '../../app/settings/server'; import { getFederationDomain } from '../../app/federation/server/lib/getFederationDomain'; @@ -45,7 +45,7 @@ const sortUsers = function (field, direction) { }; async function getChannelsAndGroups(user, canViewAnon, searchTerm, sort, pagination) { - if ((!user && !canViewAnon) || (user && !hasPermission(user._id, 'view-c-room'))) { + if ((!user && !canViewAnon) || (user && !(await hasPermissionAsync(user._id, 'view-c-room')))) { return; } @@ -204,11 +204,11 @@ async function findUsers({ text, sort, pagination, workspace, viewFullOtherUserI } const getUsers = async (user, text, workspace, sort, pagination) => { - if (!user || !hasPermission(user._id, 'view-outside-room') || !hasPermission(user._id, 'view-d-room')) { + if (!user || !(await hasPermissionAsync(user._id, 'view-outside-room')) || !(await hasPermissionAsync(user._id, 'view-d-room'))) { return; } - const viewFullOtherUserInfo = hasPermission(user._id, 'view-full-other-user-info'); + const viewFullOtherUserInfo = await hasPermissionAsync(user._id, 'view-full-other-user-info'); const { total, results } = await findUsers({ text, sort, pagination, workspace, viewFullOtherUserInfo }); diff --git a/apps/meteor/server/methods/channelsList.js b/apps/meteor/server/methods/channelsList.js index b4b5196453710..353a5f3897537 100644 --- a/apps/meteor/server/methods/channelsList.js +++ b/apps/meteor/server/methods/channelsList.js @@ -2,14 +2,14 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import _ from 'underscore'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Rooms, Subscriptions, Users } from '../../app/models/server'; import { getUserPreference } from '../../app/utils/server'; import { settings } from '../../app/settings/server'; import { trim } from '../../lib/utils/stringUtils'; Meteor.methods({ - channelsList(filter, channelType, limit, sort) { + async channelsList(filter, channelType, limit, sort) { check(filter, String); check(channelType, String); check(limit, Match.Optional(Number)); @@ -54,13 +54,13 @@ Meteor.methods({ const userId = Meteor.userId(); if (channelType !== 'private') { - if (hasPermission(userId, 'view-c-room')) { + if (await (userId, 'view-c-room')) { if (filter) { channels = channels.concat(Rooms.findByTypeAndNameContaining('c', filter, options).fetch()); } else { channels = channels.concat(Rooms.findByType('c', options).fetch()); } - } else if (hasPermission(userId, 'view-joined-room')) { + } else if (await hasPermissionAsync(userId, 'view-joined-room')) { const roomIds = Subscriptions.findByTypeAndUserId('c', userId, { fields: { rid: 1 } }) .fetch() .map((s) => s.rid); @@ -72,7 +72,7 @@ Meteor.methods({ } } - if (channelType !== 'public' && hasPermission(userId, 'view-p-room')) { + if (channelType !== 'public' && (await hasPermissionAsync(userId, 'view-p-room'))) { const user = Users.findOne(userId, { fields: { 'username': 1, diff --git a/apps/meteor/server/methods/createDirectMessage.ts b/apps/meteor/server/methods/createDirectMessage.ts index 10c209bc5c7c2..d57886269cee8 100644 --- a/apps/meteor/server/methods/createDirectMessage.ts +++ b/apps/meteor/server/methods/createDirectMessage.ts @@ -5,7 +5,7 @@ import type { ICreatedRoom, IUser } from '@rocket.chat/core-typings'; import type { ICreateRoomParams } from '@rocket.chat/core-services'; import { settings } from '../../app/settings/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Rooms } from '../../app/models/server'; import { RateLimiterClass as RateLimiter } from '../../app/lib/server/lib/RateLimiter'; import { createRoom } from '../../app/lib/server/functions/createRoom'; @@ -73,9 +73,9 @@ export async function createDirectMessage( }); } - if (!hasPermission(userId, 'create-d')) { + if (!(await hasPermissionAsync(userId, 'create-d'))) { // If the user can't create DMs but can access already existing ones - if (hasPermission(userId, 'view-d-room')) { + if (await hasPermissionAsync(userId, 'view-d-room')) { // Check if the direct room already exists, then return it const uids = roomUsers.map(({ _id }) => _id).sort(); const room = Rooms.findOneDirectRoomContainingAllUserIDs(uids, { fields: { _id: 1 } }); @@ -94,7 +94,7 @@ export async function createDirectMessage( } const options: Exclude = { creator: me._id }; - if (excludeSelf && hasPermission(userId, 'view-room-administration')) { + if (excludeSelf && (await hasPermissionAsync(userId, 'view-room-administration'))) { options.subscriptionExtra = { open: true }; } try { @@ -128,6 +128,6 @@ Meteor.methods({ RateLimiter.limitMethod('createDirectMessage', 10, 60000, { userId(userId: IUser['_id']) { - return !hasPermission(userId, 'send-many-messages'); + return !Promise.await(hasPermissionAsync(userId, 'send-many-messages')); }, }); diff --git a/apps/meteor/server/methods/deleteUser.js b/apps/meteor/server/methods/deleteUser.js index cec47b84828ef..ecc78b311fd4a 100644 --- a/apps/meteor/server/methods/deleteUser.js +++ b/apps/meteor/server/methods/deleteUser.js @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { Users } from '../../app/models/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/serve/functions/hasPermission'; import { callbacks } from '../../lib/callbacks'; import { deleteUser } from '../../app/lib/server'; import { AppEvents, Apps } from '../../ee/server/apps/orchestrator'; @@ -17,7 +17,7 @@ Meteor.methods({ }); } - if (hasPermission(Meteor.userId(), 'delete-user') !== true) { + if ((await hasPermissionAsync(Meteor.userId(), 'delete-user')) !== true) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'deleteUser', }); diff --git a/apps/meteor/server/methods/getRoomNameById.js b/apps/meteor/server/methods/getRoomNameById.js index 7c82bac3a672c..4ce9d229c9c10 100644 --- a/apps/meteor/server/methods/getRoomNameById.js +++ b/apps/meteor/server/methods/getRoomNameById.js @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { Rooms, Subscriptions } from '../../app/models/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; Meteor.methods({ getRoomNameById(rid) { @@ -29,7 +29,7 @@ Meteor.methods({ return room.name; } - if (room.t !== 'c' || hasPermission(userId, 'view-c-room') !== true) { + if (room.t !== 'c' || (await hasPermissionAsync(userId, 'view-c-room')) !== true) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'getRoomNameById', }); diff --git a/apps/meteor/server/methods/getUsersOfRoom.js b/apps/meteor/server/methods/getUsersOfRoom.js index 4ca5844ddf7b3..3d4353fb19480 100644 --- a/apps/meteor/server/methods/getUsersOfRoom.js +++ b/apps/meteor/server/methods/getUsersOfRoom.js @@ -2,7 +2,8 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { Rooms, Subscriptions } from '../../app/models/server'; -import { canAccessRoomAsync, hasPermission, roomAccessAttributes } from '../../app/authorization/server'; +import { canAccessRoomAsync, roomAccessAttributes } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { findUsersOfRoom } from '../lib/findUsersOfRoom'; Meteor.methods({ @@ -27,7 +28,7 @@ Meteor.methods({ throw new Meteor.Error('not-authorized', 'Not Authorized', { method: 'getUsersOfRoom' }); } - if (room.broadcast && !hasPermission(userId, 'view-broadcast-member-list', rid)) { + if (room.broadcast && !(await hasPermissionAsync(userId, 'view-broadcast-member-list', rid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'getUsersOfRoom' }); } diff --git a/apps/meteor/server/methods/loadHistory.ts b/apps/meteor/server/methods/loadHistory.ts index b76174630fddc..74743afd01cf8 100644 --- a/apps/meteor/server/methods/loadHistory.ts +++ b/apps/meteor/server/methods/loadHistory.ts @@ -4,7 +4,8 @@ import type { IMessage, IRoom } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { Subscriptions, Rooms } from '../../app/models/server'; -import { canAccessRoomAsync, hasPermission, roomAccessAttributes } from '../../app/authorization/server'; +import { canAccessRoomAsync, roomAccessAttributes } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { settings } from '../../app/settings/server'; import { loadMessageHistory } from '../../app/lib/server'; @@ -49,7 +50,7 @@ Meteor.methods({ } const canAnonymous = settings.get('Accounts_AllowAnonymousRead'); - const canPreview = hasPermission(fromId, 'preview-c-room'); + const canPreview = await hasPermissionAsync(fromId, 'preview-c-room'); if (room.t === 'c' && !canAnonymous && !canPreview && !Subscriptions.findOneByRoomIdAndUserId(rid, fromId, { fields: { _id: 1 } })) { return false; diff --git a/apps/meteor/server/methods/muteUserInRoom.js b/apps/meteor/server/methods/muteUserInRoom.js index 41556638bfb5c..f4cb57d86f924 100644 --- a/apps/meteor/server/methods/muteUserInRoom.js +++ b/apps/meteor/server/methods/muteUserInRoom.js @@ -2,13 +2,13 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; import { Rooms, Subscriptions, Users, Messages } from '../../app/models/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { callbacks } from '../../lib/callbacks'; import { roomCoordinator } from '../lib/rooms/roomCoordinator'; import { RoomMemberActions } from '../../definition/IRoomTypeConfig'; Meteor.methods({ - muteUserInRoom(data) { + async muteUserInRoom(data) { check( data, Match.ObjectIncluding({ @@ -25,7 +25,7 @@ Meteor.methods({ const fromId = Meteor.userId(); - if (!hasPermission(fromId, 'mute-user', data.rid)) { + if (!(await hasPermissionAsync(fromId, 'mute-user', data.rid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'muteUserInRoom', }); diff --git a/apps/meteor/server/methods/removeRoomLeader.js b/apps/meteor/server/methods/removeRoomLeader.js index 886ae034afc42..b3ab6911c282e 100644 --- a/apps/meteor/server/methods/removeRoomLeader.js +++ b/apps/meteor/server/methods/removeRoomLeader.js @@ -2,12 +2,12 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { api, Team } from '@rocket.chat/core-services'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Subscriptions, Messages } from '../../app/models/server'; import { settings } from '../../app/settings/server'; Meteor.methods({ - removeRoomLeader(rid, userId) { + async removeRoomLeader(rid, userId) { check(rid, String); check(userId, String); @@ -17,7 +17,7 @@ Meteor.methods({ }); } - if (!hasPermission(Meteor.userId(), 'set-leader', rid)) { + if (!(await hasPermissionAsync(Meteor.userId(), 'set-leader', rid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'removeRoomLeader', }); diff --git a/apps/meteor/server/methods/removeRoomModerator.js b/apps/meteor/server/methods/removeRoomModerator.js index 276f87e64e6c5..9f8dcf5c43633 100644 --- a/apps/meteor/server/methods/removeRoomModerator.js +++ b/apps/meteor/server/methods/removeRoomModerator.js @@ -3,12 +3,12 @@ import { check } from 'meteor/check'; import { api, Team } from '@rocket.chat/core-services'; import { isRoomFederated } from '@rocket.chat/core-typings'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Subscriptions, Messages, Rooms } from '../../app/models/server'; import { settings } from '../../app/settings/server'; Meteor.methods({ - removeRoomModerator(rid, userId) { + async removeRoomModerator(rid, userId) { check(rid, String); check(userId, String); @@ -19,7 +19,7 @@ Meteor.methods({ } const room = Rooms.findOneById(rid, { fields: { t: 1, federated: 1 } }); - if (!hasPermission(Meteor.userId(), 'set-moderator', rid) && !isRoomFederated(room)) { + if (!(await hasPermissionAsync(Meteor.userId(), 'set-moderator', rid)) && !isRoomFederated(room)) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'removeRoomModerator', }); diff --git a/apps/meteor/server/methods/removeRoomOwner.ts b/apps/meteor/server/methods/removeRoomOwner.ts index be2012c142bc7..f6f2a10e363f0 100644 --- a/apps/meteor/server/methods/removeRoomOwner.ts +++ b/apps/meteor/server/methods/removeRoomOwner.ts @@ -4,7 +4,8 @@ import { api, Team } from '@rocket.chat/core-services'; import { isRoomFederated } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission, getUsersInRole } from '../../app/authorization/server'; +import { getUsersInRole } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { Users, Subscriptions, Messages, Rooms } from '../../app/models/server'; import { settings } from '../../app/settings/server'; @@ -29,7 +30,7 @@ Meteor.methods({ } const room = Rooms.findOneById(rid, { fields: { t: 1, federated: 1 } }); - if (!hasPermission(uid, 'set-owner', rid) && !isRoomFederated(room)) { + if (!(await hasPermissionAsync(uid, 'set-owner', rid)) && !isRoomFederated(room)) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'removeRoomOwner', }); diff --git a/apps/meteor/server/methods/removeUserFromRoom.ts b/apps/meteor/server/methods/removeUserFromRoom.ts index 77aa9c1c14f68..5b883e2ac0df9 100644 --- a/apps/meteor/server/methods/removeUserFromRoom.ts +++ b/apps/meteor/server/methods/removeUserFromRoom.ts @@ -3,7 +3,8 @@ import { Match, check } from 'meteor/check'; import { Team } from '@rocket.chat/core-services'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission, hasRole, getUsersInRole } from '../../app/authorization/server'; +import { hasRole, getUsersInRole } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { removeUserFromRolesAsync } from '../lib/roles/removeUserFromRoles'; import { Users, Subscriptions, Rooms, Messages } from '../../app/models/server'; import { callbacks } from '../../lib/callbacks'; @@ -35,7 +36,7 @@ Meteor.methods({ }); } - if (!hasPermission(fromId, 'remove-user', data.rid)) { + if (!(await hasPermissionAsync(fromId, 'remove-user', data.rid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'removeUserFromRoom', }); diff --git a/apps/meteor/server/methods/resetAvatar.js b/apps/meteor/server/methods/resetAvatar.js index d1f1cddb24d36..e3bf77b55ceb1 100644 --- a/apps/meteor/server/methods/resetAvatar.js +++ b/apps/meteor/server/methods/resetAvatar.js @@ -5,7 +5,7 @@ import { api } from '@rocket.chat/core-services'; import { FileUpload } from '../../app/file-upload/server'; import { Users } from '../../app/models/server'; import { settings } from '../../app/settings/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; Meteor.methods({ resetAvatar(userId) { @@ -14,7 +14,7 @@ Meteor.methods({ method: 'resetAvatar', }); } - const canEditOtherUserAvatar = hasPermission(Meteor.userId(), 'edit-other-user-avatar'); + const canEditOtherUserAvatar = await hasPermissionAsync(Meteor.userId(), 'edit-other-user-avatar'); if (!settings.get('Accounts_AllowUserAvatarChange') && !canEditOtherUserAvatar) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { diff --git a/apps/meteor/server/methods/setAvatarFromService.js b/apps/meteor/server/methods/setAvatarFromService.js index 4f0a2eaed8981..66a77ee3b66a3 100644 --- a/apps/meteor/server/methods/setAvatarFromService.js +++ b/apps/meteor/server/methods/setAvatarFromService.js @@ -5,10 +5,10 @@ import { DDPRateLimiter } from 'meteor/ddp-rate-limiter'; import { settings } from '../../app/settings/server'; import { setUserAvatar } from '../../app/lib/server'; import { Users } from '../../app/models/server'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; Meteor.methods({ - setAvatarFromService(dataURI, contentType, service, userId) { + async setAvatarFromService(dataURI, contentType, service, userId) { check(dataURI, String); check(contentType, Match.Optional(String)); check(service, Match.Optional(String)); @@ -29,7 +29,7 @@ Meteor.methods({ let user; if (userId && userId !== Meteor.userId()) { - if (!hasPermission(Meteor.userId(), 'edit-other-user-avatar')) { + if (!(await hasPermissionAsync(Meteor.userId(), 'edit-other-user-avatar'))) { throw new Meteor.Error('error-unauthorized', 'Unauthorized', { method: 'setAvatarFromService', }); diff --git a/apps/meteor/server/methods/setUserActiveStatus.ts b/apps/meteor/server/methods/setUserActiveStatus.ts index b8e84b5f14fc4..2ef9bd0e226dc 100644 --- a/apps/meteor/server/methods/setUserActiveStatus.ts +++ b/apps/meteor/server/methods/setUserActiveStatus.ts @@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { setUserActiveStatus } from '../../app/lib/server/functions/setUserActiveStatus'; declare module '@rocket.chat/ui-contexts' { @@ -25,7 +25,7 @@ Meteor.methods({ const uid = Meteor.userId(); - if (!uid || hasPermission(uid, 'edit-other-user-active-status') !== true) { + if (!uid || (await hasPermissionAsync(uid, 'edit-other-user-active-status')) !== true) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'setUserActiveStatus', }); diff --git a/apps/meteor/server/methods/unmuteUserInRoom.js b/apps/meteor/server/methods/unmuteUserInRoom.js index 7690d104e02a8..6eb93b530ff09 100644 --- a/apps/meteor/server/methods/unmuteUserInRoom.js +++ b/apps/meteor/server/methods/unmuteUserInRoom.js @@ -1,14 +1,14 @@ import { Meteor } from 'meteor/meteor'; import { Match, check } from 'meteor/check'; -import { hasPermission } from '../../app/authorization/server'; +import { hasPermissionAsync } from '../../app/authorization/server/functions/hasPermission'; import { callbacks } from '../../lib/callbacks'; import { Rooms, Subscriptions, Users, Messages } from '../../app/models/server'; import { roomCoordinator } from '../lib/rooms/roomCoordinator'; import { RoomMemberActions } from '../../definition/IRoomTypeConfig'; Meteor.methods({ - unmuteUserInRoom(data) { + async unmuteUserInRoom(data) { const fromId = Meteor.userId(); check( @@ -19,7 +19,7 @@ Meteor.methods({ }), ); - if (!hasPermission(fromId, 'mute-user', data.rid)) { + if (!(await hasPermissionAsync(fromId, 'mute-user', data.rid))) { throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'unmuteUserInRoom', }); diff --git a/apps/meteor/server/publications/room/index.ts b/apps/meteor/server/publications/room/index.ts index 23791d8b54e87..009d54d6cd58c 100644 --- a/apps/meteor/server/publications/room/index.ts +++ b/apps/meteor/server/publications/room/index.ts @@ -4,7 +4,8 @@ import type { IRoom, RoomType } from '@rocket.chat/core-typings'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import { roomCoordinator } from '../../lib/rooms/roomCoordinator'; -import { canAccessRoomAsync, hasPermission } from '../../../app/authorization/server'; +import { canAccessRoomAsync } from '../../../app/authorization/server'; +import { hasPermissionAsync } from '../../../app/authorization/server/functions/hasPermission'; import { Rooms } from '../../../app/models/server'; import { settings } from '../../../app/settings/server'; import { roomFields } from '../../modules/watchers/publishFields'; @@ -71,7 +72,7 @@ Meteor.methods({ }); } - if (settings.get('Store_Last_Message') && userId && !hasPermission(userId, 'preview-c-room')) { + if (settings.get('Store_Last_Message') && userId && !(await hasPermissionAsync(userId, 'preview-c-room'))) { delete room.lastMessage; } diff --git a/apps/meteor/server/publications/settings/index.ts b/apps/meteor/server/publications/settings/index.ts index 68a3a21163702..6bb4c6b1fba1d 100644 --- a/apps/meteor/server/publications/settings/index.ts +++ b/apps/meteor/server/publications/settings/index.ts @@ -4,7 +4,7 @@ import { Settings } from '@rocket.chat/models'; import type { ServerMethods } from '@rocket.chat/ui-contexts'; import type { WithId } from 'mongodb'; -import { hasPermission, hasAtLeastOnePermission } from '../../../app/authorization/server'; +import { hasPermissionAsync, hasAtLeastOnePermission } from '../../../app/authorization/server'; import { getSettingPermissionId } from '../../../app/authorization/lib'; import { SettingsEvents } from '../../../app/settings/server'; @@ -59,18 +59,18 @@ Meteor.methods({ } const privilegedSetting = hasAtLeastOnePermission(uid, ['view-privileged-setting', 'edit-privileged-setting']); - const manageSelectedSettings = privilegedSetting || hasPermission(uid, 'manage-selected-settings'); + const manageSelectedSettings = privilegedSetting || (await hasPermissionAsync(uid, 'manage-selected-settings')); if (!manageSelectedSettings) { return []; } - const bypass = (settings: T): T => settings; + const bypass = async (settings: T): Promise => settings; - const applyFilter = (fn: (args: T) => U, args: T): U => fn(args); + const applyFilter = (fn: (args: T) => Promise, args: T): Promise => fn(args); - const getAuthorizedSettingsFiltered = (settings: ISetting[]): ISetting[] => - settings.filter((record) => hasPermission(uid, getSettingPermissionId(record._id))); + const getAuthorizedSettingsFiltered = async (settings: ISetting[]): Promise => + (await Promise.all(settings.map((record) => hasPermissionAsync(uid, getSettingPermissionId(record._id))))).filter(Boolean); const getAuthorizedSettings = async (updatedAfter: Date | undefined, privilegedSetting: boolean): Promise => applyFilter(