You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Muting & then un-muting one user has the side-effect, that he/she will be then able to send messages, even if the entire room gets set to read-only.
The root cause is that whilst un-muting the user, the name is removed from room.mutedand added to room.unmuted. That's not idempotent.
Description:
The PR #11311 fixed some issues with read-only & muted of a room. Unfortunately, this fix introduced a side-effect, that may not be intended.
Let's assume the following use case
Action
Effect
read-only
muted
unmuted
Chat x has participant random-dude (it's newly created)
Everybody can send messages
false
[]
[]
random-dude sends spam & therefore gets muted
Everybody but the random-dude can send messages
false
['random-dude']
[]
After stopping spamming, random-dude gets re-activated
Everybody can send messages
false
[]
['random-dude'] ❗️
Now, the entire chat needs to be muted for some time -> moderator sets it to read-only
Nobody except the random-dude ❗️ can send messages
true
[]
['random-dude']
In my humble opinion, the marked (❗️) states are quiet odd. That means, once a user gets re-activated, the user is able to send messages even if the entire room gets muted.
Even if the user gets kicked, its username remains in the room.unmuted array.
This is very error-prone, because the moderator doesn't see which users still are able to send messages.
Steps to reproduce:
Follow the mentioned use-case from above
For example, you may ...
Log into the admin UI as administator
Create a blank new room with a participant
Open the e.g. Chrome developer tools & watch the WebSocket frames being send
Use the administrator to follow the use-case
Expected behavior:
Muting and un-muting one user is idempotent. So a blank new user shall have the same muted-state as a 'muted and then unmuted user' (no record in neither muted and unmuted).
Actual behavior:
A 'muted and then unmuted user' still can send messages in a muted room.
Server Setup Information:
Version of Rocket.Chat Server: 1.3.2
Operating System: Linux
Deployment Method: docker
Number of Running Instances: 3
DB Replicaset Oplog: true
NodeJS Version: 8.11.4
MongoDB Version: 4.0.12
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
TL;DR
Muting & then un-muting one user has the side-effect, that he/she will be then able to send messages, even if the entire room gets set to read-only.
The root cause is that whilst un-muting the user, the name is removed from
room.muted
and added toroom.unmuted
. That's not idempotent.Description:
The PR #11311 fixed some issues with read-only & muted of a room. Unfortunately, this fix introduced a side-effect, that may not be intended.
Let's assume the following use case
x
has participantrandom-dude
(it's newly created)false
[]
[]
random-dude
sends spam & therefore gets mutedrandom-dude
can send messagesfalse
['random-dude']
[]
random-dude
gets re-activatedfalse
[]
['random-dude']
❗️random-dude
❗️ can send messagestrue
[]
['random-dude']
In my humble opinion, the marked (❗️) states are quiet odd. That means, once a user gets re-activated, the user is able to send messages even if the entire room gets muted.
Even if the user gets kicked, its username remains in the
room.unmuted
array.This is very error-prone, because the moderator doesn't see which users still are able to send messages.
Steps to reproduce:
Expected behavior:
Muting and un-muting one user is idempotent. So a blank new user shall have the same muted-state as a 'muted and then unmuted user' (no record in neither
muted
andunmuted
).Actual behavior:
A 'muted and then unmuted user' still can send messages in a muted room.
Server Setup Information:
The text was updated successfully, but these errors were encountered: