Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Users can mention here and all even without permission #29907

Merged
merged 5 commits into from
Jul 25, 2023

Conversation

matheusbsilva137
Copy link
Member

@matheusbsilva137 matheusbsilva137 commented Jul 24, 2023

Proposed changes (including videos or screenshots)

  • Run @all and @here mentions callbacks verifications only after mentions are parsed.

Issue(s)

Steps to test or reproduce

Insert a regular user (which has only the user role assigned to it) "A" in a room. Then, as an admin, remove the mention-all and mention-here permissions from the user role.
Logged in as user "A", try to send a message tagging @all and @here.
Current behavior: the message is sent.
Expected behavior: an error is thrown and the message is not sent. An ephemeral message is also sent in the room, informing that tagging @all and @here is not allowed.

Note: this works the same with room scoped roles (eg Moderator, Leader, Owner). If the user has global OR room permission to mention @all and @here, then the message will be accepted.

Further comments

SUP-294

@changeset-bot
Copy link

changeset-bot bot commented Jul 24, 2023

🦋 Changeset detected

Latest commit: 4511596

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 24 packages
Name Type
@rocket.chat/meteor Patch
@rocket.chat/core-typings Patch
@rocket.chat/rest-typings Patch
@rocket.chat/core-services Patch
@rocket.chat/cron Patch
@rocket.chat/model-typings Patch
@rocket.chat/ui-contexts Patch
@rocket.chat/account-service Patch
@rocket.chat/authorization-service Patch
@rocket.chat/ddp-streamer Patch
@rocket.chat/omnichannel-transcript Patch
@rocket.chat/presence-service Patch
@rocket.chat/queue-worker Patch
@rocket.chat/stream-hub-service Patch
@rocket.chat/api-client Patch
@rocket.chat/omnichannel-services Patch
@rocket.chat/pdf-worker Patch
@rocket.chat/presence Patch
rocketchat-services Patch
@rocket.chat/ddp-client Patch
@rocket.chat/fuselage-ui-kit Patch
@rocket.chat/models Patch
@rocket.chat/uikit-playground Patch
@rocket.chat/instance-status Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codecov
Copy link

codecov bot commented Jul 24, 2023

Codecov Report

Merging #29907 (4511596) into develop (db2cc31) will increase coverage by 0.67%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop   #29907      +/-   ##
===========================================
+ Coverage    47.85%   48.52%   +0.67%     
===========================================
  Files          671      697      +26     
  Lines        13494    13906     +412     
  Branches      2438     2445       +7     
===========================================
+ Hits          6457     6748     +291     
- Misses        6659     6777     +118     
- Partials       378      381       +3     
Flag Coverage Δ
e2e 46.61% <ø> (+0.77%) ⬆️
unit 64.90% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@matheusbsilva137 matheusbsilva137 added this to the 6.4.0 milestone Jul 24, 2023
KevLehman
KevLehman previously approved these changes Jul 24, 2023
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label Jul 25, 2023
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: ready to merge PR tested and approved waiting for merge labels Jul 25, 2023
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: ready to merge PR tested and approved waiting for merge labels Jul 25, 2023
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: ready to merge PR tested and approved waiting for merge labels Jul 25, 2023
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: ready to merge PR tested and approved waiting for merge labels Jul 25, 2023
@kodiakhq kodiakhq bot merged commit 306a583 into develop Jul 25, 2023
@kodiakhq kodiakhq bot deleted the fix/all-here-no-permission branch July 25, 2023 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
squad: team-collab stat: ready to merge PR tested and approved waiting for merge
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants