Merge branch 'develop' into fix-translation-param

.changeset/flat-starfishes-crash.md

@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixed a problem in how server was processing errors that was sending 2 ephemeral error messages when @all or @here were used while they were disabled via permissions

.changeset/lazy-gorilas-shop.md

@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+"@rocket.chat/i18n": patch
+---
+
+Fixed an issue with object storage settings that was not allowing admins to decide if files generated via "Export conversation" feature were being proxied through server or not.

apps/meteor/app/lib/server/methods/sendMessage.ts

@@ -87,8 +87,9 @@ export async function executeSendMessage(uid: IUser['_id'], message: AtLeast<IMe
 		SystemLogger.error({ msg: 'Error sending message:', err });
 
 		const errorMessage = typeof err === 'string' ? err : err.error || err.message;
+		const errorContext = err.details ?? {};
 		void api.broadcast('notify.ephemeralMessage', uid, message.rid, {
-			msg: i18n.t(errorMessage, { lng: user.language }),
+			msg: i18n.t(errorMessage, errorContext, user.language),
 		});
 
 		if (typeof err === 'string') {

apps/meteor/server/services/messages/hooks/BeforeSavePreventMention.ts

@@ -1,11 +1,9 @@
-import { Authorization, MeteorError, type IApiService } from '@rocket.chat/core-services';
+import { Authorization, MeteorError } from '@rocket.chat/core-services';
 import { type IMessage, type IUser } from '@rocket.chat/core-typings';
 
 import { i18n } from '../../../lib/i18n';
 
 export class BeforeSavePreventMention {
-	constructor(private api?: IApiService) {}
-
 	async preventMention({
 		message,
 		user,
@@ -32,16 +30,9 @@ export class BeforeSavePreventMention {
 
 		const action = i18n.t('Notify_all_in_this_room', { lng: user.language });
 
-		// Add a notification to the chat, informing the user that this
-		// action is not allowed.
-		void this.api?.broadcast('notify.ephemeralMessage', message.u._id, message.rid, {
-			// TODO: i18n
-			msg: i18n.t('error-action-not-allowed', { action } as any, user.language),
-		});
-
 		// Also throw to stop propagation of 'sendMessage'.
 		throw new MeteorError('error-action-not-allowed', `Notify ${mention} in this room not allowed`, {
-			action: 'Notify_all_in_this_room',
+			action,
 		});
 	}
 }

apps/meteor/server/services/messages/service.ts

@@ -40,7 +40,7 @@ export class MessageService extends ServiceClassInternal implements IMessageServ
 	private checkMAC: BeforeSaveCheckMAC;
 
 	async created() {
-		this.preventMention = new BeforeSavePreventMention(this.api);
+		this.preventMention = new BeforeSavePreventMention();
 		this.badWords = new BeforeSaveBadWords();
 		this.spotify = new BeforeSaveSpotify();
 		this.jumpToMessage = new BeforeSaveJumpToMessage({

apps/meteor/server/settings/file-upload.ts

@@ -187,6 +187,13 @@ export const createFileUploadSettings = () =>
 					value: 'AmazonS3',
 				},
 			});
+			await this.add('FileUpload_S3_Proxy_UserDataFiles', false, {
+				type: 'boolean',
+				enableQuery: {
+					_id: 'FileUpload_Storage_Type',
+					value: 'AmazonS3',
+				},
+			});
 		});
 
 		await this.section('Google Cloud Storage', async function () {
@@ -244,6 +251,13 @@ export const createFileUploadSettings = () =>
 					value: 'GoogleCloudStorage',
 				},
 			});
+			await this.add('FileUpload_GoogleStorage_Proxy_UserDataFiles', false, {
+				type: 'boolean',
+				enableQuery: {
+					_id: 'FileUpload_Storage_Type',
+					value: 'GoogleCloudStorage',
+				},
+			});
 		});
 
 		await this.section('File System', async function () {
@@ -302,6 +316,13 @@ export const createFileUploadSettings = () =>
 					value: 'Webdav',
 				},
 			});
+			await this.add('FileUpload_Webdav_Proxy_UserDataFiles', false, {
+				type: 'boolean',
+				enableQuery: {
+					_id: 'FileUpload_Storage_Type',
+					value: 'Webdav',
+				},
+			});
 		});
 
 		await this.add('FileUpload_Enabled_Direct', true, {

apps/meteor/tests/e2e/message-mentions.spec.ts

@@ -38,6 +38,68 @@ test.describe.serial('message-mentions', () => {
 		await expect(poHomeChannel.content.messagePopupUsers.locator('role=listitem >> text="here"')).toBeVisible();
 	});
 
+	test.describe('Should not allow to send @all mention if permission to do so is disabled', () => {
+		let targetChannel2: string;
+		test.beforeAll(async ({ api }) => {
+			expect((await api.post('/permissions.update', { permissions: [{ '_id': 'mention-all', 'roles': [] }] })).status()).toBe(200);
+		});
+
+		test.afterAll(async ({ api }) => {
+			expect((await api.post('/permissions.update', { permissions: [{ '_id': 'mention-all', 'roles': ['admin', 'owner', 'moderator', 'user'] }] })).status()).toBe(200);
+			await deleteChannel(api, targetChannel2);
+		});
+
+		test('expect to receive an error as notification when sending @all while permission is disabled', async ({ page }) => {
+			const adminPage = new HomeChannel(page);
+
+			await test.step('create private room', async () => {
+				targetChannel2 = faker.string.uuid();
+
+				await poHomeChannel.sidenav.openNewByLabel('Channel');
+				await poHomeChannel.sidenav.inputChannelName.type(targetChannel2);
+				await poHomeChannel.sidenav.btnCreate.click();
+
+				await expect(page).toHaveURL(`/group/${targetChannel2}`);
+			});
+			await test.step('receive notify message', async () => {
+				await adminPage.sidenav.openChat(targetChannel2);
+				await adminPage.content.dispatchSlashCommand('@all');
+				await expect(adminPage.content.lastUserMessage).toContainText('Notify all in this room is not allowed');
+			});
+		});
+	});
+
+	test.describe('Should not allow to send @here mention if permission to do so is disabled', () => {
+		let targetChannel2: string;
+		test.beforeAll(async ({ api }) => {
+			expect((await api.post('/permissions.update', { permissions: [{ '_id': 'mention-here', 'roles': [] }] })).status()).toBe(200);
+		});
+
+		test.afterAll(async ({ api }) => {
+			expect((await api.post('/permissions.update', { permissions: [{ '_id': 'mention-here', 'roles': ['admin', 'owner', 'moderator', 'user'] }] })).status()).toBe(200);
+			await deleteChannel(api, targetChannel2);
+		});
+
+		test('expect to receive an error as notification when sending here while permission is disabled', async ({ page }) => {
+			const adminPage = new HomeChannel(page);
+
+			await test.step('create private room', async () => {
+				targetChannel2 = faker.string.uuid();
+
+				await poHomeChannel.sidenav.openNewByLabel('Channel');
+				await poHomeChannel.sidenav.inputChannelName.type(targetChannel2);
+				await poHomeChannel.sidenav.btnCreate.click();
+
+				await expect(page).toHaveURL(`/group/${targetChannel2}`);
+			});
+			await test.step('receive notify message', async () => {
+				await adminPage.sidenav.openChat(targetChannel2);
+				await adminPage.content.dispatchSlashCommand('@here');
+				await expect(adminPage.content.lastUserMessage).toContainText('Notify all in this room is not allowed');
+			});
+		});
+	});
+
 	test.describe('users not in channel', () => {
 		let targetChannel: string;
 		let targetChannel2: string;

packages/i18n/src/locales/en.i18n.json

@@ -2360,6 +2360,8 @@
   "FileUpload_GoogleStorage_Proxy_Uploads": "Proxy Uploads",
   "FileUpload_GoogleStorage_Proxy_Uploads_Description": "Proxy upload file transmissions through your server instead of direct access to the asset's URL",
   "FileUpload_GoogleStorage_Secret": "Google Storage Secret",
+  "FileUpload_GoogleStorage_Proxy_UserDataFiles": "Proxy User Data Files",
+  "FileUpload_GoogleStorage_Proxy_UserDataFiles_Description": "Proxy user data file transmissions through your server instead of direct access to the asset's URL",
   "FileUpload_GoogleStorage_Secret_Description": "Please follow [these instructions](https://github.com/CulturalMe/meteor-slingshot#google-cloud) and paste the result here.",
   "FileUpload_json_web_token_secret_for_files": "File Upload Json Web Token Secret",
   "FileUpload_json_web_token_secret_for_files_description": "File Upload Json Web Token Secret (Used to be able to access uploaded files without authentication)",
@@ -2390,6 +2392,8 @@
   "FileUpload_S3_Proxy_Avatars_Description": "Proxy avatar file transmissions through your server instead of direct access to the asset's URL",
   "FileUpload_S3_Proxy_Uploads": "Proxy Uploads",
   "FileUpload_S3_Proxy_Uploads_Description": "Proxy upload file transmissions through your server instead of direct access to the asset's URL",
+  "FileUpload_S3_Proxy_UserDataFiles": "Proxy User Data Files",
+  "FileUpload_S3_Proxy_UserDataFiles_Description": "Proxy user data file transmissions through your server instead of direct access to the asset's URL",
   "Hold_Call_EE_only": "Hold Call (Enterprise Edition only)",
   "FileUpload_S3_Region": "Region",
   "FileUpload_S3_SignatureVersion": "Signature Version",
@@ -2401,6 +2405,8 @@
   "FileUpload_Webdav_Proxy_Avatars_Description": "Proxy avatar file transmissions through your server instead of direct access to the asset's URL",
   "FileUpload_Webdav_Proxy_Uploads": "Proxy Uploads",
   "FileUpload_Webdav_Proxy_Uploads_Description": "Proxy upload file transmissions through your server instead of direct access to the asset's URL",
+  "FileUpload_Webdav_Proxy_UserDataFiles": "Proxy User Data Files",
+  "FileUpload_Webdav_Proxy_UserDataFiles_Description": "Proxy user data file transmissions through your server instead of direct access to the asset's URL",
   "FileUpload_Webdav_Server_URL": "WebDAV Server Access URL",
   "FileUpload_Webdav_Upload_Folder_Path": "Upload Folder Path",
   "FileUpload_Webdav_Upload_Folder_Path_Description": "WebDAV folder path which the files should be uploaded to",