Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into adm/…

…users_and_rooms

* 'develop' of github.com:RocketChat/Rocket.Chat: (29 commits)
  [FIX] 2FA not showing codes for Spanish translation (#17378)
  [NEW] [ENTERPRISE] Restrict the permissions configuration for guest users  (#17333)
  [NEW] Federation event for when users left rooms (#17091)
  [FIX] CSV Importer fails when there are no users to import (#16790)
  Import slack's mpims as direct rooms instead of private groups (#17206)
  [FIX] SAML Idp Initiated Logout Error (#17324)
  [NEW] Better Push and Email Notification logic (#17357)
  [NEW] Error page when browser is not supported (#17372)
  [NEW] [ENTERPRISE] Omnichannel queue priorities (#17141)
  [IMPROVE] Change the SAML metadata order to conform to XSD specification (#15488)
  [IMPROVE] Filter markdown in notifications (#9995)
  [IMPROVE] User gets UI feedback when message is pinned or unpinned (#16056)
  Remove set as alias setting (#16343)
  [IMPROVE] Add `file-title` and `file-desc` as new filter tag options on message search (#16858)
  [NEW]  Add ability to set tags in the Omnichannel room closing dialog (#17254)
  [FIX] Show active admin and user account menu item (#17047)
  [NEW] [ENTERPRISE] Allows to set a group of departments accepted for forwarding chats (#17335)
  [FIX] Prevent user from getting stuck on login, if there is some bad fname (#17331)
  [FIX] Remove properties from users.info response (#17238)
  Bump version to 3.1.1
  ...

.eslintrc

@@ -90,7 +90,8 @@
         "@typescript-eslint/interface-name-prefix": [
           "error",
           "always"
-        ]
+        ],
+        "@typescript-eslint/explicit-function-return-type": "off"
       },
       "env": {
         "browser": true,

.github/history.json

@@ -42397,6 +42397,101 @@
           ]
         }
       ]
+    },
+    "3.1.1": {
+      "node_version": "12.16.1",
+      "npm_version": "6.13.4",
+      "mongo_versions": [
+        "3.4",
+        "3.6",
+        "4.0"
+      ],
+      "pull_requests": [
+        {
+          "pr": "17278",
+          "title": "[FIX] SAML assertion signature enforcement",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "3.1.1",
+          "contributors": [
+            "pierre-lehnen-rc",
+            "sampaiodiego"
+          ]
+        },
+        {
+          "pr": "17299",
+          "title": "[FIX] User search on directory not working correctly",
+          "userLogin": "rodrigok",
+          "milestone": "3.1.1",
+          "contributors": [
+            "rodrigok"
+          ]
+        },
+        {
+          "pr": "17275",
+          "title": "[FIX] 404 error when clicking an username",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "3.1.1",
+          "contributors": [
+            "pierre-lehnen-rc"
+          ]
+        },
+        {
+          "pr": "17287",
+          "title": "Update Apps-Engine to stable version",
+          "userLogin": "d-gubert",
+          "milestone": "3.1.1",
+          "contributors": [
+            "d-gubert"
+          ]
+        },
+        {
+          "pr": "17286",
+          "title": "[FIX] Avatar on sidebar when showing real names",
+          "userLogin": "ggazzo",
+          "milestone": "3.1.1",
+          "contributors": [
+            "ggazzo"
+          ]
+        },
+        {
+          "pr": "17283",
+          "title": "[FIX] Directory default tab",
+          "userLogin": "ggazzo",
+          "milestone": "3.1.1",
+          "contributors": [
+            "ggazzo"
+          ]
+        },
+        {
+          "pr": "17282",
+          "title": "[FIX] Discussions created from inside DMs were not working and some errors accessing recently created rooms",
+          "userLogin": "rodrigok",
+          "milestone": "3.1.1",
+          "contributors": [
+            "rodrigok",
+            "sampaiodiego"
+          ]
+        },
+        {
+          "pr": "17288",
+          "title": " [FIX] Omnichannel SMS / WhatsApp integration errors due to missing location data",
+          "userLogin": "renatobecker",
+          "milestone": "3.1.1",
+          "contributors": [
+            "renatobecker",
+            "web-flow"
+          ]
+        },
+        {
+          "pr": "17302",
+          "title": "[FIX] LDAP users lose session on refresh",
+          "userLogin": "pierre-lehnen-rc",
+          "milestone": "3.1.1",
+          "contributors": [
+            "pierre-lehnen-rc"
+          ]
+        }
+      ]
     }
   }
 }

.github/workflows/build_and_test.yml

@@ -250,6 +250,14 @@ jobs:
     steps:
     - uses: actions/checkout@v1
 
+    - name: Free disk space
+      run: |
+        sudo swapoff -a
+        sudo rm -f /swapfile
+        sudo apt clean
+        docker rmi $(docker image ls -aq)
+        df -h
+
     - name: Cache node modules
       id: cache-nodemodules
       uses: actions/cache@v1

HISTORY.md

@@ -1,4 +1,48 @@
 
+# 3.1.1
+`2020-04-14  ·  8 🐛  ·  1 🔍  ·  6 👩‍💻👨‍💻`
+
+### Engine versions
+- Node: `12.16.1`
+- NPM: `6.13.4`
+- MongoDB: `3.4, 3.6, 4.0`
+
+### 🐛 Bug fixes
+
+
+- SAML assertion signature enforcement ([#17278](https://github.com/RocketChat/Rocket.Chat/pull/17278))
+
+- User search on directory not working correctly ([#17299](https://github.com/RocketChat/Rocket.Chat/pull/17299))
+
+- 404 error when clicking an username ([#17275](https://github.com/RocketChat/Rocket.Chat/pull/17275))
+
+- Avatar on sidebar when showing real names ([#17286](https://github.com/RocketChat/Rocket.Chat/pull/17286))
+
+- Directory default tab ([#17283](https://github.com/RocketChat/Rocket.Chat/pull/17283))
+
+- Discussions created from inside DMs were not working and some errors accessing recently created rooms ([#17282](https://github.com/RocketChat/Rocket.Chat/pull/17282))
+
+- Omnichannel SMS / WhatsApp integration errors due to missing location data ([#17288](https://github.com/RocketChat/Rocket.Chat/pull/17288))
+
+- LDAP users lose session on refresh ([#17302](https://github.com/RocketChat/Rocket.Chat/pull/17302))
+
+<details>
+<summary>🔍 Minor changes</summary>
+
+
+- Update Apps-Engine to stable version ([#17287](https://github.com/RocketChat/Rocket.Chat/pull/17287))
+
+</details>
+
+### 👩‍💻👨‍💻 Core Team 🤓
+
+- [@d-gubert](https://github.com/d-gubert)
+- [@ggazzo](https://github.com/ggazzo)
+- [@pierre-lehnen-rc](https://github.com/pierre-lehnen-rc)
+- [@renatobecker](https://github.com/renatobecker)
+- [@rodrigok](https://github.com/rodrigok)
+- [@sampaiodiego](https://github.com/sampaiodiego)
+
 # 3.1.0
 `2020-04-09  ·  23 🎉  ·  22 🚀  ·  71 🐛  ·  86 🔍  ·  41 👩‍💻👨‍💻`
 

app/api/server/v1/users.js

@@ -16,7 +16,7 @@ import {
 	setUserAvatar,
 	saveCustomFields,
 } from '../../../lib';
-import { getFullUserData, getFullUserDataById } from '../../../lib/server/functions/getFullUserData';
+import { getFullUserDataByIdOrUsername } from '../../../lib/server/functions/getFullUserData';
 import { API } from '../api';
 import { setStatusText } from '../../../lib/server';
 import { findUsersToAutocomplete } from '../lib/users';
@@ -180,20 +180,12 @@ API.v1.addRoute('users.info', { authRequired: true }, {
 	get() {
 		const { username, userId } = this.requestParams();
 		const { fields } = this.parseJsonQuery();
-		const params = {
-			userId: this.userId,
-			filter: username,
-			limit: 1,
-		};
 
-		const result = userId
-			? getFullUserDataById({ userId: this.userId, filterId: userId })
-			: getFullUserData(params);
+		const user = getFullUserDataByIdOrUsername({ userId: this.userId, filterId: userId, filterUsername: username });
 
-		if (!result || result.count() !== 1) {
+		if (!user) {
 			return API.v1.failure('User not found.');
 		}
-		const [user] = result.fetch();
 		const myself = user._id === this.userId;
 		if (fields.userRooms === 1 && (myself || hasPermission(this.userId, 'view-other-user-channels'))) {
 			user.rooms = Subscriptions.findByUserId(user._id, {

app/apps/client/admin/helpers.js

@@ -47,7 +47,7 @@ const promptCloudLogin = () => {
 		html: false,
 	}, (confirmed) => {
 		if (confirmed) {
-			FlowRouter.go('cloud-config');
+			FlowRouter.go('cloud');
 		}
 	});
 };

app/apps/client/admin/marketplace.js

@@ -254,7 +254,7 @@ Template.marketplace.helpers({
 
 Template.marketplace.events({
 	'click .js-cloud-login'() {
-		FlowRouter.go('cloud-config');
+		FlowRouter.go('cloud');
 	},
 	'submit .js-search-form'(event) {
 		event.stopPropagation();

app/authorization/client/index.js

@@ -1,5 +1,6 @@
 import { hasAllPermission, hasAtLeastOnePermission, hasPermission, userHasAllPermission } from './hasPermission';
 import { hasRole } from './hasRole';
+import { AuthorizationUtils } from './lib/AuthorizationUtils';
 import './usersNameChanged';
 import './requiresPermission.html';
 import './route';
@@ -12,4 +13,5 @@ export {
 	hasRole,
 	hasPermission,
 	userHasAllPermission,
+	AuthorizationUtils,
 };

app/authorization/client/lib/AuthorizationUtils.ts

@@ -0,0 +1,10 @@
+import { Meteor } from 'meteor/meteor';
+
+export const AuthorizationUtils = class {
+	static isRoleReadOnly(roleId: string): boolean {
+		if (!roleId) {
+			throw new Meteor.Error('invalid-param');
+		}
+		return false;
+	}
+};

app/authorization/client/views/permissions.html

@@ -27,7 +27,7 @@
 						<td class="permission-name border-component-color" title="{{permissionDescription permission}}">{{permissionName permission}}<br><span class = "id-styler">[ID: {{permission._id}}]</span></td>
 						{{#each role in allRoles}}
 						<td class="permission-checkbox border-component-color">
-							<input type="checkbox" name="perm[{{role._id}}][{{permission._id}}]" class="role-permission" value="1" checked="{{granted permission.roles role}}" data-role="{{role._id}}" data-permission="{{permission._id}}">
+							<input type="checkbox" name="perm[{{role._id}}][{{permission._id}}]" class="role-permission" value="1" checked="{{granted permission.roles role}}" data-role="{{role._id}}" data-permission="{{permission._id}}" disabled="{{disabled role}}">
 						</td>
 						{{else}}
 						<tr class="table-no-click">

app/authorization/client/views/permissions.js

@@ -1,16 +1,17 @@
+import { Meteor } from 'meteor/meteor';
 import _ from 'underscore';
 import s from 'underscore.string';
-import { Meteor } from 'meteor/meteor';
 import { ReactiveDict } from 'meteor/reactive-dict';
 import { Tracker } from 'meteor/tracker';
 import { Template } from 'meteor/templating';
 
-import { Roles } from '../../../models';
+import { Roles } from '../../../models/client';
 import { ChatPermissions } from '../lib/ChatPermissions';
 import { hasAllPermission } from '../hasPermission';
 import { t } from '../../../utils/client';
 import { SideNav } from '../../../ui-utils/client/lib/SideNav';
 import { CONSTANTS } from '../../lib';
+import { AuthorizationUtils } from '../lib/AuthorizationUtils';
 
 import { hasAtLeastOnePermission } from '..';
 
@@ -179,6 +180,10 @@ Template.permissionsTable.helpers({
 	permissionDescription(permission) {
 		return t(`${ permission._id }_description`);
 	},
+
+	disabled(role) {
+		return AuthorizationUtils.isRoleReadOnly(role._id);
+	},
 });
 
 Template.permissionsTable.events({

app/authorization/server/index.js

@@ -14,6 +14,7 @@ import {
 } from './functions/hasPermission';
 import { hasRole } from './functions/hasRole';
 import { removeUserFromRoles } from './functions/removeUserFromRoles';
+import { AuthorizationUtils } from './lib/AuthorizationUtils';
 import './methods/addPermissionToRole';
 import './methods/addUserToRole';
 import './methods/deleteRole';
@@ -36,4 +37,5 @@ export {
 	hasAllPermission,
 	hasAtLeastOnePermission,
 	hasPermission,
+	AuthorizationUtils,
 };

app/authorization/server/lib/AuthorizationUtils.ts

@@ -0,0 +1,10 @@
+import { Meteor } from 'meteor/meteor';
+
+export const AuthorizationUtils = class {
+	static isRoleReadOnly(roleId: string): boolean {
+		if (!roleId) {
+			throw new Meteor.Error('invalid-param');
+		}
+		return false;
+	}
+};

app/authorization/server/methods/addPermissionToRole.js

@@ -2,10 +2,18 @@ import { Meteor } from 'meteor/meteor';
 
 import { Permissions } from '../../../models/server';
 import { hasPermission } from '../functions/hasPermission';
+import { AuthorizationUtils } from '../lib/AuthorizationUtils';
 import { CONSTANTS } from '../../lib';
 
 Meteor.methods({
 	'authorization:addPermissionToRole'(permissionId, role) {
+		if (AuthorizationUtils.isRoleReadOnly(role)) {
+			throw new Meteor.Error('error-action-not-allowed', 'Role is readonly', {
+				method: 'authorization:addPermissionToRole',
+				action: 'Adding_permission',
+			});
+		}
+
 		const uid = Meteor.userId();
 		const permission = Permissions.findOneById(permissionId);
 

app/authorization/server/methods/removeRoleFromPermission.js

@@ -2,10 +2,18 @@ import { Meteor } from 'meteor/meteor';
 
 import { Permissions } from '../../../models/server';
 import { hasPermission } from '../functions/hasPermission';
+import { AuthorizationUtils } from '../lib/AuthorizationUtils';
 import { CONSTANTS } from '../../lib';
 
 Meteor.methods({
 	'authorization:removeRoleFromPermission'(permissionId, role) {
+		if (AuthorizationUtils.isRoleReadOnly(role)) {
+			throw new Meteor.Error('error-action-not-allowed', 'Role is readonly', {
+				method: 'authorization:removeRoleFromPermission',
+				action: 'Removing_permission',
+			});
+		}
+
 		const uid = Meteor.userId();
 		const permission = Permissions.findOneById(permissionId);
 

app/authorization/server/startup.js

@@ -70,14 +70,14 @@ Meteor.startup(function() {
 		{ _id: 'unarchive-room',                roles: ['admin'] },
 		{ _id: 'view-c-room',                   roles: ['admin', 'user', 'bot', 'app', 'anonymous'] },
 		{ _id: 'user-generate-access-token',    roles: ['admin'] },
-		{ _id: 'view-d-room',                   roles: ['admin', 'user', 'bot', 'app'] },
+		{ _id: 'view-d-room',                   roles: ['admin', 'user', 'bot', 'app', 'guest'] },
 		{ _id: 'view-full-other-user-info',     roles: ['admin'] },
 		{ _id: 'view-history',                  roles: ['admin', 'user', 'anonymous'] },
 		{ _id: 'view-joined-room',              roles: ['guest', 'bot', 'app', 'anonymous'] },
 		{ _id: 'view-join-code',                roles: ['admin'] },
 		{ _id: 'view-logs',                     roles: ['admin'] },
 		{ _id: 'view-other-user-channels',      roles: ['admin'] },
-		{ _id: 'view-p-room',                   roles: ['admin', 'user', 'anonymous'] },
+		{ _id: 'view-p-room',                   roles: ['admin', 'user', 'anonymous', 'guest'] },
 		{ _id: 'view-privileged-setting',       roles: ['admin'] },
 		{ _id: 'view-room-administration',      roles: ['admin'] },
 		{ _id: 'view-statistics',               roles: ['admin'] },

app/cloud/client/index.js

@@ -8,7 +8,7 @@ import { registerAdminRoute, registerAdminSidebarItem } from '../../ui-admin/cli
 import { hasAtLeastOnePermission } from '../../authorization';
 
 registerAdminRoute('/cloud', {
-	name: 'cloud-config',
+	name: 'cloud',
 	async action() {
 		await import('./admin');
 		BlazeLayout.render('main', { center: 'cloud', old: true });
@@ -25,7 +25,7 @@ registerAdminRoute('/cloud/oauth-callback', {
 
 registerAdminSidebarItem({
 	icon: 'cloud-plus',
-	href: 'admin/cloud',
+	href: 'cloud',
 	i18nLabel: 'Connectivity_Services',
 	permissionGranted() {
 		return hasAtLeastOnePermission(['manage-cloud']);

app/federation/client/admin/dashboard.js

@@ -77,7 +77,7 @@ registerAdminRoute('/federation-dashboard', {
 
 registerAdminSidebarItem({
 	icon: 'discover',
-	href: 'admin/federation-dashboard',
+	href: 'federation-dashboard',
 	i18nLabel: 'Federation Dashboard',
 	permissionGranted() {
 		return hasRole(Meteor.userId(), 'admin');