[FIX] Uncessary updates on Settings, Roles and Permissions on startup

app/api/server/api.js

@@ -374,7 +374,7 @@ export class APIClass extends Restivus {
 							'error-unauthorized': 'unauthorized',
 						}[e.error] || 'failure';
 
-						result = API.v1[apiMethod](typeof e === 'string' ? e : e.message, e.error, undefined, e);
+						result = API.v1[apiMethod](typeof e === 'string' ? e : e.message, e.error, process.env.TEST_MODE ? e.stack : undefined, e);
 					} finally {
 						delete Accounts._accountData[connection.id];
 					}

app/api/server/v1/chat.js

@@ -4,7 +4,7 @@ import { Match, check } from 'meteor/check';
 import { Messages } from '../../../models';
 import { canAccessRoom, hasPermission } from '../../../authorization';
 import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMessagesForUser';
-import { processWebhookMessage } from '../../../lib';
+import { processWebhookMessage } from '../../../lib/server';
 import { API } from '../api';
 import Rooms from '../../../models/server/models/Rooms';
 import Users from '../../../models/server/models/Users';

app/api/server/v1/permissions.js

@@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor';
 import { Match, check } from 'meteor/check';
 
 import { hasPermission } from '../../../authorization';
-import { Permissions, Roles } from '../../../models';
+import { Permissions, Roles } from '../../../models/server';
 import { API } from '../api';
 
 /**

app/api/server/v1/settings.js

@@ -3,7 +3,7 @@ import { Match, check } from 'meteor/check';
 import { ServiceConfiguration } from 'meteor/service-configuration';
 import _ from 'underscore';
 
-import { Settings } from '../../../models';
+import { Settings } from '../../../models/server';
 import { hasPermission } from '../../../authorization';
 import { API } from '../api';
 

app/apps/server/orchestrator.js

@@ -24,7 +24,7 @@ class AppServerOrchestrator {
 
 	initialize() {
 		this._rocketchatLogger = new Logger('Rocket.Chat Apps');
-		Permissions.createOrUpdate('manage-apps', ['admin']);
+		Permissions.create('manage-apps', ['admin']);
 
 		this._marketplaceUrl = 'https://marketplace.rocket.chat';
 

app/authorization/server/startup.js

@@ -1,7 +1,7 @@
 /* eslint no-multi-spaces: 0 */
 import { Meteor } from 'meteor/meteor';
 
-import { Roles, Permissions, Settings } from '../../models';
+import { Roles, Permissions, Settings } from '../../models/server';
 import { settings } from '../../settings/server';
 import { getSettingPermissionId, CONSTANTS } from '../lib';
 import { clearCache } from './functions/hasPermission';
@@ -114,9 +114,7 @@ Meteor.startup(function() {
 	];
 
 	for (const permission of permissions) {
-		if (!Permissions.findOneById(permission._id)) {
-			Permissions.upsert(permission._id, { $set: permission });
-		}
+		Permissions.create(permission._id, permission.roles);
 	}
 
 	const defaultRoles = [
@@ -134,7 +132,7 @@ Meteor.startup(function() {
 	];
 
 	for (const role of defaultRoles) {
-		Roles.upsert({ _id: role.name }, { $setOnInsert: { scope: role.scope, description: role.description || '', protected: true, mandatory2fa: false } });
+		Roles.createOrUpdate(role.name, role.scope, role.description, true, false);
 	}
 
 	const getPreviousPermissions = function(settingId) {
@@ -155,27 +153,34 @@ Meteor.startup(function() {
 	const createSettingPermission = function(setting, previousSettingPermissions) {
 		const permissionId = getSettingPermissionId(setting._id);
 		const permission = {
-			_id: permissionId,
 			level: CONSTANTS.SETTINGS_LEVEL,
 			// copy those setting-properties which are needed to properly publish the setting-based permissions
 			settingId: setting._id,
 			group: setting.group,
 			section: setting.section,
 			sorter: setting.sorter,
+			roles: [],
 		};
 		// copy previously assigned roles if available
 		if (previousSettingPermissions[permissionId] && previousSettingPermissions[permissionId].roles) {
 			permission.roles = previousSettingPermissions[permissionId].roles;
-		} else {
-			permission.roles = [];
 		}
 		if (setting.group) {
 			permission.groupPermissionId = getSettingPermissionId(setting.group);
 		}
 		if (setting.section) {
 			permission.sectionPermissionId = getSettingPermissionId(setting.section);
 		}
-		Permissions.upsert(permission._id, { $set: permission });
+
+		const existent = Permissions.findOne({
+			_id: permissionId,
+			...permission,
+		}, { fields: { _id: 1 } });
+
+		if (!existent) {
+			Permissions.upsert({ _id: permissionId }, { $set: permission });
+		}
+
 		delete previousSettingPermissions[permissionId];
 	};
 

app/channel-settings-mail-messages/server/lib/startup.js

@@ -7,7 +7,5 @@ Meteor.startup(function() {
 		_id: 'mail-messages',
 		roles: ['admin'],
 	};
-	return Permissions.upsert(permission._id, {
-		$setOnInsert: permission,
-	});
+	return Permissions.create(permission._id, permission.roles);
 });

app/channel-settings/server/startup.js

@@ -3,7 +3,7 @@ import { Meteor } from 'meteor/meteor';
 import { Permissions } from '../../models';
 
 Meteor.startup(function() {
-	Permissions.upsert('post-readonly', { $setOnInsert: { roles: ['admin', 'owner', 'moderator'] } });
-	Permissions.upsert('set-readonly', { $setOnInsert: { roles: ['admin', 'owner'] } });
-	Permissions.upsert('set-react-when-readonly', { $setOnInsert: { roles: ['admin', 'owner'] } });
+	Permissions.create('post-readonly', ['admin', 'owner', 'moderator']);
+	Permissions.create('set-readonly', ['admin', 'owner']);
+	Permissions.create('set-react-when-readonly', ['admin', 'owner']);
 });

app/cloud/server/index.js

@@ -11,7 +11,7 @@ import { Permissions } from '../../models';
 import { settings } from '../../settings/server';
 
 if (Permissions) {
-	Permissions.createOrUpdate('manage-cloud', ['admin']);
+	Permissions.create('manage-cloud', ['admin']);
 }
 
 const licenseCronName = 'Cloud Workspace Sync';

app/custom-sounds/server/startup/permissions.js

@@ -4,6 +4,6 @@ import { Permissions } from '../../../models';
 
 Meteor.startup(() => {
 	if (Permissions) {
-		Permissions.createOrUpdate('manage-sounds', ['admin']);
+		Permissions.create('manage-sounds', ['admin']);
 	}
 });

app/discussion/server/permissions.js

@@ -10,8 +10,6 @@ Meteor.startup(() => {
 	];
 
 	for (const permission of permissions) {
-		if (!Permissions.findOneById(permission._id)) {
-			Permissions.upsert(permission._id, { $set: permission });
-		}
+		Permissions.create(permission._id, permission.roles);
 	}
 });

app/lib/server/functions/createDirectRoom.js

@@ -1,5 +1,5 @@
 import { Rooms, Subscriptions } from '../../../models/server';
-import { settings } from '../../../settings/lib/settings';
+import { settings } from '../../../settings/server';
 import { getDefaultSubscriptionPref } from '../../../utils/server';
 import { callbacks } from '../../../callbacks/server';
 

app/lib/server/startup/settings.js

@@ -2794,7 +2794,7 @@ settings.addGroup('Setup_Wizard', function() {
 			secret: true,
 		});
 
-		this.add('Cloud_Workspace_Access_Token_Expires_At', new Date(), {
+		this.add('Cloud_Workspace_Access_Token_Expires_At', new Date(0), {
 			type: 'date',
 			hidden: true,
 			readonly: true,

app/mail-messages/server/startup.js

@@ -3,10 +3,5 @@ import { Meteor } from 'meteor/meteor';
 import { Permissions } from '../../models';
 
 Meteor.startup(function() {
-	return Permissions.upsert('access-mailer', {
-		$setOnInsert: {
-			_id: 'access-mailer',
-			roles: ['admin'],
-		},
-	});
+	return Permissions.create('access-mailer', ['admin']);
 });

app/message-pin/server/settings.js

@@ -9,9 +9,5 @@ Meteor.startup(function() {
 		group: 'Message',
 		public: true,
 	});
-	return Permissions.upsert('pin-message', {
-		$setOnInsert: {
-			roles: ['owner', 'moderator', 'admin'],
-		},
-	});
+	return Permissions.create('pin-message', ['owner', 'moderator', 'admin']);
 });

app/message-snippet/server/startup/settings.js

@@ -9,9 +9,5 @@ Meteor.startup(function() {
 		public: true,
 		group: 'Message',
 	});
-	Permissions.upsert('snippet-message', {
-		$setOnInsert: {
-			roles: ['owner', 'moderator', 'admin'],
-		},
-	});
+	Permissions.create('snippet-message', ['owner', 'moderator', 'admin']);
 });

app/models/server/models/Permissions.js

@@ -15,15 +15,34 @@ export class Permissions extends Base {
 	}
 
 	createOrUpdate(name, roles) {
+		const exists = this.findOne({
+			_id: name,
+			roles,
+		}, { fields: { _id: 1 } });
+
+		if (exists) {
+			return exists._id;
+		}
+
+		this.upsert({ _id: name }, { $set: { roles } });
+	}
+
+	create(name, roles) {
+		const exists = this.findOneById(name, { fields: { _id: 1 } });
+
+		if (exists) {
+			return exists._id;
+		}
+
 		this.upsert({ _id: name }, { $set: { roles } });
 	}
 
 	addRole(permission, role) {
-		this.update({ _id: permission }, { $addToSet: { roles: role } });
+		this.update({ _id: permission, roles: { $ne: role } }, { $addToSet: { roles: role } });
 	}
 
 	removeRole(permission, role) {
-		this.update({ _id: permission }, { $pull: { roles: role } });
+		this.update({ _id: permission, roles: role }, { $pull: { roles: role } });
 	}
 }
 

app/models/server/models/Roles.js

@@ -29,21 +29,22 @@ export class Roles extends Base {
 		});
 	}
 
-	createOrUpdate(name, scope = 'Users', description, protectedRole, mandatory2fa) {
-		const updateData = {};
-		updateData.name = name;
-		updateData.scope = scope;
-
-		if (description != null) {
-			updateData.description = description;
-		}
+	createOrUpdate(name, scope = 'Users', description = '', protectedRole = true, mandatory2fa = false) {
+		const updateData = {
+			name,
+			scope,
+			description,
+			protected: protectedRole,
+			mandatory2fa,
+		};
 
-		if (protectedRole) {
-			updateData.protected = protectedRole;
-		}
+		const exists = this.findOne({
+			_id: name,
+			...updateData,
+		}, { fields: { _id: 1 } });
 
-		if (mandatory2fa != null) {
-			updateData.mandatory2fa = mandatory2fa;
+		if (exists) {
+			return exists._id;
 		}
 
 		this.upsert({ _id: name }, { $set: updateData });

app/settings/client/lib/settings.ts

@@ -0,0 +1,50 @@
+import { Meteor } from 'meteor/meteor';
+import { ReactiveDict } from 'meteor/reactive-dict';
+
+import { CachedCollection } from '../../../ui-cached-collection';
+import { SettingsBase, SettingValue } from '../../lib/settings';
+
+const cachedCollection = new CachedCollection({
+	name: 'public-settings',
+	eventType: 'onAll',
+	userRelated: false,
+	listenChangesForLoggedUsersOnly: true,
+});
+
+class Settings extends SettingsBase {
+	cachedCollection = cachedCollection
+
+	collection = cachedCollection.collection;
+
+	dict = new ReactiveDict<any>('settings');
+
+	get(_id: string): any {
+		return this.dict.get(_id);
+	}
+
+	init(): void {
+		let initialLoad = true;
+		this.collection.find().observe({
+			added: (record: {_id: string; value: SettingValue}) => {
+				Meteor.settings[record._id] = record.value;
+				this.dict.set(record._id, record.value);
+				this.load(record._id, record.value, initialLoad);
+			},
+			changed: (record: {_id: string; value: SettingValue}) => {
+				Meteor.settings[record._id] = record.value;
+				this.dict.set(record._id, record.value);
+				this.load(record._id, record.value, initialLoad);
+			},
+			removed: (record: {_id: string}) => {
+				delete Meteor.settings[record._id];
+				this.dict.set(record._id, null);
+				this.load(record._id, undefined, initialLoad);
+			},
+		});
+		initialLoad = false;
+	}
+}
+
+export const settings = new Settings();
+
+settings.init();

app/settings/index.js

@@ -1,8 +1,8 @@
 import { Meteor } from 'meteor/meteor';
 
 if (Meteor.isClient) {
-	module.exports = require('./client/index.js');
+	module.exports = require('./client/index.ts');
 }
 if (Meteor.isServer) {
-	module.exports = require('./server/index.js');
+	module.exports = require('./server/index.ts');
 }