Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] Validate room access #24534

Merged
merged 32 commits into from
Jul 1, 2022
Merged

[FIX] Validate room access #24534

merged 32 commits into from
Jul 1, 2022

Conversation

albuquerquefabio
Copy link
Contributor

@albuquerquefabio albuquerquefabio commented Feb 17, 2022
edited
Loading

Proposed changes (including videos or screenshots)

The request must be blocked If the user has no permission to view rooms.

Issue(s)

You can access Direct Rooms even if "View Direct Room" permissions are disabled.
You can access Public Rooms even if "View Public Room" permissions are disabled.
You can access Private Rooms even if "View Private Room" permissions are disabled.
You can access Omnichannel Rooms even if "View Omnichannel Room" permissions are disabled.

Steps to test or reproduce

Further comments

@albuquerquefabio albuquerquefabio changed the title Validate direct room access Fix: Validate direct room access Feb 17, 2022
@albuquerquefabio albuquerquefabio changed the title Fix: Validate direct room access [FIX] Validate direct room access Feb 17, 2022
@albuquerquefabio albuquerquefabio changed the title [FIX] Validate direct room access [FIX] Validate room access Feb 21, 2022
@github-actions github-actions bot added the stat: ready to merge PR tested and approved waiting for merge label Jun 21, 2022
@casalsgh casalsgh added this to the 5.0.0 milestone Jun 21, 2022
pierre-lehnen-rc
pierre-lehnen-rc requested changes Jun 22, 2022
View reviewed changes
apps/meteor/client/lib/rooms/roomTypes/livechat.ts Outdated Show resolved Hide resolved
apps/meteor/client/lib/rooms/roomTypes/private.ts Outdated Show resolved Hide resolved
apps/meteor/client/lib/rooms/roomTypes/public.ts Outdated Show resolved Hide resolved
apps/meteor/client/lib/rooms/roomTypes/voip.ts Outdated Show resolved Hide resolved
apps/meteor/server/services/authorization/canAccessRoom.ts Outdated Show resolved Hide resolved
@kodiakhq kodiakhq bot removed the stat: ready to merge PR tested and approved waiting for merge label Jun 22, 2022
@kodiakhq
Copy link
Contributor

kodiakhq bot commented Jun 22, 2022

This PR currently has a merge conflict. Please resolve this and then re-add the ['stat: ready to merge', 'automerge'] label.

@github-actions github-actions bot added the stat: ready to merge PR tested and approved waiting for merge label Jun 24, 2022
@lgtm-com
Copy link

lgtm-com bot commented Jun 24, 2022

This pull request introduces 2 alerts when merging 0d5cca0 into d9ffbd6 - view on LGTM.com

new alerts:

  • 2 for Unused variable, import, function or class

@albuquerquefabio albuquerquefabio added stat: ready to merge PR tested and approved waiting for merge stat: needs QA and removed stat: ready to merge PR tested and approved waiting for merge stat: QA skipped labels Jun 29, 2022
@ggazzo ggazzo added stat: ready to merge PR tested and approved waiting for merge and removed stat: needs QA labels Jul 1, 2022
@kodiakhq kodiakhq bot merged commit 26c310c into develop Jul 1, 2022
@kodiakhq kodiakhq bot deleted the fix/validate-direct-room-access branch July 1, 2022 18:14
gabriellsh added a commit that referenced this pull request Jul 4, 2022
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into scroll
61c0b6d 
* 'develop' of github.com:RocketChat/Rocket.Chat: (29 commits)
  Chore: move fork of cas module to the monorepo (#26107)
  Chore: Add Agenda fork to the monorepo (#25681)
  Chore: Bump deps (#25624)
  [NEW][ENTERPRISE] Device Management (#25791)
  Chore: `refactor/tsc-perf` (#26040)
  [BREAK] Upgrade to version 5.0 can be done only from version 4.x (#26100)
  [BREAK] Remove support to old MongoDB versions (#26098)
  [NEW] Matrix Federation UX improvements (#25847)
  Regression: en.i18n.json spaces
  [NEW][ENTERPRISE] Introducing dial pad component into sidebar, calls table, contextual bar (#26081)
  Chore: Settings UI issue (#26053)
  Chore: Adding default message parser template (#26064)
  Regression: [VideoConference] If the caller loses connection, direct calls are never canceled (#26099)
  Chore: Handle errors on index creation (#26094)
  Chore: fix watermark condition (#26095)
  [FIX] Validate room access (#24534)
  [BREAK] VideoConference (#25570)
  [FIX] Undefined headers on API Client (#26083)
  Regression: Add Error boundary to katex render component (#26067)
  Chore: Allow endpoints to optionally require authentication (#26084)
  ...
@murtaza98 murtaza98 mentioned this pull request Jul 21, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pierre-lehnen-rc pierre-lehnen-rc pierre-lehnen-rc approved these changes

@sampaiodiego sampaiodiego sampaiodiego approved these changes

@ggazzo ggazzo ggazzo approved these changes

@matheusbsilva137 matheusbsilva137 matheusbsilva137 left review comments

Assignees
No one assigned
Labels
feat: data-protection stat: QA skipped stat: ready to merge PR tested and approved waiting for merge
Projects
None yet
Milestone
5.0.0
Development

Successfully merging this pull request may close these issues.
8 participants
@albuquerquefabio @ggazzo @sampaiodiego @matheusbsilva137 @pierre-lehnen-rc @KevLehman @casalsgh @yash-rajpal