Allow maintenance of per-setting permissions - first draft, not beaut…

…ified yet

package.json

@@ -60,7 +60,9 @@
 		"chat"
 	],
 	"scripts": {
-		"start": "meteor npm i && meteor",
+		"start": "meteor npm i && meteor run",
+		"debug": "meteor run --inspect",
+		"debug-brk": "meteor run --inspect-brk",
 		"lint": "eslint .",
 		"lint-fix": "eslint . --fix",
 		"stylelint": "stylelint packages/**/*.css",

packages/rocketchat-authorization/client/lib/SettingPermissions.js

@@ -0,0 +1,8 @@
+RocketChat.authz.settingCachedCollectiong = new RocketChat.CachedCollection({
+	name: 'setting-permissions',
+	eventType: 'onLogged',
+	userRelated: false
+});
+RocketChat.authz.settingCachedCollectiong.init();
+
+this.SettingPermissions = RocketChat.authz.settingCachedCollectiong.collection;

packages/rocketchat-authorization/client/views/permissions.html

@@ -1,34 +1,46 @@
+<template name="permissionsTable">
+	<table border="1" class="permission-grid secondary-background-color">
+		<thead class="content-background-color">
+		<tr>
+			<th class="border-component-color">&nbsp;</th>
+			{{#each role in allRoles}}
+				<th class="border-component-color" title="{{role.description}}">
+					<a href="{{pathFor "admin-permissions-edit" name=role._id}}">
+						{{role._id}}
+						<i class="icon-edit"></i>
+					</a>
+				</th>
+			{{/each}}
+		</tr>
+		</thead>
+		<tbody>
+		{{#each permission in permissions}}
+			<tr class="admin-table-row">
+				<td class="permission-name border-component-color" title="{{permissionDescription permission}}">{{permissionName permission}}<br>[{{permission._id}}]
+				</td>
+				{{#each role in allRoles}}
+					<td class="border-component-color">
+						<input type="checkbox" name="perm[{{_id}}][{{../_id}}]" class="role-permission"
+							   value="1" checked="{{granted permission.roles role}}" data-role="{{role._id}}"
+							   data-permission="{{permission._id}}">
+					</td>
+				{{/each}}
+			</tr>
+		{{/each}}
+		</tbody>
+	</table>
+</template>
 <template name="permissions">
 	<div class="permissions-manager">
 		{{#if hasPermission}}
 			<a href="{{pathFor "admin-permissions-new"}}" class="button primary new-role">{{_ "New_role"}}</a>
-			<table border="1" class="permission-grid secondary-background-color">
-				<thead class="content-background-color">
-					<tr>
-						<th class="border-component-color">&nbsp;</th>
-						{{#each role}}
-							<th class="border-component-color" title="{{description}}">
-								<a href="{{pathFor "admin-permissions-edit" name=_id}}">
-									{{_id}}
-									<i class="icon-edit"></i>
-								</a>
-							</th>
-						{{/each}}
-					</tr>
-				</thead>
-				<tbody>
-					{{#each permission}}
-						<tr class="admin-table-row">
-							<td class="permission-name border-component-color" title="{{_ permissionDescription}}">{{_ permissionName}}<br>[{{_id}}]</td>
-							{{#each role}}
-								<td class="border-component-color">
-									<input type="checkbox" name="perm[{{_id}}][{{../_id}}]" class="role-permission" value="1" checked="{{granted ../roles}}" data-role="{{_id}}" data-permission="{{../_id}}">
-								</td>
-							{{/each}}
-						</tr>
-					{{/each}}
-				</tbody>
-			</table>
+			{{> permissionsTable permissions=permissions allRoles=roles}}
+			{{#if settingPermissionExpanded}}
+				<div class="js-toggle-setting-permissions">{{_ "setting-permissions-collapse"}}</div>
+				{{> permissionsTable permissions=settingPermissions allRoles=roles}}
+			{{else}}
+				<div class="js-toggle-setting-permissions">{{_ "setting-permissions-expand"}}</div>
+			{{/if}}
 		{{else}}
 			{{_ "Not_authorized"}}
 		{{/if}}

packages/rocketchat-authorization/client/views/permissions.js

@@ -1,66 +1,91 @@
-/* globals ChatPermissions */
-
+/* globals ChatPermissions, SettingPermissions */
 Template.permissions.helpers({
-	role() {
+	roles() {
 		return Template.instance().roles.get();
 	},
 
-	permission() {
+	permissions() {
 		return ChatPermissions.find({}, {
 			sort: {
 				_id: 1
 			}
 		});
 	},
 
-	granted(roles) {
+	settingPermissions() {
+		return SettingPermissions.find({}, {
+			sort: {
+				_id: 1
+			}
+		});
+	},
+
+	hasPermission() {
+		return RocketChat.authz.hasAllPermission('access-permissions');
+	},
+
+	settingPermissionExpanded() {
+		return Template.instance().settingPermissionsExpanded.get();
+	}
+});
+
+Template.permissions.events({
+	'click .js-toggle-setting-permissions'(event, instance) {
+		instance.settingPermissionsExpanded.set(!instance.settingPermissionsExpanded.get());
+	}
+});
+
+Template.permissions.onCreated(function() {
+	this.settingPermissionsExpanded = new ReactiveVar(false);
+	this.roles = new ReactiveVar([]);
+
+	Tracker.autorun(() => {
+		this.roles.set(RocketChat.models.Roles.find().fetch());
+	});
+});
+
+Template.permissionsTable.helpers({
+	granted(roles, role) {
 		if (roles) {
-			if (roles.indexOf(this._id) !== -1) {
+			if (roles.indexOf(role._id) !== -1) {
 				return 'checked';
 			}
 		}
 	},
 
-	permissionName() {
-		return `${ this._id }`;
-	},
-
-	permissionDescription() {
-		return `${ this._id }_description`;
+	permissionName(permission) {
+		return t(permission._id);
 	},
 
-	hasPermission() {
-		return RocketChat.authz.hasAllPermission('access-permissions');
+	permissionDescription(permission) {
+		return t(`${ permission._id }_description`);
 	}
 });
 
-Template.permissions.events({
+Template.permissionsTable.events({
 	'click .role-permission'(e, instance) {
 		const permission = e.currentTarget.getAttribute('data-permission');
 		const role = e.currentTarget.getAttribute('data-role');
 
-		if (instance.permissionByRole[permission].indexOf(role) === -1) {
+		if (!instance.permissionByRole[permission] // the permissino has this role not assigned at all (undefined)
+			|| instance.permissionByRole[permission].indexOf(role) === -1) {
 			return Meteor.call('authorization:addPermissionToRole', permission, role);
 		} else {
 			return Meteor.call('authorization:removeRoleFromPermission', permission, role);
 		}
 	}
 });
 
-Template.permissions.onCreated(function() {
-	this.roles = new ReactiveVar([]);
+
+Template.permissionsTable.onCreated(function() {
 	this.permissionByRole = {};
 	this.actions = {
 		added: {},
 		removed: {}
 	};
 
 	Tracker.autorun(() => {
-		this.roles.set(RocketChat.models.Roles.find().fetch());
-	});
-
-	Tracker.autorun(() => {
-		ChatPermissions.find().observeChanges({
+		const observer = {
 			added: (id, fields) => {
 				this.permissionByRole[id] = fields.roles;
 			},
@@ -70,6 +95,8 @@ Template.permissions.onCreated(function() {
 			removed: (id) => {
 				delete this.permissionByRole[id];
 			}
-		});
+		};
+		ChatPermissions.find().observeChanges(observer);
+		SettingPermissions.find().observeChanges(observer);
 	});
 });

packages/rocketchat-authorization/lib/rocketchat.js

@@ -1 +1,5 @@
 RocketChat.authz = {};
+
+export const permissionLevel = {
+	SETTING: 'setting'
+};

packages/rocketchat-authorization/package.js

@@ -21,6 +21,7 @@ Package.onUse(function(api) {
 	api.addFiles('lib/rocketchat.js', ['server', 'client']);
 
 	api.addFiles('client/lib/ChatPermissions.js', ['client']);
+	api.addFiles('client/lib/SettingPermissions.js', ['client']);
 	api.addFiles('client/lib/models/Roles.js', ['client']);
 	api.addFiles('client/lib/models/Users.js', ['client']);
 	api.addFiles('client/lib/models/Subscriptions.js', ['client']);

packages/rocketchat-authorization/server/publications/permissions.js

@@ -1,8 +1,26 @@
+import {permissionLevel} from '../../lib/rocketchat';
+
 Meteor.methods({
 	'permissions/get'(updatedAt) {
 		this.unblock();
 
-		const records = RocketChat.models.Permissions.find().fetch();
+		const records = RocketChat.models.Permissions.find({level: {$ne: permissionLevel.SETTING}}).fetch();
+
+		if (updatedAt instanceof Date) {
+			return {
+				update: records.filter((record) => {
+					return record._updatedAt > updatedAt;
+				}),
+				remove: RocketChat.models.Permissions.trashFindDeletedAfter(updatedAt, {}, {fields: {_id: 1, _deletedAt: 1}}).fetch()
+			};
+		}
+
+		return records;
+	},
+	'setting-permissions/get'(updatedAt) {
+		this.unblock();
+
+		const records = RocketChat.models.Permissions.find({level: permissionLevel.SETTING}).fetch();
 
 		if (updatedAt instanceof Date) {
 			return {
@@ -21,3 +39,4 @@ Meteor.methods({
 RocketChat.models.Permissions.on('changed', (type, permission) => {
 	RocketChat.Notifications.notifyLoggedInThisInstance('permissions-changed', type, permission);
 });
+