Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow granting the mobile-upload-file permission to guests #34191

Open
wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

feat: Allow granting the mobile-upload-file permission to guests #34191

wants to merge 10 commits into from
+144 −4

Conversation

matheusbsilva137
Copy link
Member

@matheusbsilva137 matheusbsilva137 commented Dec 16, 2024
edited
Loading

Proposed changes (including videos or screenshots)

  • Allow granting the mobile-upload-file permission to the guest role (but not make it the default behavior)

Issue(s)

Steps to test or reproduce

Use the authorization:addPermissionToRole Meteor method to check that the mobile-upload-file permission can now be granted to the guest role. Example (cURL) request:

curl --request POST \
  --url http://localhost:3000/api/v1/method.call/authorization%3AaddPermissionToRole \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Token: jVrwkAmobgfne3aEdL-dJh-znNXMkhg79pEAZS2rEIg' \
  --header 'X-User-Id: rMq9ovRmZabXHW4Do' \
  --data '{"message":"{\"msg\":\"method\",\"id\":\"16\",\"method\":\"authorization:addPermissionToRole\",\"params\":[\"mobile-upload-file\",\"guest\"]}"}'

This Meteor method should return an error (Permission is restricted [error-action-not-allowed]) in case an invalid permission is provided (e.g. a permission that can't be granted to the guest role -- any permission that isn't in this list: view-d-room, view-joined-room, view-p-room, start-discussion, mobile-upload-file).

Use the authorization:removeRoleFromPermission Meteor method to check that the mobile-upload-file permission can also be removed from the guest role. Example (cURL) request:

curl --request POST \
  --url http://localhost:3000/api/v1/method.call/authorization%3AremoveRoleFromPermission \
  --header 'Content-Type: application/json' \
  --header 'X-Auth-Token: jVrwkAmobgfne3aEdL-dJh-znNXMkhg79pEAZS2rEIg' \
  --header 'X-User-Id: rMq9ovRmZabXHW4Do' \
  --data '{"message":"{\"msg\":\"method\",\"id\":\"16\",\"method\":\"authorization:addPermissionToRole\",\"params\":[\"mobile-upload-file\",\"guest\"]}"}'

Further comments

CORE-837

@matheusbsilva137 matheusbsilva137 added this to the 7.2.0 milestone Dec 16, 2024
@dionisio-bot dionisio-bot
Copy link
Contributor

dionisio-bot bot commented Dec 16, 2024
edited
Loading

Looks like this PR is not ready to merge, because of the following issues:

  • This PR is missing the 'stat: QA assured' label
  • This PR is targeting the wrong base branch. It should target 7.3.0, but it targets 7.2.0

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Dec 16, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 4fe4ee0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 35 packages
Name Type
@rocket.chat/meteor Minor
@rocket.chat/core-typings Minor
@rocket.chat/rest-typings Minor
@rocket.chat/uikit-playground Patch
@rocket.chat/api-client Patch
@rocket.chat/apps Patch
@rocket.chat/core-services Patch
@rocket.chat/cron Patch
@rocket.chat/ddp-client Patch
@rocket.chat/freeswitch Patch
@rocket.chat/fuselage-ui-kit Major
@rocket.chat/gazzodown Major
@rocket.chat/livechat Patch
@rocket.chat/model-typings Patch
@rocket.chat/ui-contexts Major
@rocket.chat/account-service Patch
@rocket.chat/authorization-service Patch
@rocket.chat/ddp-streamer Patch
@rocket.chat/omnichannel-transcript Patch
@rocket.chat/presence-service Patch
@rocket.chat/queue-worker Patch
@rocket.chat/stream-hub-service Patch
@rocket.chat/license Patch
@rocket.chat/omnichannel-services Patch
@rocket.chat/pdf-worker Patch
@rocket.chat/presence Patch
rocketchat-services Patch
@rocket.chat/network-broker Patch
@rocket.chat/models Patch
@rocket.chat/ui-avatar Major
@rocket.chat/ui-client Major
@rocket.chat/ui-video-conf Major
@rocket.chat/ui-voip Major
@rocket.chat/web-ui-registration Major
@rocket.chat/instance-status Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 16, 2024
edited
Loading

PR Preview Action v1.4.8
🚀 Deployed preview to https://RocketChat.github.io/Rocket.Chat/pr-preview/pr-34191/
on branch gh-pages at 2024-12-26 23:37 UTC

@codecov Codecov
Copy link

codecov bot commented Dec 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 75.32%. Comparing base (47f24c2) to head (84cf7bd).
Report is 64 commits behind head on develop.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           develop   #34191      +/-   ##
===========================================
- Coverage    75.79%   75.32%   -0.48%     
===========================================
  Files          511      516       +5     
  Lines        22132    22528     +396     
  Branches      5394     5483      +89     
===========================================
+ Hits         16775    16969     +194     
- Misses        4709     4899     +190     
- Partials       648      660      +12
Flag Coverage Δ
unit 75.32% <ø> (-0.48%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@scuciatto scuciatto modified the milestones: 7.2.0, 7.3.0 Dec 20, 2024
matheusbsilva137
matheusbsilva137 commented Dec 27, 2024
View reviewed changes
apps/meteor/app/authorization/server/methods/addPermissionToRole.ts
Comment on lines +19 to +21
if (role === 'guest' && !AuthorizationUtils.hasRestrictionsToRole(role) && (await License.hasValidLicense())) {
AuthorizationUtils.addRolePermissionWhiteList(role, await License.getGuestPermissions());
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For some reason EE tests were failing on CI because we didn't have any restrictions stored for the guest role (which didn't happen locally) 🤷‍♂️ so I went through all of the places where we populate such restrictions and couldn't find anything off, please tell me if you do
So I decided to reinforce these restrictions in the endpoint/method itself (which I believe is harmless) and create another task to identify what could be causing this issue later

@matheusbsilva137 matheusbsilva137 marked this pull request as ready for review December 27, 2024 01:59
@matheusbsilva137 matheusbsilva137 requested a review from a team as a code owner December 27, 2024 01:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
7.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@matheusbsilva137 @scuciatto