Regression: Do not allow non-owners edit rooms or add/remove users on federated rooms #26263
Conversation
MarcosSpessatto
changed the title
sampaiodiego
left a comment
sampaiodiego
left a comment
There was a problem hiding this comment.
I added some comments, but I was thinking about the root cause of the issue.. maybe I need an explanation what the issue is 😬
because in theory only the room owner or an admin will have the permission to edit a room already.. maybe in case of a federated room there will be no subscription (do they have subscriptions?), so the owner check would fail, but for admin it not fail.. 🤔
apps/meteor/client/views/room/hooks/useUserInfoActions/actions/useRemoveUserAction.tsx
Outdated
Show resolved
Hide resolved
apps/meteor/client/views/room/contextualBar/Info/RoomInfo/RoomInfoWithData.js
Outdated
Show resolved
Hide resolved
apps/meteor/client/views/room/contextualBar/Info/RoomInfo/RoomInfoWithData.js
Outdated
Show resolved
Hide resolved
Good point, so the first answer is: yes, they do have subscriptions, it's at the end of the day, a regular rocket.chat room, there's even no specific type to describe it, it's using the same as we use today (p, c, d, etc). Also, in the case of the federated rooms, even the admins should now be able to edit that, I mean, for now, until we do not support any kind of permission/role from the Matrix side, we must allow only and only the owner to edit the things. |
MarcosSpessatto
deleted the
regression/federation-disallow-edit-if-no-owner
branch
… federated rooms (#26263) * fix: do not allow non-owners edit or add users on federated rooms * fix: do not allow non-owners to remove users from federated rooms * fix: apply suggestion from review
… federated rooms (#26263) * fix: do not allow non-owners edit or add users on federated rooms * fix: do not allow non-owners to remove users from federated rooms * fix: apply suggestion from review
4 participants
Proposed changes (including videos or screenshots)
Issue(s)
Steps to test or reproduce
Further comments