[FIX] /groups.invite not allow a user to invite even with permission#11010
Conversation
Fix REST groups invite, that did not allow a user to invite even with permission
| const params = this.requestParams(); | ||
| if (canAddUserToAnyPrivateGroup) { | ||
| if (params.roomId && params.roomId.trim()) { | ||
| findResult = RocketChat.models.Subscriptions.findByRoomId(params.roomId).fetch()[0]; |
There was a problem hiding this comment.
Why not find the room directly? Looking for subscriptions will cause the code to fail on empty rooms.
| return this.findOne(query); | ||
| } | ||
|
|
||
| findOneByRoomName(roomName) { |
There was a problem hiding this comment.
If you use the room directly, this method won't be necessary.
ggazzo
left a comment
There was a problem hiding this comment.
I think the problem is here findPrivateGroupByIdOrName. if i'm not mistaken, we have the same problem for more endpoints, please check the functions that use findPrivateGroupByIdOrName and let me know if I made some confusion, but I think all these methods just works if you are joined in the room(even if you are an admin)...
|
@ggazzo Those methods don't work if you've not joined the room. |
Change from get by subscription to get by room directly in groups.invite REST endpoint
|
|
||
| Meteor.runAsUser(this.userId, () => { | ||
| Meteor.call('addUserToRoom', { rid: findResult.rid, username: user.username }); | ||
| Meteor.call('addUserToRoom', { rid: findResult._id, username: user.username }); |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Change the roomId variable in groups.invite REST
|
The current solution works perfectly. Can you check if there are more endpoints using the |
|
I think for this case you should just call the dpp method |
b7d56e1 to
db2b9d9
Compare
|
i have still exakt this problem, admin with permission "add-user-to-any-p-room" cant add users to private rooms where admin is not a member, what do i wrong? |
Closes #10639