fix: Moderators with Bypass Time limits permission cannot edit messages
#32376
Conversation
|
Looks like this PR is not ready to merge, because of the following issues:
Please fix the issues and try again If you have any trouble, please check the PR guidelines |
🦋 Changeset detectedLatest commit: 9864dd6 The changes in this PR will be included in the next version bump. This PR includes changesets to release 32 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Note: the bypass actions are minimum 1min, so i decided to not to add UI tests on this one. If you know a way i can do them, lmk 😄 |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #32376 +/- ##
===========================================
+ Coverage 55.55% 55.58% +0.03%
===========================================
Files 2406 2403 -3
Lines 52882 52898 +16
Branches 10861 10866 +5
===========================================
+ Hits 29376 29404 +28
+ Misses 20900 20892 -8
+ Partials 2606 2602 -4
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
We have more usage of this permission check, can we verify if the same fix needs to be applicable for the other cases?
https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/client/methods/updateMessage.ts#L53
https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/client/views/room/contextualBar/RoomFiles/hooks/useMessageDeletionIsAllowed.ts#L12
We also have the same check on the server side.
https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/app/authorization/server/functions/canDeleteMessage.ts#L37
https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/app/lib/server/methods/updateMessage.ts#L56
Shouldn't this be fixed there as well?
Finally, can we add some UI tests to ensure this behavior? And the same for API if there are no tests yet?
|
Hey, fixed the other places, thanks 🤗 i didn't notice we had that much usages of this permission. On the tests part, i placed a comment just before yours 😬 about testability. Basically, for "testing" that the feature works, the minimum time allowed for this setting is 1min, and honestly I don't want to "wait" for one minute on the CI for testing this. Was thinking on some Units, but since none of the files have Units, if we go this way, I'd prefer to have them as a separate task, wdyt? |
Proposed changes (including videos or screenshots)
Issue(s)
https://rocketchat.atlassian.net/browse/SUP-552
Steps to test or reproduce
Further comments
Fixes a problem with how the permission was being checked on the UI. Since
Moderatoris a role scoped to subscriptions, the call tohasPermissionshould have had thescope(which for a subscription, is the room).Since this value was not being provided, it returned always false