[FIX] /groups.invite not allow a user to invite even with permission #11010
Conversation
MarcosSpessatto
changed the title
| const params = this.requestParams(); | ||
| if (canAddUserToAnyPrivateGroup) { | ||
| if (params.roomId && params.roomId.trim()) { | ||
| findResult = RocketChat.models.Subscriptions.findByRoomId(params.roomId).fetch()[0]; |
There was a problem hiding this comment.
Why not find the room directly? Looking for subscriptions will cause the code to fail on empty rooms.
| @@ -54,6 +54,14 @@ class ModelSubscriptions extends RocketChat.models._Base { | |||
| return this.findOne(query); | |||
| } | |||
|
|
|||
| findOneByRoomName(roomName) { | |||
There was a problem hiding this comment.
If you use the room directly, this method won't be necessary.
There was a problem hiding this comment.
I think the problem is here findPrivateGroupByIdOrName. if i'm not mistaken, we have the same problem for more endpoints, please check the functions that use findPrivateGroupByIdOrName and let me know if I made some confusion, but I think all these methods just works if you are joined in the room(even if you are an admin)...
|
@ggazzo Those methods don't work if you've not joined the room. |
|
|
||
| const user = this.getUserFromParams(); | ||
|
|
||
| Meteor.runAsUser(this.userId, () => { | ||
| Meteor.call('addUserToRoom', { rid: findResult.rid, username: user.username }); | ||
| Meteor.call('addUserToRoom', { rid: findResult._id, username: user.username }); |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
|
The current solution works perfectly. Can you check if there are more endpoints using the |
|
I think for this case you should just call the dpp method |
ggazzo
force-pushed
the
fix-rest-groups-invite
branch
from
b7d56e1 to
db2b9d9
Compare
ggazzo
changed the title
|
i have still exakt this problem, admin with permission "add-user-to-any-p-room" cant add users to private rooms where admin is not a member, what do i wrong? |
Closes #10639