Anonymous use

packages/rocketchat-authorization/client/hasPermission.js

@@ -6,6 +6,10 @@ function atLeastOne(permissions = [], scope) {
 		const roles = (permission && permission.roles) || [];
 
 		return roles.some((roleName) => {
+			if (roleName === 'anonymous' && !Meteor.userId()) {
+				return true;
+			}
+
 			const role = RocketChat.models.Roles.findOne(roleName);
 			const roleScope = role && role.scope;
 			const model = RocketChat.models[roleScope];
@@ -21,6 +25,10 @@ function all(permissions = [], scope) {
 		const roles = (permission && permission.roles) || [];
 
 		return roles.some((roleName) => {
+			if (roleName === 'anonymous' && !Meteor.userId()) {
+				return true;
+			}
+
 			const role = RocketChat.models.Roles.findOne(roleName);
 			const roleScope = role && role.scope;
 			const model = RocketChat.models[roleScope];
@@ -31,11 +39,6 @@ function all(permissions = [], scope) {
 }
 
 function hasPermission(permissions, scope, strategy) {
-	const userId = Meteor.userId();
-	if (!userId) {
-		return false;
-	}
-
 	if (!RocketChat.authz.cachedCollection.ready.get()) {
 		return false;
 	}

packages/rocketchat-authorization/client/lib/ChatPermissions.js

@@ -1,6 +1,8 @@
 RocketChat.authz.cachedCollection = new RocketChat.CachedCollection({
 	name: 'permissions',
-	eventType: 'onLogged'
+	eventType: 'onLogged',
+	userRelated: false
 });
+RocketChat.authz.cachedCollection.init();
 
 this.ChatPermissions = RocketChat.authz.cachedCollection.collection;

packages/rocketchat-authorization/server/functions/canAccessRoom.js

@@ -1,14 +1,14 @@
 /* globals RocketChat */
 RocketChat.authz.roomAccessValidators = [
-	function(room, user) {
+	function(room, user = {}) {
 		const subscription = RocketChat.models.Subscriptions.findOneByRoomIdAndUserId(room._id, user._id);
 		if (subscription) {
 			return subscription._room;
 		}
 	},
-	function(room, user) {
+	function(room, user = {}) {
 		if (room.t === 'c') {
-			return RocketChat.authz.hasPermission(user._id, 'view-c-room');
+			return RocketChat.authz.hasPermission(user._id, 'view-c-room') || RocketChat.authz.hasPermission(user._id, 'preview-c-room');
 		}
 	}
 ];

packages/rocketchat-authorization/server/functions/hasPermission.js

@@ -1,22 +1,24 @@
 function atLeastOne(userId, permissions = [], scope) {
 	return permissions.some((permissionId) => {
 		const permission = RocketChat.models.Permissions.findOne(permissionId);
+		if (!userId && permission.roles.includes('anonymous')) {
+			return true;
+		}
 		return RocketChat.models.Roles.isUserInRoles(userId, permission.roles, scope);
 	});
 }
 
 function all(userId, permissions = [], scope) {
 	return permissions.every((permissionId) => {
 		const permission = RocketChat.models.Permissions.findOne(permissionId);
+		if (!userId && permission.roles.includes('anonymous')) {
+			return true;
+		}
 		return RocketChat.models.Roles.isUserInRoles(userId, permission.roles, scope);
 	});
 }
 
 function hasPermission(userId, permissions, scope, strategy) {
-	if (!userId) {
-		return false;
-	}
-
 	permissions = [].concat(permissions);
 	return strategy(userId, permissions, scope);
 }

packages/rocketchat-authorization/server/startup.js

@@ -58,7 +58,7 @@ Meteor.startup(function() {
 		{ _id: 'view-room-administration',      roles : ['admin'] },
 		{ _id: 'view-statistics',               roles : ['admin'] },
 		{ _id: 'view-user-administration',      roles : ['admin'] },
-		{ _id: 'preview-c-room',                roles : ['admin', 'user'] }
+		{ _id: 'preview-c-room',                roles : ['admin', 'user', 'anonymous'] }
 	];
 
 	for (const permission of permissions) {
@@ -73,7 +73,8 @@ Meteor.startup(function() {
 		{ name: 'owner',     scope: 'Subscriptions', description: 'Owner' },
 		{ name: 'user',      scope: 'Users',         description: '' },
 		{ name: 'bot',       scope: 'Users',         description: '' },
-		{ name: 'guest',     scope: 'Users',         description: '' }
+		{ name: 'guest',     scope: 'Users',         description: '' },
+		{ name: 'anonymous', scope: 'Users',         description: 'Anonymous' }
 	];
 
 	for (const role of defaultRoles) {

packages/rocketchat-channel-settings/client/startup/tabBar.coffee

@@ -2,6 +2,7 @@ Meteor.startup ->
 	RocketChat.TabBar.addButton
 		groups: ['channel', 'group', 'direct']
 		id: 'channel-settings'
+		anonymous: true
 		i18nTitle: 'Room_Info'
 		icon: 'icon-info-circled'
 		template: 'channelSettings'

packages/rocketchat-lib/client/defaultTabBars.js

@@ -19,6 +19,7 @@ RocketChat.TabBar.addButton({
 RocketChat.TabBar.addButton({
 	groups: ['channel', 'group'],
 	id: 'members-list',
+	anonymous: true,
 	i18nTitle: 'Members_List',
 	icon: 'icon-users',
 	template: 'membersList',

packages/rocketchat-lib/client/lib/cachedCollection.js

@@ -165,7 +165,7 @@ class CachedCollection {
 		}
 
 		localforage.getItem(this.name, (error, data) => {
-			if (data && (data.version < this.version || data.token !== this.getToken())) {
+			if (data && (data.version < this.version || data.token !== this.getToken() || this.getToken() === undefined)) {
 				this.clearCache();
 				callback(false);
 				return;

packages/rocketchat-lib/client/lib/openRoom.coffee

@@ -10,7 +10,7 @@ currentTracker = undefined
 				return
 
 			user = Meteor.user()
-			unless user?.username
+			if not user?.username and !RocketChat.authz.hasAllPermission('preview-c-room')
 				return
 
 			currentTracker = undefined

packages/rocketchat-lib/server/methods/getRoomRoles.js

@@ -3,7 +3,7 @@ Meteor.methods({
 
 		check(rid, String);
 
-		if (!Meteor.userId()) {
+		if (!Meteor.userId() && !RocketChat.authz.hasPermission(undefined, 'preview-c-room')) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'getRoomRoles' });
 		}
 

packages/rocketchat-ui-flextab/flex-tab/flexTabBar.js

@@ -14,6 +14,10 @@ Template.flexTabBar.helpers({
 	},
 
 	visible() {
+		if (!Meteor.userId() && !this.anonymous) {
+			return 'hidden';
+		}
+
 		if (this.groups.indexOf(Template.instance().tabBar.currentGroup()) === -1) {
 			return 'hidden';
 		}

packages/rocketchat-ui-master/master/main.coffee

@@ -78,7 +78,7 @@ Template.main.helpers
 		return RocketChat.settings.get 'Site_Name'
 
 	logged: ->
-		if Meteor.userId()?
+		if Meteor.userId()? || RocketChat.authz.hasAllPermission('preview-c-room')
 			$('html').addClass("noscroll").removeClass("scroll")
 			return true
 		else
@@ -102,7 +102,7 @@ Template.main.helpers
 		return ready
 
 	hasUsername: ->
-		return Meteor.userId()? and Meteor.user().username?
+		return (Meteor.userId()? and Meteor.user().username?) || RocketChat.authz.hasAllPermission('preview-c-room')
 
 	requirePasswordChange: ->
 		return Meteor.user()?.requirePasswordChange is true

packages/rocketchat-ui-message/message/message.coffee

@@ -97,7 +97,7 @@ Template.message.helpers
 
 	reactions: ->
 		msgReactions = []
-		userUsername = Meteor.user().username
+		userUsername = Meteor.user()?.username
 
 		for emoji, reaction of @reactions
 			total = reaction.usernames.length

packages/rocketchat-ui/lib/RoomManager.coffee

@@ -80,8 +80,6 @@ Tracker.autorun ->
 			do (typeName, record) ->
 
 				user = Meteor.user()
-				unless user?.username
-					return
 
 				if record.ready is true
 					return
@@ -158,7 +156,7 @@ Tracker.autorun ->
 		if openedRooms[typeName].ready
 			closeOlderRooms()
 
-		if CachedChatSubscription.ready.get() is true && Meteor.userId()
+		if CachedChatSubscription.ready.get() is true
 
 			if openedRooms[typeName].active isnt true
 				openedRooms[typeName].active = true

packages/rocketchat-ui/lib/collections.coffee

@@ -14,3 +14,9 @@ RocketChat.models.Users = _.extend {}, RocketChat.models.Users, Meteor.users
 RocketChat.models.Subscriptions = _.extend {}, RocketChat.models.Subscriptions, @ChatSubscription
 RocketChat.models.Rooms = _.extend {}, RocketChat.models.Rooms, @ChatRoom
 RocketChat.models.Messages = _.extend {}, RocketChat.models.Messages, @ChatMessage
+
+Meteor.startup ->
+	Tracker.autorun ->
+		if !Meteor.userId() and RocketChat.authz.hasAllPermission('preview-c-room')
+			CachedChatRoom.ready.set(true)
+			CachedChatSubscription.ready.set(true)

server/methods/canAccessRoom.js

@@ -1,20 +1,30 @@
 Meteor.methods({
 	canAccessRoom(rid, userId) {
 		check(rid, String);
-		check(userId, String);
+		check(userId, Match.Maybe(String));
 
-		const user = RocketChat.models.Users.findOneById(userId, {
-			fields: {
-				username: 1
-			}
-		});
+		let user;
 
-		if (!user || !user.username) {
+		if (!userId && !RocketChat.authz.hasPermission(undefined, 'preview-c-room')) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
 				method: 'canAccessRoom'
 			});
 		}
 
+		if (userId) {
+			user = RocketChat.models.Users.findOneById(userId, {
+				fields: {
+					username: 1
+				}
+			});
+
+			if (!user || !user.username) {
+				throw new Meteor.Error('error-invalid-user', 'Invalid user', {
+					method: 'canAccessRoom'
+				});
+			}
+		}
+
 		if (!rid) {
 			throw new Meteor.Error('error-invalid-room', 'Invalid room', {
 				method: 'canAccessRoom'
@@ -24,7 +34,9 @@ Meteor.methods({
 		const room = RocketChat.models.Rooms.findOneById(rid);
 		if (room) {
 			if (RocketChat.authz.canAccessRoom.call(this, room, user)) {
-				room.username = user.username;
+				if (user) {
+					room.username = user.username;
+				}
 				return room;
 			}
 

server/methods/loadHistory.js

@@ -21,7 +21,7 @@ Meteor.methods({
 	loadHistory(rid, end, limit = 20, ls) {
 		check(rid, String);
 
-		if (!Meteor.userId()) {
+		if (!Meteor.userId() && !RocketChat.authz.hasAllPermission(undefined, 'preview-c-room')) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
 				method: 'loadHistory'
 			});

server/publications/room.js

@@ -54,7 +54,7 @@ Meteor.methods({
 	},
 
 	getRoomByTypeAndName(type, name) {
-		if (!Meteor.userId()) {
+		if (!Meteor.userId() && !RocketChat.authz.hasAllPermission(undefined, 'preview-c-room')) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'getRoomByTypeAndName' });
 		}