[FIX] mention-links not being always resolved#11745
[FIX] mention-links not being always resolved#11745ggazzo merged 12 commits intoRocketChat:developfrom
Conversation
- If a mention of a channel refers to a non-public channel, the link was calculated wrongly (hard-coded to /channel/... ) - If a target room mentioned was renamed, the link was not adapted. This can now be resolved by passing the room's id
| } | ||
|
|
||
| if (room.t !== 'c' || RocketChat.authz.hasPermission(Meteor.userId(), 'view-c-room') !== true) { | ||
| if (RocketChat.authz.hasPermission(Meteor.userId(), `view-${ room.t }-room`) !== true) { |
There was a problem hiding this comment.
you cannot do this. the previous check works because everyone can access a public channel. but the same doesn't apply for private groups.
There was a problem hiding this comment.
not everyone has the right to access public channels, only those with the proper view-c permission.
The change will still work for public channels, but in addition return Ids of non-public-channels - if the user has permission to view them.
Is there a reason why a user should be allowed to get the Ids of channels for which he’s not authorized if he’s authorized to see public channels? 🧐
There was a problem hiding this comment.
I don't think I have totally understood your question 😅
but so far we do not show to users a list of private channels/groups, people also cannot "guess" a private group's name, we don't tell them if that group exists or not.. if someone tries to guess a private group name from the URL, he receives a message like "No private group with name "channel-name" was found!"
So we need to be consistent here and not give them the private group's _id
There was a problem hiding this comment.
I'd like to flag I also have a pending PR for related behaviour. #11703
@sampaiodiego Would be great if you can look at that to find a solution in balance with this one.
The changes to the getRoomIdByNameOrId method knocked out a bunch of people's bots, because the bot can no longer get the ID for a private room, even when the bot is in the room.
See #11552
|
@sampaiodiego I have seen you merged tim's proposal. I merged |
|
@sampaiodiego this is really a pity: |
|
wow, I'm sry. I have completely lost track of this. I'm afraid I'm not seeing value in this, like: renamed rooms will sill have broken links and private groups doesn't have links, so ... what about we fix those issues? start linking to joined private groups and updating links on room names? |
|
@sampaiodiego ah! I seem to have forgot the part with the channel mention being stored with its Sent with GitHawk |
|
@sampaiodiego I now added the way the mention links are being created. And I changed the behavior of Sent with GitHawk |
|
@sampaiodiego Can this please be escalated, as it currently blocks #11803 ? Thanks. |
|
@mrsimpson Can you, please, merge |
|
@ggazzo bringing this to your attention: If you want to have a stable navigation between the parent channel and thread, there needs to be some enhancement. Shamelessly assigned yourself since you're most likely taking care of this anyway ;) |
…1745-mrsimpson-core/fix-channel-mentions
5 participants
This fixes an issue when navigating to a private thread