diff --git a/app/api/server/v1/channels.js b/app/api/server/v1/channels.js index 4ac353773690c..ac01010839101 100644 --- a/app/api/server/v1/channels.js +++ b/app/api/server/v1/channels.js @@ -18,12 +18,7 @@ function findChannelByIdOrName({ params, checkedArchived = true, userId }) { const fields = { ...API.v1.defaultFieldsToExclude }; - let room; - if (params.roomId) { - room = Rooms.findOneById(params.roomId, { fields }); - } else if (params.roomName) { - room = Rooms.findOneByName(params.roomName, { fields }); - } + const room = Rooms.findOneByIdOrName(params.roomId || params.roomName, { fields }); if (!room || (room.t !== 'c' && room.t !== 'l')) { throw new Meteor.Error('error-room-not-found', 'The required "roomId" or "roomName" param provided does not match any channel'); @@ -338,17 +333,7 @@ API.v1.addRoute('channels.history', { authRequired: true }, { get() { const findResult = findChannelByIdOrName({ params: this.requestParams(), checkedArchived: false }); - let latestDate; - if (this.queryParams.latest) { - latestDate = new Date(this.queryParams.latest); - } - - let oldestDate; - if (this.queryParams.oldest) { - oldestDate = new Date(this.queryParams.oldest); - } - - const inclusive = this.queryParams.inclusive || false; + const { oldest, latest, inclusive, unreads } = this.queryParams; let count = 20; if (this.queryParams.count) { @@ -360,18 +345,21 @@ API.v1.addRoute('channels.history', { authRequired: true }, { offset = parseInt(this.queryParams.offset); } - const unreads = this.queryParams.unreads || false; + const excludeTypes = findResult.sysMes || []; + + console.log(excludeTypes); let result; Meteor.runAsUser(this.userId, () => { result = Meteor.call('getChannelHistory', { rid: findResult._id, - latest: latestDate, - oldest: oldestDate, + latest, + oldest, inclusive, offset, count, unreads, + excludeTypes, }); }); diff --git a/app/api/server/v1/chat.js b/app/api/server/v1/chat.js index 52bb679846ef9..7224c0a8e0ee7 100644 --- a/app/api/server/v1/chat.js +++ b/app/api/server/v1/chat.js @@ -129,6 +129,12 @@ API.v1.addRoute('chat.pinMessage', { authRequired: true }, { API.v1.addRoute('chat.postMessage', { authRequired: true }, { post() { + const { alias, avatar } = this.bodyParams; + + if ((alias || avatar) && !hasPermission(this.userId, 'message-impersonate')) { + return API.v1.failure('Unauthorized. You must have the permission "message-impersonate" to use custom alias and avatar.'); + } + const messageReturn = processWebhookMessage(this.bodyParams, this.user)[0]; if (!messageReturn) { @@ -176,6 +182,12 @@ API.v1.addRoute('chat.sendMessage', { authRequired: true }, { throw new Meteor.Error('error-invalid-params', 'The "message" parameter must be provided.'); } + const { alias, avatar } = this.bodyParams; + + if ((alias || avatar) && !hasPermission('message-impersonate')) { + return API.v1.failure('Unauthorized. You must have the permission "message-impersonate" to use custom alias and avatar.'); + } + const sent = executeSendMessage(this.userId, this.bodyParams.message); const [message] = normalizeMessagesForUser([sent], this.userId); diff --git a/app/api/server/v1/groups.js b/app/api/server/v1/groups.js index 9d2c4e5a8f92f..0b9510979658d 100644 --- a/app/api/server/v1/groups.js +++ b/app/api/server/v1/groups.js @@ -328,17 +328,7 @@ API.v1.addRoute('groups.history', { authRequired: true }, { get() { const findResult = findPrivateGroupByIdOrName({ params: this.requestParams(), userId: this.userId, checkedArchived: false }); - let latestDate = new Date(); - if (this.queryParams.latest) { - latestDate = new Date(this.queryParams.latest); - } - - let oldestDate = undefined; - if (this.queryParams.oldest) { - oldestDate = new Date(this.queryParams.oldest); - } - - const inclusive = this.queryParams.inclusive || false; + const { oldest, latest, inclusive, unreads } = this.queryParams; let count = 20; if (this.queryParams.count) { @@ -350,11 +340,20 @@ API.v1.addRoute('groups.history', { authRequired: true }, { offset = parseInt(this.queryParams.offset); } - const unreads = this.queryParams.unreads || false; + const excludeTypes = findResult.sysMes || []; let result; Meteor.runAsUser(this.userId, () => { - result = Meteor.call('getChannelHistory', { rid: findResult.rid, latest: latestDate, oldest: oldestDate, inclusive, offset, count, unreads }); + result = Meteor.call('getChannelHistory', { + rid: findResult.rid, + latest, + oldest, + inclusive, + offset, + count, + unreads, + excludeTypes, + }); }); if (!result) { diff --git a/app/api/server/v1/invites.js b/app/api/server/v1/invites.js index 9409458e3093a..49fccbcfb0cca 100644 --- a/app/api/server/v1/invites.js +++ b/app/api/server/v1/invites.js @@ -46,7 +46,7 @@ API.v1.addRoute('validateInviteToken', { authRequired: false }, { post() { const { token } = this.bodyParams; - if (!token) { + if (!token || typeof token !== 'string') { throw new Meteor.Error('error-invalid-token', 'The invite token is invalid.', { method: 'validateInviteToken', field: 'token' }); } diff --git a/app/authorization/server/startup.js b/app/authorization/server/startup.js index 7d5efbdca1679..76cea6a8a396a 100644 --- a/app/authorization/server/startup.js +++ b/app/authorization/server/startup.js @@ -63,6 +63,7 @@ Meteor.startup(function() { { _id: 'manage-selected-settings', roles: ['admin'] }, { _id: 'mention-all', roles: ['admin', 'owner', 'moderator', 'user'] }, { _id: 'mention-here', roles: ['admin', 'owner', 'moderator', 'user'] }, + { _id: 'message-impersonate', roles: ['bot'] }, { _id: 'mute-user', roles: ['admin', 'owner', 'moderator'] }, { _id: 'remove-user', roles: ['admin', 'owner', 'moderator'] }, { _id: 'run-import', roles: ['admin'] }, diff --git a/app/lib/server/methods/getChannelHistory.js b/app/lib/server/methods/getChannelHistory.js index c8e1208299ae5..4b630accb65ab 100644 --- a/app/lib/server/methods/getChannelHistory.js +++ b/app/lib/server/methods/getChannelHistory.js @@ -9,7 +9,7 @@ import { normalizeMessagesForUser } from '../../../utils/server/lib/normalizeMes import { Message } from '../../../../server/sdk'; Meteor.methods({ - getChannelHistory({ rid, latest, oldest, inclusive, offset = 0, count = 20, unreads }) { + getChannelHistory({ rid, latest, oldest, inclusive, offset = 0, count = 20, unreads, excludeTypes }) { check(rid, String); if (!Meteor.userId()) { @@ -45,7 +45,7 @@ Meteor.methods({ queryOptions.fields = { editedAt: 0 }; } - const { records } = Promise.await(Message.get(fromUserId, { rid, latest, oldest, inclusive, queryOptions })); + const { records } = Promise.await(Message.get(fromUserId, { rid, latest, oldest, inclusive, excludeTypes, queryOptions })); const messages = normalizeMessagesForUser(records, fromUserId);