From 739fd0eb96e916cadd55721607f9012932ecf870 Mon Sep 17 00:00:00 2001 From: matheusbsilva137 Date: Tue, 30 Mar 2021 15:41:54 -0300 Subject: [PATCH 1/5] Add scope to permissions' verifications --- app/api/server/v1/teams.ts | 131 +++++++++++++++++++++---------- server/sdk/types/ITeamService.ts | 2 +- server/services/team/service.ts | 4 +- 3 files changed, 94 insertions(+), 43 deletions(-) diff --git a/app/api/server/v1/teams.ts b/app/api/server/v1/teams.ts index 5c4aa8cf61440..50d730a6e2ee9 100644 --- a/app/api/server/v1/teams.ts +++ b/app/api/server/v1/teams.ts @@ -67,13 +67,18 @@ API.v1.addRoute('teams.create', { authRequired: true }, { API.v1.addRoute('teams.addRoom', { authRequired: true }, { post() { - const { roomId, teamId, isDefault } = this.bodyParams; + const { roomId, teamId, teamName, isDefault } = this.bodyParams; - if (!hasPermission(this.userId, 'add-team-channel')) { + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); + } + + if (!hasPermission(this.userId, 'add-team-channel', team.roomId)) { return API.v1.unauthorized(); } - const room = Promise.await(Team.addRoom(this.userId, roomId, teamId, isDefault)); + const room = Promise.await(Team.addRoom(this.userId, roomId, team._id, isDefault)); return API.v1.success({ room }); }, @@ -81,13 +86,18 @@ API.v1.addRoute('teams.addRoom', { authRequired: true }, { API.v1.addRoute('teams.addRooms', { authRequired: true }, { post() { - const { rooms, teamId } = this.bodyParams; + const { rooms, teamId, teamName } = this.bodyParams; + + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); + } - if (!hasPermission(this.userId, 'add-team-channel')) { + if (!hasPermission(this.userId, 'add-team-channel', team.roomId)) { return API.v1.unauthorized(); } - const validRooms = Promise.await(Team.addRooms(this.userId, rooms, teamId)); + const validRooms = Promise.await(Team.addRooms(this.userId, rooms, team._id)); return API.v1.success({ rooms: validRooms }); }, @@ -95,15 +105,20 @@ API.v1.addRoute('teams.addRooms', { authRequired: true }, { API.v1.addRoute('teams.removeRoom', { authRequired: true }, { post() { - const { roomId, teamId } = this.bodyParams; + const { roomId, teamId, teamName } = this.bodyParams; - if (!hasPermission(this.userId, 'remove-team-channel')) { + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); + } + + if (!hasPermission(this.userId, 'remove-team-channel', team.roomId)) { return API.v1.unauthorized(); } - const canRemoveAny = !!hasPermission(this.userId, 'view-all-team-channels'); + const canRemoveAny = !!hasPermission(this.userId, 'view-all-team-channels', team.roomId); - const room = Promise.await(Team.removeRoom(this.userId, roomId, teamId, canRemoveAny)); + const room = Promise.await(Team.removeRoom(this.userId, roomId, team._id, canRemoveAny)); return API.v1.success({ room }); }, @@ -113,10 +128,15 @@ API.v1.addRoute('teams.updateRoom', { authRequired: true }, { post() { const { roomId, isDefault } = this.bodyParams; - if (!hasPermission(this.userId, 'edit-team-channel')) { + const team = Promise.await(Team.getOneByRoomId(roomId)); + if (!team) { + return API.v1.failure('room-not-on-team'); + } + + if (!hasPermission(this.userId, 'edit-team-channel', team.roomId)) { return API.v1.unauthorized(); } - const canUpdateAny = !!hasPermission(this.userId, 'view-all-team-channels'); + const canUpdateAny = !!hasPermission(this.userId, 'view-all-team-channels', team.roomId); const room = Promise.await(Team.updateRoom(this.userId, roomId, isDefault, canUpdateAny)); @@ -126,18 +146,22 @@ API.v1.addRoute('teams.updateRoom', { authRequired: true }, { API.v1.addRoute('teams.listRooms', { authRequired: true }, { get() { - const { teamId } = this.queryParams; + const { teamId, teamName } = this.queryParams; const { offset, count } = this.getPaginationItems(); - const { query } = this.parseJsonQuery(); - const allowPrivateTeam = hasPermission(this.userId, 'view-all-teams'); + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); + } + + const allowPrivateTeam = hasPermission(this.userId, 'view-all-teams', team.roomId); let getAllRooms = false; - if (hasPermission(this.userId, 'view-all-team-channels')) { + if (hasPermission(this.userId, 'view-all-team-channels', team.roomId)) { getAllRooms = true; } - const { records, total } = Promise.await(Team.listRooms(this.userId, teamId, getAllRooms, allowPrivateTeam, { offset, count }, { query })); + const { records, total } = Promise.await(Team.listRooms(this.userId, team._id, getAllRooms, allowPrivateTeam, { offset, count })); return API.v1.success({ rooms: records, @@ -151,15 +175,20 @@ API.v1.addRoute('teams.listRooms', { authRequired: true }, { API.v1.addRoute('teams.listRoomsOfUser', { authRequired: true }, { get() { const { offset, count } = this.getPaginationItems(); - const { teamId, userId } = this.queryParams; + const { teamId, teamName, userId } = this.queryParams; - const allowPrivateTeam = hasPermission(this.userId, 'view-all-teams'); + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); + } - if (!hasPermission(this.userId, 'view-all-team-channels')) { + const allowPrivateTeam = hasPermission(this.userId, 'view-all-teams', team.roomId); + + if (!hasPermission(this.userId, 'view-all-team-channels', team.roomId)) { return API.v1.unauthorized(); } - const { records, total } = Promise.await(Team.listRoomsOfUser(this.userId, teamId, userId, allowPrivateTeam, { offset, count })); + const { records, total } = Promise.await(Team.listRoomsOfUser(this.userId, team._id, userId, allowPrivateTeam, { offset, count })); return API.v1.success({ rooms: records, @@ -175,9 +204,14 @@ API.v1.addRoute('teams.members', { authRequired: true }, { const { offset, count } = this.getPaginationItems(); const { teamId, teamName } = this.queryParams; const { query } = this.parseJsonQuery(); - const canSeeAllMembers = hasPermission(this.userId, 'view-all-teams'); - const { records, total } = Promise.await(Team.members(this.userId, teamId, teamName, canSeeAllMembers, { offset, count }, { query })); + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); + } + const canSeeAllMembers = hasPermission(this.userId, 'view-all-teams', team.roomId); + + const { records, total } = Promise.await(Team.members(this.userId, team._id, teamName, canSeeAllMembers, { offset, count }, { query })); return API.v1.success({ members: records, @@ -190,13 +224,18 @@ API.v1.addRoute('teams.members', { authRequired: true }, { API.v1.addRoute('teams.addMembers', { authRequired: true }, { post() { - if (!hasAtLeastOnePermission(this.userId, ['add-team-member', 'edit-team-member'])) { - return API.v1.unauthorized(); + const { teamId, teamName, members } = this.bodyParams; + + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); } - const { teamId, teamName, members } = this.bodyParams; + if (!hasAtLeastOnePermission(this.userId, ['add-team-member', 'edit-team-member'], team.roomId)) { + return API.v1.unauthorized(); + } - Promise.await(Team.addMembers(this.userId, teamId, teamName, members)); + Promise.await(Team.addMembers(this.userId, team._id, teamName, members)); return API.v1.success(); }, @@ -204,13 +243,18 @@ API.v1.addRoute('teams.addMembers', { authRequired: true }, { API.v1.addRoute('teams.updateMember', { authRequired: true }, { post() { - if (!hasAtLeastOnePermission(this.userId, ['edit-team-member'])) { - return API.v1.unauthorized(); + const { teamId, teamName, member } = this.bodyParams; + + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); } - const { teamId, teamName, member } = this.bodyParams; + if (!hasAtLeastOnePermission(this.userId, ['edit-team-member'], team.roomId)) { + return API.v1.unauthorized(); + } - Promise.await(Team.updateMember(teamId, teamName, member)); + Promise.await(Team.updateMember(team._id, teamName, member)); return API.v1.success(); }, @@ -218,13 +262,18 @@ API.v1.addRoute('teams.updateMember', { authRequired: true }, { API.v1.addRoute('teams.removeMembers', { authRequired: true }, { post() { - if (!hasAtLeastOnePermission(this.userId, ['edit-team-member'])) { - return API.v1.unauthorized(); + const { teamId, teamName, members, rooms } = this.bodyParams; + + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + if (!team) { + return API.v1.failure('team-does-not-exist'); } - const { teamId, teamName, members, rooms } = this.bodyParams; + if (!hasAtLeastOnePermission(this.userId, ['edit-team-member'], team.roomId)) { + return API.v1.unauthorized(); + } - Promise.await(Team.removeMembers(teamId, teamName, members)); + Promise.await(Team.removeMembers(team._id, teamName, members)); if (rooms?.length) { Subscriptions.removeByRoomIdsAndUserId(rooms, this.userId); @@ -238,7 +287,9 @@ API.v1.addRoute('teams.leave', { authRequired: true }, { post() { const { teamId, teamName, rooms } = this.bodyParams; - Promise.await(Team.removeMembers(teamId, teamName, [{ + const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); + + Promise.await(Team.removeMembers(team._id, teamName, [{ userId: this.userId, }])); @@ -272,10 +323,6 @@ API.v1.addRoute('teams.info', { authRequired: true }, { API.v1.addRoute('teams.delete', { authRequired: true }, { post() { - if (!hasPermission(this.userId, 'delete-team')) { - return API.v1.unauthorized(); - } - const { teamId, teamName, roomsToRemove } = this.bodyParams; if (!teamId && !teamName) { @@ -291,6 +338,10 @@ API.v1.addRoute('teams.delete', { authRequired: true }, { return API.v1.failure('Team not found.'); } + if (!hasPermission(this.userId, 'delete-team', team.roomId)) { + return API.v1.unauthorized(); + } + const rooms = Promise.await(Team.getMatchingTeamRooms(team._id, roomsToRemove)); // Remove the team's main room diff --git a/server/sdk/types/ITeamService.ts b/server/sdk/types/ITeamService.ts index ad6683288d252..5c22c322e7e40 100644 --- a/server/sdk/types/ITeamService.ts +++ b/server/sdk/types/ITeamService.ts @@ -61,7 +61,7 @@ export interface ITeamService { deleteByName(teamName: string): Promise; unsetTeamIdOfRooms(teamId: string): void; getOneById(teamId: string, options?: FindOneOptions): Promise; - getOneByName(teamName: string): Promise; + getOneByName(teamName: string, options?: FindOneOptions): Promise; getMatchingTeamRooms(teamId: string, rids: Array): Promise>; autocomplete(uid: string, name: string): Promise>; } diff --git a/server/services/team/service.ts b/server/services/team/service.ts index fe99268cfcc3b..1907f726db9d5 100644 --- a/server/services/team/service.ts +++ b/server/services/team/service.ts @@ -613,8 +613,8 @@ export class TeamService extends ServiceClass implements ITeamService { return this.TeamModel.findOneById(teamId, options); } - async getOneByName(teamName: string): Promise { - return this.TeamModel.findOneByName(teamName); + async getOneByName(teamName: string, options?: FindOneOptions): Promise { + return this.TeamModel.findOneByName(teamName, options); } async getOneByRoomId(roomId: string): Promise { From bb019dba09a9be061a9dfb4c20a6bed1add48923 Mon Sep 17 00:00:00 2001 From: matheusbsilva137 Date: Tue, 30 Mar 2021 16:09:47 -0300 Subject: [PATCH 2/5] Remove teamName parameter from service methods --- app/api/server/v1/teams.ts | 10 ++++----- server/sdk/types/ITeamService.ts | 9 ++++---- server/services/team/service.ts | 38 +++++--------------------------- 3 files changed, 15 insertions(+), 42 deletions(-) diff --git a/app/api/server/v1/teams.ts b/app/api/server/v1/teams.ts index 50d730a6e2ee9..e0860a98cfaa6 100644 --- a/app/api/server/v1/teams.ts +++ b/app/api/server/v1/teams.ts @@ -211,7 +211,7 @@ API.v1.addRoute('teams.members', { authRequired: true }, { } const canSeeAllMembers = hasPermission(this.userId, 'view-all-teams', team.roomId); - const { records, total } = Promise.await(Team.members(this.userId, team._id, teamName, canSeeAllMembers, { offset, count }, { query })); + const { records, total } = Promise.await(Team.members(this.userId, team._id, canSeeAllMembers, { offset, count }, { query })); return API.v1.success({ members: records, @@ -235,7 +235,7 @@ API.v1.addRoute('teams.addMembers', { authRequired: true }, { return API.v1.unauthorized(); } - Promise.await(Team.addMembers(this.userId, team._id, teamName, members)); + Promise.await(Team.addMembers(this.userId, team._id, members)); return API.v1.success(); }, @@ -254,7 +254,7 @@ API.v1.addRoute('teams.updateMember', { authRequired: true }, { return API.v1.unauthorized(); } - Promise.await(Team.updateMember(team._id, teamName, member)); + Promise.await(Team.updateMember(team._id, member)); return API.v1.success(); }, @@ -273,7 +273,7 @@ API.v1.addRoute('teams.removeMembers', { authRequired: true }, { return API.v1.unauthorized(); } - Promise.await(Team.removeMembers(team._id, teamName, members)); + Promise.await(Team.removeMembers(team._id, members)); if (rooms?.length) { Subscriptions.removeByRoomIdsAndUserId(rooms, this.userId); @@ -289,7 +289,7 @@ API.v1.addRoute('teams.leave', { authRequired: true }, { const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); - Promise.await(Team.removeMembers(team._id, teamName, [{ + Promise.await(Team.removeMembers(team._id, [{ userId: this.userId, }])); diff --git a/server/sdk/types/ITeamService.ts b/server/sdk/types/ITeamService.ts index 5c22c322e7e40..bd392c7bcb507 100644 --- a/server/sdk/types/ITeamService.ts +++ b/server/sdk/types/ITeamService.ts @@ -51,10 +51,10 @@ export interface ITeamService { listAll(options?: IPaginationOptions): Promise>; listByNames(names: Array, options?: FindOneOptions): Promise>; search(userId: string, term: string | RegExp, options?: FindOneOptions): Promise; - members(uid: string, teamId: string, teamName: string, canSeeAll: boolean, options?: IPaginationOptions, queryOptions?: IQueryOptions): Promise>; - addMembers(uid: string, teamId: string, teamName: string, members: Array): Promise; - updateMember(teamId: string, teamName: string, members: ITeamMemberParams): Promise; - removeMembers(teamId: string, teamName: string, members: Array): Promise; + members(uid: string, teamId: string, canSeeAll: boolean, options?: IPaginationOptions, queryOptions?: IQueryOptions): Promise>; + addMembers(uid: string, teamId: string, members: Array): Promise; + updateMember(teamId: string, members: ITeamMemberParams): Promise; + removeMembers(teamId: string, members: Array): Promise; getInfoByName(teamName: string): Promise | undefined>; getInfoById(teamId: string): Promise | undefined>; deleteById(teamId: string): Promise; @@ -62,6 +62,7 @@ export interface ITeamService { unsetTeamIdOfRooms(teamId: string): void; getOneById(teamId: string, options?: FindOneOptions): Promise; getOneByName(teamName: string, options?: FindOneOptions): Promise; + getOneByRoomId(teamId: string): Promise; getMatchingTeamRooms(teamId: string, rids: Array): Promise>; autocomplete(uid: string, name: string): Promise>; } diff --git a/server/services/team/service.ts b/server/services/team/service.ts index 1907f726db9d5..607f996d77c3f 100644 --- a/server/services/team/service.ts +++ b/server/services/team/service.ts @@ -457,16 +457,7 @@ export class TeamService extends ServiceClass implements ITeamService { return rooms.map(({ _id }: { _id: string}) => _id); } - async members(uid: string, teamId: string, teamName: string, canSeeAll: boolean, { offset, count }: IPaginationOptions = { offset: 0, count: 50 }, { query }: IQueryOptions): Promise> { - if (!teamId) { - const teamIdName = await this.TeamModel.findOneByName(teamName, { projection: { _id: 1 } }); - if (!teamIdName) { - throw new Error('team-does-not-exist'); - } - - teamId = teamIdName._id; - } - + async members(uid: string, teamId: string, canSeeAll: boolean, { offset, count }: IPaginationOptions = { offset: 0, count: 50 }, { query }: IQueryOptions): Promise> { const isMember = await this.TeamMembersModel.findOneByUserIdAndTeamId(uid, teamId); if (!isMember && !canSeeAll) { return { @@ -505,21 +496,12 @@ export class TeamService extends ServiceClass implements ITeamService { }; } - async addMembers(uid: string, teamId: string, teamName: string, members: Array): Promise { + async addMembers(uid: string, teamId: string, members: Array): Promise { const createdBy = await this.Users.findOneById(uid, { projection: { username: 1 } }); if (!createdBy) { throw new Error('invalid-user'); } - if (!teamId) { - const teamIdName = await this.TeamModel.findOneByName(teamName, { projection: { _id: 1 } }); - if (!teamIdName) { - throw new Error('team-does-not-exist'); - } - - teamId = teamIdName._id; - } - const membersList: Array> = members?.map((member) => ({ teamId, userId: member.userId ? member.userId : '', @@ -533,16 +515,7 @@ export class TeamService extends ServiceClass implements ITeamService { await this.addMembersToDefaultRooms(createdBy, teamId, membersList); } - async updateMember(teamId: string, teamName: string, member: ITeamMemberParams): Promise { - if (!teamId) { - const teamIdName = await this.TeamModel.findOneByName(teamName, { projection: { _id: 1 } }); - if (!teamIdName) { - throw new Error('team-does-not-exist'); - } - - teamId = teamIdName._id; - } - + async updateMember(teamId: string, member: ITeamMemberParams): Promise { if (!member.userId) { member.userId = await this.Users.findOneByUsername(member.userName); if (!member.userId) { @@ -562,9 +535,8 @@ export class TeamService extends ServiceClass implements ITeamService { await this.TeamMembersModel.deleteByUserIdAndTeamId(userId, teamId); } - async removeMembers(teamId: string, teamName: string, members: Array): Promise { - const searchTerm = teamId || teamName; - const team = await this.TeamModel[teamId ? 'findOneById' : 'findOneByName'](searchTerm, { projection: { _id: 1, roomId: 1 } }); + async removeMembers(teamId: string, members: Array): Promise { + const team = await this.TeamModel.findOneById(teamId, { projection: { _id: 1, roomId: 1 } }); if (!team) { throw new Error('team-does-not-exist'); } From 19f039d1d90118b6ea3d6baa96169d643903aa3e Mon Sep 17 00:00:00 2001 From: matheusbsilva137 Date: Tue, 30 Mar 2021 16:41:48 -0300 Subject: [PATCH 3/5] Update use of service methods --- app/api/server/v1/channels.js | 2 +- app/api/server/v1/teams.ts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/api/server/v1/channels.js b/app/api/server/v1/channels.js index 0c287890b8f5e..10dbcd9b7a3d4 100644 --- a/app/api/server/v1/channels.js +++ b/app/api/server/v1/channels.js @@ -248,7 +248,7 @@ API.v1.addRoute('channels.create', { authRequired: true }, { const teamMembers = []; for (const team of teams) { - const { records: members } = Promise.await(Team.members(this.userId, team._id, undefined, canSeeAllTeams, { offset: 0, count: Number.MAX_SAFE_INTEGER })); + const { records: members } = Promise.await(Team.members(this.userId, team._id, canSeeAllTeams, { offset: 0, count: Number.MAX_SAFE_INTEGER })); const uids = members.map((member) => member.user.username); teamMembers.push(...uids); } diff --git a/app/api/server/v1/teams.ts b/app/api/server/v1/teams.ts index e0860a98cfaa6..faac4a99cb372 100644 --- a/app/api/server/v1/teams.ts +++ b/app/api/server/v1/teams.ts @@ -148,6 +148,7 @@ API.v1.addRoute('teams.listRooms', { authRequired: true }, { get() { const { teamId, teamName } = this.queryParams; const { offset, count } = this.getPaginationItems(); + const { query } = this.parseJsonQuery(); const team = teamId ? Promise.await(Team.getOneById(teamId)) : Promise.await(Team.getOneByName(teamName)); if (!team) { @@ -161,7 +162,7 @@ API.v1.addRoute('teams.listRooms', { authRequired: true }, { getAllRooms = true; } - const { records, total } = Promise.await(Team.listRooms(this.userId, team._id, getAllRooms, allowPrivateTeam, { offset, count })); + const { records, total } = Promise.await(Team.listRooms(this.userId, team._id, getAllRooms, allowPrivateTeam, { offset, count }, { query })); return API.v1.success({ rooms: records, From 02efbfce8c5118c64503dc254c59b6e9ee99aa47 Mon Sep 17 00:00:00 2001 From: matheusbsilva137 Date: Wed, 31 Mar 2021 09:17:37 -0300 Subject: [PATCH 4/5] Fix teams.updateRoom endpoint --- app/api/server/v1/teams.ts | 3 --- server/sdk/types/ITeamService.ts | 3 ++- server/services/team/service.ts | 16 +++++++++++++++- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/app/api/server/v1/teams.ts b/app/api/server/v1/teams.ts index faac4a99cb372..dd12ce63c17e8 100644 --- a/app/api/server/v1/teams.ts +++ b/app/api/server/v1/teams.ts @@ -129,9 +129,6 @@ API.v1.addRoute('teams.updateRoom', { authRequired: true }, { const { roomId, isDefault } = this.bodyParams; const team = Promise.await(Team.getOneByRoomId(roomId)); - if (!team) { - return API.v1.failure('room-not-on-team'); - } if (!hasPermission(this.userId, 'edit-team-channel', team.roomId)) { return API.v1.unauthorized(); diff --git a/server/sdk/types/ITeamService.ts b/server/sdk/types/ITeamService.ts index bd392c7bcb507..389dfd2c76614 100644 --- a/server/sdk/types/ITeamService.ts +++ b/server/sdk/types/ITeamService.ts @@ -62,7 +62,8 @@ export interface ITeamService { unsetTeamIdOfRooms(teamId: string): void; getOneById(teamId: string, options?: FindOneOptions): Promise; getOneByName(teamName: string, options?: FindOneOptions): Promise; - getOneByRoomId(teamId: string): Promise; + getOneByMainRoomId(teamId: string): Promise; + getOneByRoomId(teamId: string): Promise; getMatchingTeamRooms(teamId: string, rids: Array): Promise>; autocomplete(uid: string, name: string): Promise>; } diff --git a/server/services/team/service.ts b/server/services/team/service.ts index 607f996d77c3f..1c8fdbe7ace9e 100644 --- a/server/services/team/service.ts +++ b/server/services/team/service.ts @@ -589,10 +589,24 @@ export class TeamService extends ServiceClass implements ITeamService { return this.TeamModel.findOneByName(teamName, options); } - async getOneByRoomId(roomId: string): Promise { + async getOneByMainRoomId(roomId: string): Promise { return this.TeamModel.findOneByMainRoomId(roomId, { projection: { _id: 1 } }); } + async getOneByRoomId(roomId: string): Promise { + const room = await this.RoomsModel.findOneById(roomId); + + if (!room) { + throw new Error('invalid-room'); + } + + if (!room.teamId) { + throw new Error('room-not-on-team'); + } + + return this.TeamModel.findOneById(room.teamId); + } + async addRolesToMember(teamId: string, userId: string, roles: Array): Promise { const isMember = await this.TeamMembersModel.findOneByUserIdAndTeamId(userId, teamId, { projection: { _id: 1 } }); From 7492a158a87d3081c3e45d326e043e21c53ad0bf Mon Sep 17 00:00:00 2001 From: matheusbsilva137 Date: Wed, 31 Mar 2021 11:54:54 -0300 Subject: [PATCH 5/5] Update uses of getOneByRoomId method --- server/methods/addRoomLeader.js | 2 +- server/methods/addRoomModerator.js | 2 +- server/methods/addRoomOwner.js | 2 +- server/methods/removeRoomLeader.js | 2 +- server/methods/removeRoomModerator.js | 2 +- server/methods/removeRoomOwner.js | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/server/methods/addRoomLeader.js b/server/methods/addRoomLeader.js index 9265815e2620e..eed7d577d5a7a 100644 --- a/server/methods/addRoomLeader.js +++ b/server/methods/addRoomLeader.js @@ -58,7 +58,7 @@ Meteor.methods({ role: 'leader', }); - const team = Promise.await(Team.getOneByRoomId(rid)); + const team = Promise.await(Team.getOneByMainRoomId(rid)); if (team) { Promise.await(Team.addRolesToMember(team._id, userId, ['leader'])); } diff --git a/server/methods/addRoomModerator.js b/server/methods/addRoomModerator.js index 6d0d3879a9967..6088021e2f009 100644 --- a/server/methods/addRoomModerator.js +++ b/server/methods/addRoomModerator.js @@ -58,7 +58,7 @@ Meteor.methods({ role: 'moderator', }); - const team = Promise.await(Team.getOneByRoomId(rid)); + const team = Promise.await(Team.getOneByMainRoomId(rid)); if (team) { Promise.await(Team.addRolesToMember(team._id, userId, ['moderator'])); } diff --git a/server/methods/addRoomOwner.js b/server/methods/addRoomOwner.js index a98405e8e2765..04ecc0db72e09 100644 --- a/server/methods/addRoomOwner.js +++ b/server/methods/addRoomOwner.js @@ -58,7 +58,7 @@ Meteor.methods({ role: 'owner', }); - const team = Promise.await(Team.getOneByRoomId(rid)); + const team = Promise.await(Team.getOneByMainRoomId(rid)); if (team) { Promise.await(Team.addRolesToMember(team._id, userId, ['owner'])); } diff --git a/server/methods/removeRoomLeader.js b/server/methods/removeRoomLeader.js index 77ce4340c4441..6b40f266e260e 100644 --- a/server/methods/removeRoomLeader.js +++ b/server/methods/removeRoomLeader.js @@ -58,7 +58,7 @@ Meteor.methods({ role: 'leader', }); - const team = Promise.await(Team.getOneByRoomId(rid)); + const team = Promise.await(Team.getOneByMainRoomId(rid)); if (team) { Promise.await(Team.removeRolesFromMember(team._id, userId, ['leader'])); } diff --git a/server/methods/removeRoomModerator.js b/server/methods/removeRoomModerator.js index c4237dbda2317..4b3739b4e6df2 100644 --- a/server/methods/removeRoomModerator.js +++ b/server/methods/removeRoomModerator.js @@ -58,7 +58,7 @@ Meteor.methods({ role: 'moderator', }); - const team = Promise.await(Team.getOneByRoomId(rid)); + const team = Promise.await(Team.getOneByMainRoomId(rid)); if (team) { Promise.await(Team.removeRolesFromMember(team._id, userId, ['moderator'])); } diff --git a/server/methods/removeRoomOwner.js b/server/methods/removeRoomOwner.js index d05a9559369bc..9ae598883c6be 100644 --- a/server/methods/removeRoomOwner.js +++ b/server/methods/removeRoomOwner.js @@ -65,7 +65,7 @@ Meteor.methods({ role: 'owner', }); - const team = Promise.await(Team.getOneByRoomId(rid)); + const team = Promise.await(Team.getOneByMainRoomId(rid)); if (team) { Promise.await(Team.removeRolesFromMember(team._id, userId, ['owner'])); }