fix: Users without preview permission subscribing to public channel stream

[tiagoevanp]

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

CORE-855

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 0dcf7e9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 37 packages

Name	Type
@rocket.chat/meteor	Minor
@rocket.chat/i18n	Minor
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-contexts	Major
@rocket.chat/web-ui-registration	Major
@rocket.chat/fuselage-ui-kit	Major
@rocket.chat/ui-client	Major
@rocket.chat/ui-voip	Major
@rocket.chat/uikit-playground	Patch
@rocket.chat/gazzodown	Major
@rocket.chat/livechat	Patch
@rocket.chat/ui-avatar	Major
@rocket.chat/ui-video-conf	Major
@rocket.chat/core-typings	Minor
@rocket.chat/rest-typings	Minor
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/license	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/instance-status	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

PR Preview Action v1.6.0
🚀 View preview at https://RocketChat.github.io/Rocket.Chat/pr-preview/pr-34922/
Built to branch gh-pages at 2025-01-17 18:45 UTC. Preview will be ready when the GitHub Pages deployment is complete.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.22%. Comparing base (baaee3f) to head (0dcf7e9).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #34922      +/-   ##
===========================================
+ Coverage    59.18%   59.22%   +0.03%     
===========================================
  Files         2819     2819              
  Lines        67719    67485     -234     
  Branches     15081    15013      -68     
===========================================
- Hits         40077    39965     -112     
+ Misses       24819    24711     -108     
+ Partials      2823     2809      -14     

Flag	Coverage Δ
unit	75.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[gabriellsh]

I think NotSubscribedState either doesn't need to be a separate component (could be directly rendered in the NotSubscribedRoom componenet) or at least it should be in the views/room folder. Even if we could use it somewhere else in the future, we can move it when we need.

A side note: This might seem like nit picking, but could you rename the components/error so that their names are in the same pattern of the other Errors/Room State components? It's not a big deal but it helps understand what each thing mean.

[MarcosSpessatto]

Is it possible to add some tests to ensure this?

[MarcosSpessatto]

Is it possible to add some tests to ensure this?

Aligned internally, we'll skip the tests temporarily

[MarcosSpessatto]

According to the problem description, the server's stream allows users without permission to subscribe to the stream. I understand we are preventing at the client side, but I think we should also ensure the stream itself doesn't allow unauthorized users to subscribe to it. Will be address in another task