/
saveRole.ts
48 lines (40 loc) · 1.67 KB
/
saveRole.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import { Meteor } from 'meteor/meteor';
import { isRoleCreateProps } from '@rocket.chat/rest-typings';
import { Roles } from '@rocket.chat/models';
import { settings } from '../../../settings/server';
import { hasPermission } from '../functions/hasPermission';
import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger';
import { updateRoleAsync } from '../../../../server/lib/roles/updateRole';
import { insertRoleAsync } from '../../../../server/lib/roles/insertRole';
Meteor.methods({
async 'authorization:saveRole'(roleData: Record<string, unknown>) {
methodDeprecationLogger.warn('authorization:saveRole will be deprecated in future versions of Rocket.Chat');
const userId = Meteor.userId();
if (!isRoleCreateProps(roleData)) {
throw new Meteor.Error('error-invalid-role-properties', 'The role properties are invalid.', {
method: 'authorization:saveRole',
});
}
if (!userId || !hasPermission(userId, 'access-permissions')) {
throw new Meteor.Error('error-action-not-allowed', 'Accessing permissions is not allowed', {
method: 'authorization:saveRole',
action: 'Accessing_permissions',
});
}
const role = {
description: roleData.description || '',
...(roleData.mandatory2fa !== undefined && { mandatory2fa: roleData.mandatory2fa }),
name: roleData.name,
scope: roleData.scope || 'Users',
protected: false,
};
const existingRole = await Roles.findOneByName(roleData.name, { projection: { _id: 1 } });
const options = {
broadcastUpdate: settings.get<boolean>('UI_DisplayRoles'),
};
if (existingRole) {
return updateRoleAsync(existingRole._id, role, options);
}
return insertRoleAsync(role);
},
});