Skip to content

Commit

Permalink
[FIX] Permission check on joinRoom for private room (#11857)
Browse files Browse the repository at this point in the history
  • Loading branch information
@timkinnane @sampaiodiego
timkinnane authored and sampaiodiego committed Sep 11, 2018
1 parent 6c3c379 commit 29af762
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion packages/rocketchat-lib/server/methods/joinRoom.js
View file
Expand Up @@ -21,7 +21,7 @@ Meteor.methods({
throw new Meteor.Error('error-not-allowed', 'Token required', { method: 'joinRoom' });
}
} else {
if ((room.t !== 'c') || (RocketChat.authz.hasPermission(Meteor.userId(), 'view-c-room') !== true)) {
if (!RocketChat.authz.canAccessRoom(room, Meteor.user())) {
throw new Meteor.Error('error-not-allowed', 'Not allowed', { method: 'joinRoom' });
}

Expand Down

0 comments on commit 29af762

Please sign in to comment.