fix: make validateRoleList to check by role name or id

Author: ricardogarim

apps/meteor/server/lib/roles/addUserRoles.ts

@@ -6,7 +6,11 @@ import { syncRoomRolePriorityForUserAndRoom } from './syncRoomRolePriority';
 import { validateRoleList } from './validateRoleList';
 import { notifyOnSubscriptionChangedByRoomIdAndUserId } from '../../../app/lib/server/lib/notifyListener';
 
-export const addUserRolesAsync = async (userId: IUser['_id'], roles: IRole['_id'][], scope?: IRoom['_id']): Promise<boolean> => {
+export const addUserRolesAsync = async (
+	userId: IUser['_id'],
+	roles: IRole['_id'][] | IRole['name'][],
+	scope?: IRoom['_id'],
+): Promise<boolean> => {
 	if (!userId || !roles?.length) {
 		return false;
 	}
@@ -25,7 +29,7 @@ export const addUserRolesAsync = async (userId: IUser['_id'], roles: IRole['_id'
 	}
 
 	for await (const roleId of roles) {
-		const role = await Roles.findOneById<Pick<IRole, '_id' | 'scope'>>(roleId, { projection: { scope: 1 } });
+		const role = await Roles.findOneByIdOrName<Pick<IRole, '_id' | 'scope'>>(roleId, { projection: { scope: 1 } });
 
 		if (!role) {
 			process.env.NODE_ENV === 'development' && console.warn(`[WARN] RolesRaw.addUserRoles: role: ${roleId} not found`);

apps/meteor/server/lib/roles/removeUserFromRoles.ts

@@ -6,7 +6,11 @@ import { syncRoomRolePriorityForUserAndRoom } from './syncRoomRolePriority';
 import { validateRoleList } from './validateRoleList';
 import { notifyOnSubscriptionChangedByRoomIdAndUserId } from '../../../app/lib/server/lib/notifyListener';
 
-export const removeUserFromRolesAsync = async (userId: IUser['_id'], roles: IRole['_id'][], scope?: IRoom['_id']): Promise<boolean> => {
+export const removeUserFromRolesAsync = async (
+	userId: IUser['_id'],
+	roles: IRole['_id'][] | IRole['name'][],
+	scope?: IRoom['_id'],
+): Promise<boolean> => {
 	if (!userId || !roles) {
 		return false;
 	}
@@ -25,19 +29,19 @@ export const removeUserFromRolesAsync = async (userId: IUser['_id'], roles: IRol
 	}
 
 	for await (const roleId of roles) {
-		const role = await Roles.findOneById<Pick<IRole, '_id' | 'scope'>>(roleId, { projection: { scope: 1 } });
+		const role = await Roles.findOneByIdOrName<Pick<IRole, '_id' | 'scope'>>(roleId, { projection: { scope: 1 } });
 		if (!role) {
 			continue;
 		}
 
 		if (role.scope === 'Subscriptions' && scope) {
-			const removeRolesResponse = await Subscriptions.removeRolesByUserId(userId, [roleId], scope);
+			const removeRolesResponse = await Subscriptions.removeRolesByUserId(userId, [role._id], scope);
 			await syncRoomRolePriorityForUserAndRoom(userId, scope);
 			if (removeRolesResponse.modifiedCount) {
 				void notifyOnSubscriptionChangedByRoomIdAndUserId(scope, userId);
 			}
 		} else {
-			await Users.removeRolesByUserId(userId, [roleId]);
+			await Users.removeRolesByUserId(userId, [role._id]);
 		}
 	}
 

apps/meteor/server/lib/roles/validateRoleList.ts

@@ -1,13 +1,19 @@
 import type { IRole } from '@rocket.chat/core-typings';
 import { Roles } from '@rocket.chat/models';
 
-export const validateRoleList = async (roleIds: IRole['_id'][]): Promise<boolean> => {
+export const validateRoleList = async (roleIdsOrNames: IRole['_id'][] | IRole['name'][]): Promise<boolean> => {
+	if (!Array.isArray(roleIdsOrNames) || roleIdsOrNames.length === 0) {
+		return true;
+	}
+
 	const options = {
 		projection: {
 			_id: 1,
+			name: 1,
 		},
 	};
 
-	const existingRoleIds = (await Roles.findInIds<Pick<IRole, '_id'>>(roleIds, options).toArray()).map(({ _id }) => _id);
-	return !roleIds.find((_id) => !existingRoleIds.includes(_id));
+	const roles = await Roles.findInIdsOrNames<Pick<IRole, '_id' | 'name'>>(roleIdsOrNames, options).toArray();
+
+	return roleIdsOrNames.every((item) => roles.some((role) => role._id === item || role.name === item));
 };