search

RocketChat / EmbeddedChat

An easy to use full-stack component (ReactJS) embedding Rocket.Chat into your webapp
https://rocketchat.github.io/EmbeddedChat/docs
128 stars 254 forks source link

Non-admin users can see the pin/unpin icon in group chats despite lacking permissions #672

Open SinghaAnirban005 opened 4 days ago

SinghaAnirban005 commented 4 days ago

Description:

Admins are authorized to pin/unpin messages and allow other non-priviledged users to pin/unpin based on their choice. However, the application currently displays the pin/unpin icon to non-priviledged or non-admin users, which is misleading and incorrect as they do not have the required permissions.

Steps to reproduce:

  1. Open any chat
  2. Ensure you are not signed in as admin (you should be a non-admin user)
  3. Try pinning any message using the pin icon

Expected behavior:

Non-priviledged users should not see the pin/unpin icon in the group chat, as they are unauthorized to perform this action. Only admins and those user group chosen by the admin should have access to this functionality.

Actual behavior:

The pin/unpin icon is visible to non-priviledged users in the group chat. Clicking the icon shows an error, leading to a confusing user experience.

https://github.com/user-attachments/assets/190912fd-8d2c-4cab-9bb7-e4b6b8a15daf

Below is the response generated on trying to pin/unpin a message as a non-admin Screenshot 2024-11-29 000103

SinghaAnirban005 commented 2 days ago

Am working on this issue !!