[Livechat] Don't allow transferring chats to inactive departments

cuonghuunguyen commented 3 years ago

Description:

On the UI, it is only possible to select the active departments to transfer the livechat room but we still can transfer the chats to the inactive departments by api/v1/livechat/room.transfer. This will let the visitor transfer the room to the test/internal/private department on Rocket.Chat.

Steps to reproduce:

Deactivate the department
Use api/v1/livechat/room.transfer to transfer the room to the inactive deparment

Expected behavior:

Error returned, could be department not found or department is inactive

Actual behavior:

Room transferred successfully

Server Setup Information:

Version of Rocket.Chat Server: 3.14.0
Operating System: Linux
Deployment Method: all
Number of Running Instances: any
DB Replicaset Oplog: enabled
NodeJS Version: 12.18.4
MongoDB Version: 4.0

Client Setup Information

Desktop App or Browser Version: all
Operating System:all

Additional context

Relevant logs:

johncrisp commented 3 years ago

Thanks for reporting this.

Should this be in the Livechat/Omnichannel repo? I can move it if so.

cuonghuunguyen commented 3 years ago

hi, its the bug in the API, not the livechat widget

RocketChat / Rocket.Chat