search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.38k stars 10.49k forks source link

Bugginess around disabling users in 4.6.3. #25243

Open ebyrne242 opened 2 years ago

ebyrne242 commented 2 years ago

Description:

Disabling a user who owns a room brings up a dialog saying a new room owner will be randomly assigned. Clicking "Yes, deactivate it!" appears to do nothing. However, if you click "Cancel", you can see that the user has been disabled. The room also still shows that user as the owner, but it does appear to have assigned another user as an additional owner.

I also tried re-enabling the user, manually removing them as an owner, leaving only one, then disabling them again. But the channel info under Administration still lists them as the owner.

Steps to reproduce:

  1. Click on Administration, Users, select user. Select Disable user on a user who is the only owner of a private room.
  2. On the dialog that comes up saying the user is the only owner of a room and a new owner will be randomly assigned, click "Yes, delete it!"
  3. Click on Rooms, then find the room mentioned in the previous dialog. Note the owner is still the now-deactivated user.
  4. Go to the room, get the user list, select another user as owner. The user list now contains two users other than the deactivated user who are owners.
  5. Click on Administration, Rooms, select the room. Note the owner is still the deactivated user.
  6. Re-activate the user, go to the room, and remove them as an owner, the deactivate them again.
  7. Click on Administration, Rooms, select the room. Note the owner is still the deactivated user.

Expected behavior:

The room owner should at least change to the new randomly selected (or a manually selected) user when the user has been manually removed from ownership, if not when they were deactivated.

Actual behavior:

It appears to be no longer possible to remove the user as owner. It may work when deleting them, but I haven't tried this yet.

Server Setup Information:

Client Setup Information

Additional context

Relevant logs:

No obvious errors logged from either server or client on loglevel INFO.

ebyrne242 commented 2 years ago

It looks like we also see somewhat similar behavior when attempting to update the owner of the room (private group in this case) with a non-disabled account. Admin joins the room, sets a new user as owner, removes owner permission from an old user. Inside the room, it shows the new owner as owner. But if you look at the room list in the admin console, it still shows the old owner as the owner of the group.

One other thing possibly worth mentioning is we're using Custom OAuth as our source for users. This has been working fine in general since at least RC 0.60 or so, but seemed worth mentioning since the bug seems to involve user permissions.