search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.35k stars 10.48k forks source link

A simple user can create a call in a read-only channel. #27871

Open shevchukma opened 1 year ago

shevchukma commented 1 year ago

Description:

In read-only channels, where only a moderator can write messages, anyone can start a call. In this case, the call button appears in the chat.

Steps to reproduce:

  1. Join into a read-only channel as a normal user.
  2. Create a call by pressing the phone receiver button.

Expected behavior:

Regular users should not be able to create a call in read-only channels.

Actual behavior:

Regular users can create a call in read-only channels.

Server Setup Information:

Client Setup Information

dudanogueira commented 1 year ago

Also can be reproduced on 6.0.0-develop

parthsali commented 1 year ago

Hey @shevchukma, I'm new to open source. Could you please guide me with this issue?

shevchukma commented 1 year ago

Hey @parthsali. I'm not on the development team. I'm just the user who reported about issue. The problem occurs when you make a call in Rocket Chat in a read-only channel. In our case, calls are made through the integration of Rocket Chat and Jitsi.

contraintuitiv commented 1 year ago

Same hold's true for BigBlueButton, even in broadcast channels #27813

That is a major bug because it undermines crucially the permission's control system.

himani-mehra commented 1 month ago

Hi @shevchukma , I would love to take on this issue and contribute to the project. Could you please assign it to me if it's available? Looking forward to your response. Thanks!