- Sort permissions by group

- Do not try to create permissions for hidden settings in higher-level-callbacks
- Remove `setting-permissions` collection - fully integrated into `permissions`

packages/rocketchat-authorization/client/views/permissions.js

@@ -13,16 +13,26 @@ Template.permissions.helpers({
 	},
 
 	permissions() {
-		return ChatPermissions.find(whereNotSetting,
+		return ChatPermissions.find(whereNotSetting, //the $where seems to have no effect - filtered as workaround after fetch()
 			{
 				sort: {
 					_id: 1
 				}
-			}).fetch().filter((setting)=>!setting.level);
+			}).fetch()
+			.filter((setting) => !setting.level);
 	},
 
 	settingPermissions() {
-		return ChatPermissions.find({level: permissionLevel.SETTING});
+		return ChatPermissions.find({
+			level: permissionLevel.SETTING
+		},
+		{
+			sort: { //sorting seems not to be copied from the publication, we need to request it explicitly in find()
+				group: 1,
+				section: 1
+			}
+		}).fetch()
+			.filter((setting) => setting.group); //group permissions are assigned implicitly,  we can hide them. $exists: {group:false} not supported by Minimongo
 	},
 
 	hasPermission() {

packages/rocketchat-authorization/package.js

@@ -21,7 +21,6 @@ Package.onUse(function(api) {
 	api.addFiles('lib/rocketchat.js', ['server', 'client']);
 
 	api.addFiles('client/lib/ChatPermissions.js', ['client']);
-	api.addFiles('client/lib/SettingPermissions.js', ['client']);
 	api.addFiles('client/lib/models/Roles.js', ['client']);
 	api.addFiles('client/lib/models/Users.js', ['client']);
 	api.addFiles('client/lib/models/Subscriptions.js', ['client']);

packages/rocketchat-authorization/server/publications/permissions.js

@@ -20,30 +20,6 @@ Meteor.methods({
 			};
 		}
 
-		return records;
-	},
-	'setting-permissions/get'(updatedAt) {
-		this.unblock();
-
-		const records = RocketChat.models.Permissions.find({
-			level: permissionLevel.SETTING,
-			groupPermissionId: {$exists: true} //filter group permissions themselves, as they are being assigned implicitly
-		}, {}, {sort: {group: 1, section: 1, sorter: 1}}).fetch();
-
-		if (updatedAt instanceof Date) {
-			return {
-				update: records.filter((record) => {
-					return record._updatedAt > updatedAt;
-				}),
-				remove: RocketChat.models.Permissions.trashFindDeletedAfter(updatedAt, {}, {
-					fields: {
-						_id: 1,
-						_deletedAt: 1
-					}
-				}).fetch()
-			};
-		}
-
 		return records;
 	}
 });

packages/rocketchat-authorization/server/startup.js

@@ -124,9 +124,11 @@ Meteor.startup(function() {
 		const permission = {
 			_id: permissionId,
 			level: permissionLevel.SETTING,
+			//copy those setting-properties which are needed to properly publish the setting-based permissions
 			settingId: setting._id,
 			group: setting.group,
-			section: setting.section
+			section: setting.section,
+			sorter: setting.sorter
 		};
 		// copy previously assigned roles if available
 		if (previousSettingPermissions[permissionId] && previousSettingPermissions[permissionId].roles) {
@@ -166,8 +168,14 @@ Meteor.startup(function() {
 	// register a callback for settings for be create in higher-level-packages
 	const createPermissionForAddedSetting = function(settingId) {
 		const previousSettingPermissions = getPreviousPermissions(settingId);
-		const setting = RocketChat.models.Settings.findOneNotHiddenById(settingId);
-		createSettingPermission(setting, previousSettingPermissions);
+		const setting = RocketChat.models.Settings.findOneById(settingId);
+		if (setting) {
+			if (!setting.hidden) {
+				createSettingPermission(setting, previousSettingPermissions);
+			}
+		} else {
+			SystemLogger.error('Could not create permission for setting', settingId);
+		}
 	};
 
 	RocketChat.settings.onload('*', createPermissionForAddedSetting);