RocketChat
[WIP]Request access private room
closes #10990
About Feature:
The directory has re-introduced a global list of public channels and users - with the intention that users can easily join discussions. However, private groups and potentially created custom room types are missing. Listing them raises two new issues
Particularly for private groups, there has to be a mechanism to allow visitors to ask for joining a room The already created rooms must not be listed by default, since even the title may expose sensitive information (#Bob-stinks)
List of Changes:
1. Database:
Messages:
The join request will be send to the approver as a new message holding accept or decline buttons to take action over the request. Therefore, the state of the request is stored in attachment property as requestor, type, reason, status, responder.
Room:
This feature implementation introduces a secret property to stores the secrecy of the Private room with default value is false. The directory search will list the all the private rooms which are not secret and in which the user is a member of the room.
2. UI:
Directory:
This feature allows users to search for the Private rooms under the directory search as like as other room types
Send Request:
User can make use of the Send request button on the Private room in which he/she wants to become a member to send the join request.
Secret Private room:
A new toggle switch in the channel creation is introduced that shall be used to mark the room secret or not. This setting is applicable to the private room types at this moment. Therefore the toggle switch is visible only for the private rooms.
As well as, this setting shall be activated/de-activated using the side bar channel settings from the room.
3. Migration:
Private rooms are migrated to secret to prevent sensitive room types are being available on the directory search after rolling out this feature.
4. Permissions:
A new permissions set-secret can users shall be assigned to be allowed to make change. By default, admin and owner gets the permission assigned.
Sneak Peak:
@vickyokrm there are many commits in there (and files changed) I would not have expected. Did you have the proper base?
@RocketChat/core Can someone please give feedback on the general mergeability of this feature (based on what's seen in the video)? Code-Wise, there have been quite some changes in 0.66 to the directory (which are very much appreciated, btw!), so the PR has to be updated. But at least some response from your end would be very much appreciated before we take this effort.
@vickyokrm can you please update this PR once you're done with the PR towards our fork?
@RocketChat/core This is quite a big PR impacting multiple files.
Before we update this to 1.0-codebase, we need your feedback on whether this contributions will be accepted. Working for the bin is tiresome
Hey @mrsimpson , Sorry for never getting back to this one. Based on the description and the video, I have two concerns:
-
Mods may miss the rocket.cat message if the private group is very active, but I don't know how that could be avoided.
-
Some admins may want a different default value for the
secretattribute. Having a setting to change this default, in combination with the new permission, would allow admins to completely disable secret or non-secret groups as they see fit.
If you update this PR, tag me here and I'll review the code.
@Hudell Thanks for finally coming back ;)
With respect to your concerns:
- We'll make sure the request can be sent multiple times so that the room owner can be more-or-less bugged ;)
- We'll add some settings whether private groups are considered secret or visible in the directory by default.
I'll check back with @vickyokrm and get back to you once we're done