From 8b4ca3034c23adca5f2de094cb9e19b249595e75 Mon Sep 17 00:00:00 2001
From: Reid Wakida <reid.m.wakida@saic.com>
Date: Fri, 7 Aug 2015 18:11:59 -1000
Subject: [PATCH] Fixed sscpac/chat-locker#13.  Error thrown for unncessary
 reason.

- Modify serverside method to not check if user is logged in.  Method
  does not return sensitive information, and does not depend on the
  current user.
- Add permissionIds isn't undefined/null check to serverside method.
- Move security banner logic, display to its own template.  Helps to
  separate RocketChat and chat-locker code.  Makes banner modular and
  reuseable.
- banner is reactively dependent on Session's roomData+roomId.  access
  permission changes will propagate to new security banner template.
---
 client/views/app/room.coffee            | 30 ++++---------------------
 client/views/app/room.html              |  6 +----
 client/views/app/securityBanner.coffee  | 20 +++++++++++++++++
 client/views/app/securityBanner.html    |  7 ++++++
 server/methods/getSecurityBanner.coffee |  4 ++--
 5 files changed, 34 insertions(+), 33 deletions(-)
 create mode 100644 client/views/app/securityBanner.coffee
 create mode 100644 client/views/app/securityBanner.html

diff --git a/client/views/app/room.coffee b/client/views/app/room.coffee
index b5fd184c4139..6cbf6ca757d1 100644
--- a/client/views/app/room.coffee
+++ b/client/views/app/room.coffee
@@ -270,7 +270,7 @@ Template.room.helpers
 	noRtcLayout: ->
 		return (!Session.get('rtcLayoutmode') || (Session.get('rtcLayoutmode') == 0) ? true: false);
 
-	bannerData: ->
+	permissions: ->
 		# The data context only contains the room id. one way to get the banner data is to just pass
 		# this id to a server-side method and let it look up the room details (such as permissions)
 		# and then return the banner info.
@@ -281,18 +281,9 @@ Template.room.helpers
 		# this is to make "bannerData" itself reactive by having it depend directly on the room data.
 		# Then, since that data gets synchronized with the server, the template will be reprocessed
 		# when the data changes.
-		accessPermissions = ChatRoom.findOne(this._id)?.accessPermissions || []
-		Template.instance().updateBannerData(accessPermissions)
-		return Template.instance().bannerData
-
-	# For helpers "classificationId" and "securityBannerText", "this" refers to what is returned
-	# from "bannerData"
-	classificationId: ->
-		return this.get 'classificationId'
-
-	securityBannerText: ->
-		return this.get 'text'
-		
+		roomData = Session.get('roomData' + this._id)
+		return roomData?.accessPermissions
+
 	maxMessageLength: ->
 		return RocketChat.settings.get('Message_MaxAllowedSize')
 
@@ -590,19 +581,6 @@ Template.room.onCreated ->
 	this.showUsersOffline = new ReactiveVar false
 	this.atBottom = true
 
-	this.bannerData = new ReactiveDict
-	this.bannerData.set 'text', 'Unknown'
-	this.bannerData.set 'classificationId', 'U'
-
-	this.updateBannerData = (accessPermissions) ->
-		Meteor.call 'getSecurityBanner', accessPermissions, (error, result) ->
-			if error
-				toastr.error error.reason
-			else
-				self.bannerData.set 'text', result.text
-				self.bannerData.set 'classificationId', result.classificationId
-
-
 Template.room.onRendered ->
 	FlexTab.check()
 	this.chatMessages = new ChatMessages
diff --git a/client/views/app/room.html b/client/views/app/room.html
index ae9c8bf3e43c..1a11845ced24 100644
--- a/client/views/app/room.html
+++ b/client/views/app/room.html
@@ -20,11 +20,7 @@ <h2>
 					{{/if}}
 				</h2>
 			</header>
-				{{#with bannerData}}
-				<div class="security-banner {{classificationId}}">
-					{{securityBannerText}}
-				</div>
-				{{/with}}
+			{{> securityBanner permissions=permissions }}
 			<div class="messages-box">
 				<div class="wrapper">
 					<ul>
diff --git a/client/views/app/securityBanner.coffee b/client/views/app/securityBanner.coffee
new file mode 100644
index 000000000000..6bce7c11e0f9
--- /dev/null
+++ b/client/views/app/securityBanner.coffee
@@ -0,0 +1,20 @@
+Template.securityBanner.helpers
+	bannerData: -> 
+		Template.instance().updateBannerData(this.permissions)
+		return Template.instance().bannerData.get()
+
+
+Template.securityBanner.onCreated ->
+	self = this
+	this.bannerData = new ReactiveVar {text:'Unknown', classificationId : 'U'}
+
+	this.updateBannerData = (accessPermissions) ->
+		# ignore undefined/null
+		unless accessPermissions
+			return
+
+		Meteor.call 'getSecurityBanner', accessPermissions, (error, result) ->
+			if error
+				console.error error.reason
+			else
+				self.bannerData.set result
\ No newline at end of file
diff --git a/client/views/app/securityBanner.html b/client/views/app/securityBanner.html
new file mode 100644
index 000000000000..33d8437c5272
--- /dev/null
+++ b/client/views/app/securityBanner.html
@@ -0,0 +1,7 @@
+<template name="securityBanner">
+	{{#with bannerData}}
+	<div class="security-banner {{classificationId}}">
+		{{text}}
+	</div>
+	{{/with}}
+</template>
diff --git a/server/methods/getSecurityBanner.coffee b/server/methods/getSecurityBanner.coffee
index 52bfe898375f..d99836d9d6cb 100644
--- a/server/methods/getSecurityBanner.coffee
+++ b/server/methods/getSecurityBanner.coffee
@@ -1,7 +1,7 @@
 Meteor.methods
 	getSecurityBanner: (permissionIds) ->
-		if not Meteor.userId()
-			throw new Meteor.Error('invalid-user', "[methods] getSecurityBanner -> Invalid user")
+		if not permissionIds
+			throw new Meteor.Error('invalid-argument', "No permission ids specified")
 
 		banner = {}