diff --git a/apps/meteor/app/slashcommands-invite/server/server.ts b/apps/meteor/app/slashcommands-invite/server/server.ts index 62bd283351bf1..583a70a202be2 100644 --- a/apps/meteor/app/slashcommands-invite/server/server.ts +++ b/apps/meteor/app/slashcommands-invite/server/server.ts @@ -112,12 +112,15 @@ slashCommands.add({ ); } catch (e: unknown) { if (isMeteorError(e)) { - const details = Array.isArray(e.details) ? e.details.join(', ') : ''; - - void api.broadcast('notify.ephemeralMessage', userId, message.rid, { - msg: i18n.t(e.message, { lng: settings.get('Language') || 'en', details: `\`${details}\`` }), - }); - return; + if (e.error === 'error-only-compliant-users-can-be-added-to-abac-rooms') { + void api.broadcast('notify.ephemeralMessage', userId, message.rid, { + msg: i18n.t(e.error, { lng: settings.get('Language') || 'en' }), + }); + } else { + void api.broadcast('notify.ephemeralMessage', userId, message.rid, { + msg: i18n.t(e.message, { lng: settings.get('Language') || 'en' }), + }); + } } if (isStringError(e)) { diff --git a/apps/meteor/tests/end-to-end/api/abac.ts b/apps/meteor/tests/end-to-end/api/abac.ts index c82a1984234b4..4ca7233284761 100644 --- a/apps/meteor/tests/end-to-end/api/abac.ts +++ b/apps/meteor/tests/end-to-end/api/abac.ts @@ -1561,7 +1561,7 @@ const addAbacAttributesToUserDirectly = async (userId: string, abacAttributes: I .expect(400) .expect((res) => { expect(res.body).to.have.property('success', false); - expect(res.body).to.have.property('error').that.includes('error-usernames-not-matching-abac-attributes'); + expect(res.body).to.have.property('errorType', 'error-only-compliant-users-can-be-added-to-abac-rooms'); }); }); diff --git a/ee/packages/abac/src/errors.ts b/ee/packages/abac/src/errors.ts index 490ace6c9b7f1..0b7072c39b617 100644 --- a/ee/packages/abac/src/errors.ts +++ b/ee/packages/abac/src/errors.ts @@ -7,9 +7,9 @@ export enum AbacErrorCode { AttributeDefinitionNotFound = 'error-attribute-definition-not-found', RoomNotFound = 'error-room-not-found', CannotConvertDefaultRoomToAbac = 'error-cannot-convert-default-room-to-abac', - UsernamesNotMatchingAbacAttributes = 'error-usernames-not-matching-abac-attributes', AbacUnsupportedObjectType = 'error-abac-unsupported-object-type', AbacUnsupportedOperation = 'error-abac-unsupported-operation', + OnlyCompliantCanBeAddedToRoom = 'error-only-compliant-users-can-be-added-to-abac-rooms', } export class AbacError extends Error { @@ -85,3 +85,9 @@ export class AbacUnsupportedOperationError extends AbacError { super(AbacErrorCode.AbacUnsupportedOperation, details); } } + +export class OnlyCompliantCanBeAddedToRoomError extends AbacError { + constructor(details?: unknown) { + super(AbacErrorCode.OnlyCompliantCanBeAddedToRoom, details); + } +} diff --git a/ee/packages/abac/src/index.ts b/ee/packages/abac/src/index.ts index 0b58931ba8796..efa9988e5efb3 100644 --- a/ee/packages/abac/src/index.ts +++ b/ee/packages/abac/src/index.ts @@ -1,4 +1,4 @@ -import { MeteorError, Room, ServiceClass } from '@rocket.chat/core-services'; +import { Room, ServiceClass } from '@rocket.chat/core-services'; import type { AbacActor, IAbacService } from '@rocket.chat/core-services'; import { AbacAccessOperation, AbacObjectType } from '@rocket.chat/core-typings'; import type { @@ -25,6 +25,7 @@ import { AbacInvalidAttributeValuesError, AbacUnsupportedObjectTypeError, AbacUnsupportedOperationError, + OnlyCompliantCanBeAddedToRoomError, } from './errors'; import { getAbacRoom, @@ -480,11 +481,7 @@ export class AbacService extends ServiceClass implements IAbacService { const nonCompliantSet = new Set(nonCompliantUsersFromList); if (nonCompliantSet.size) { - throw new MeteorError( - 'error-usernames-not-matching-abac-attributes', - 'Some usernames do not comply with the ABAC attributes for the room', - Array.from(nonCompliantSet), - ); + throw new OnlyCompliantCanBeAddedToRoomError(); } usernames.forEach((username) => { diff --git a/ee/packages/abac/src/service.spec.ts b/ee/packages/abac/src/service.spec.ts index f80c00407bb37..8b7bc98bf414a 100644 --- a/ee/packages/abac/src/service.spec.ts +++ b/ee/packages/abac/src/service.spec.ts @@ -1076,7 +1076,7 @@ describe('AbacService (unit)', () => { ); }); - it('rejects with error-usernames-not-matching-abac-attributes and details for non-compliant users', async () => { + it('rejects with error-only-compliant-users-can-be-added-to-abac-rooms and details for non-compliant users', async () => { const usernames = ['alice', 'bob', 'charlie']; const nonCompliantDocs = [{ username: 'bob' }, { username: 'charlie' }]; mockUsersFind.mockImplementationOnce(() => ({ @@ -1086,9 +1086,7 @@ describe('AbacService (unit)', () => { })); await expect(service.checkUsernamesMatchAttributes(usernames, attributes as any, 'objectId')).rejects.toMatchObject({ - error: 'error-usernames-not-matching-abac-attributes', - message: expect.stringContaining('[error-usernames-not-matching-abac-attributes]'), - details: expect.arrayContaining(['bob', 'charlie']), + code: 'error-only-compliant-users-can-be-added-to-abac-rooms', }); }); @@ -1119,7 +1117,7 @@ describe('AbacService (unit)', () => { })); await expect(service.checkUsernamesMatchAttributes(usernames, attributes as any, 'objectId')).rejects.toMatchObject({ - error: 'error-usernames-not-matching-abac-attributes', + code: 'error-only-compliant-users-can-be-added-to-abac-rooms', }); expect(mockCreateAuditServerEvent).not.toHaveBeenCalled(); diff --git a/packages/i18n/src/locales/en.i18n.json b/packages/i18n/src/locales/en.i18n.json index 78586f4751c82..e21297e696e6f 100644 --- a/packages/i18n/src/locales/en.i18n.json +++ b/packages/i18n/src/locales/en.i18n.json @@ -6352,6 +6352,7 @@ "error-not-authorized": "Not authorized", "error-not-authorized-federation": "Not authorized to access federation", "error-office-hours-are-closed": "The office hours are closed.", + "error-only-compliant-users-can-be-added-to-abac-rooms": "Only compliant users can be added to ABAC rooms.", "error-password-in-history": "Entered password has been previously used", "error-password-policy-not-met": "Password does not meet the server's policy", "error-password-policy-not-met-maxLength": "Password does not meet the server's policy of maximum length (password too long)", @@ -6378,6 +6379,7 @@ "error-room-is-not-closed": "Room is not closed", "error-room-not-on-hold": "Error! Room is not On Hold", "error-room-onHold": "Error! Room is On Hold", + "error-room-is-abac-managed": "This room is ABAC managed and new users cannot be added", "error-adding-monitor": "Error adding monitor", "error-saving-sla": "An error ocurred while saving the SLA", "error-selected-agent-room-agent-are-same": "The selected agent and the room agent are the same",