Merge pull request #403 from matrix-org/hs/allow-private-channels

Allow bridging of private channels via the provisioner
matrix-org · May 11, 2020 · 6021ee5 · 6021ee5
2 parents 7a56c1b + 6b0b37a
commit 6021ee5
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 12 deletions.
diff --git a/changelog.d/403.bugfix b/changelog.d/403.bugfix
@@ -0,0 +1 @@
+Allow bridging to private channels via the provisioner
diff --git a/config/config.sample.yaml b/config/config.sample.yaml
@@ -104,6 +104,8 @@ provisioning:
   enabled: true
   # Should the bridge deny users bridging channels to private rooms.
   require_public_room: true
+  # Should the bridge allow usesr to bridge private channels.
+  allow_private_channels: true
   limits:
     room_count: 20
     team_count: 1

diff --git a/config/slack-config-schema.yaml b/config/slack-config-schema.yaml
@@ -112,6 +112,8 @@ properties:
         type: boolean
       require_public_room:
         type: boolean
+      allow_private_channels:
+        type: boolean
       limits:
         type: object
         properties:

diff --git a/src/IConfig.ts b/src/IConfig.ts
@@ -83,6 +83,7 @@ export interface IConfig {
     provisioning?: {
         enable: boolean;
         require_public_room?: boolean;
+        allow_private_channels?: boolean;
         limits?: {
             team_count?: number;
             room_count?: number;

diff --git a/src/Provisioning.ts b/src/Provisioning.ts
@@ -87,6 +87,21 @@ export class Provisioner {
         return (currentCount >= this.main.config.provisioning?.limits?.room_count);
     }
 
+    private async determineSlackIdForRequest(matrixUserId, teamId) {
+        const matrixUser = await this.main.datastore.getMatrixUser(matrixUserId);
+        if (!matrixUser) {
+            // No Slack user entry found for MXID
+            return null;
+        }
+        const accounts: {[userId: string]: {team_id: string}} = matrixUser.get("accounts");
+        for (const [key, value] of Object.entries(accounts)) {
+            if (value.team_id === teamId) {
+                return key;
+            }
+        }
+        return null;
+    }
+
     @command()
     private async getconfig(_, res) {
         const hasRoomLimit = this.main.config.provisioning?.limits?.room_count;
@@ -150,25 +165,26 @@ export class Provisioner {
     @command("user_id", "team_id")
     private async channels(req, res, userId, teamId) {
         log.debug(`${userId} for ${teamId} requested their channels`);
-        const matrixUser = await this.main.datastore.getMatrixUser(userId);
-        const isAllowed = matrixUser !== null &&
-            Object.values(matrixUser.get("accounts") as {[key: string]: {team_id: string}}).find((acct) =>
-                acct.team_id === teamId,
-            );
-        if (!isAllowed) {
-            res.status(HTTP_CODES.CLIENT_ERROR).json({error: "User is not part of this team!"});
-            throw undefined;
+        const slackUserId = await this.determineSlackIdForRequest(userId, teamId);
+        if (!slackUserId) {
+            return res.status(HTTP_CODES.CLIENT_ERROR).json({error: "User is not part of this team!"});
         }
         const team = await this.main.datastore.getTeam(teamId);
         if (team === null) {
             throw Error("No team token for this team_id");
         }
         const cli = await this.main.clientFactory.getTeamClient(teamId);
         try {
-            const response = (await cli.conversations.list({
+            let types = "public_channel";
+            // Unless we *explicity* set this to false, allow it.
+            if (this.main.config.provisioning?.allow_private_channels !== false) {
+                types = `public_channel,private_channel`;
+            }
+            const response = (await cli.users.list({
                 exclude_archived: true,
                 limit: 1000, // TODO: Pagination
-                types: "public_channel", // TODO: In order to show private channels, we need the identity of the caller.
+                user: slackUserId,  // In order to show private channels, we need the identity of the caller.
+                types,
             })) as ConversationsListResponse;
             if (!response.ok) {
                 throw Error(response.error);

diff --git a/src/datastore/postgres/PgDatastore.ts b/src/datastore/postgres/PgDatastore.ts
@@ -47,15 +47,15 @@ export class PgDatastore implements Datastore {
         });
     }
 
-    public async getUser(id: string): Promise<UserEntry | null> {
+    public async getUser(id: string): Promise<UserEntry|null> {
         const dbEntry = await this.postgresDb.oneOrNone("SELECT * FROM users WHERE userId = ${id}", { id });
         if (!dbEntry) {
             return null;
         }
         return JSON.parse(dbEntry.json);
     }
 
-    public async getMatrixUser(userId: string): Promise<MatrixUser|undefined> {
+    public async getMatrixUser(userId: string): Promise<MatrixUser|null> {
         userId = new MatrixUser(userId).getId(); // Ensure ID correctness
         const userData = await this.getUser(userId);
         return userData !== null ? new MatrixUser(userId, userData) : null;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Allow bridging to private channels via the provisioner