-
Notifications
You must be signed in to change notification settings - Fork 10.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
limit autocompleting names in private channels to those in the channel #2588
Comments
@sinteur I hadn't thought of this use case. Good one though. Also you can't invite on mention... so there really isn't a need to mention anyone outside the channel. |
there is.. if you want to say: talk to @sampaiodiego |
That's my point. It shouldn't. See use case I mentioned |
I agree It should not leak (not send a alert to the person), but the autocomplete should still work. |
leaking is often unintended and not the the person mentioned, but to the other customers in the channel. suppose I am talking to several bankers and I accidentally autocomplete @bankerjoker when I meant to autocomplete @bankerjones - where bankerjoker is a competitor and bankerjones who IS in the current channel should not know that. |
if a user have access to a private channel, he'll have access to any person on the chat.. am I wrong? |
Again: auto complete makes me leak info about people who are NOT in the channel TO the people who ARE. |
but everyone in the channel can talk to anyone in the server. there is no such limitation. |
How, if they don't know the other person is on the server? And if the CAN know, they shouldn't or RocketChat is unusable as a way to talk to customers |
OK, this is a specific use case. We should create a special type of users, like "guests" that have much more limited permissions, so that they cannot mention anyone outside their channels. |
It's not the guests who make the auto-complete error.... |
So you want a special setting on rooms so no member is allowed to mention non members? |
Well - at least leave them out of the autocomplete - if that only works by forbidding the entire @name string, I will live with that. And even better if I can make that the default |
We have discussed, and will work on that in the next week or two. |
+1 |
+1 |
1 similar comment
+1 |
+1 |
Yes, guys. It's very usefull also for our team. |
do you know when will it be released ? (approximatly) |
@engelgabriel said:
IMHO, no. The current behavior makes no sense to me for private channels. Currently, I'm in a private channel with 4 users and only one of their names starts with |
You're looking at this from the user point of view. Look at it from a channel point of view. If you ONLY create these permissions, somebody with permission 2 can still accidentally leak info in a private channel. In a private channel 3 should be the default (and since @ALL means all in channel that would be allowed too) and in public channels somebody might have an extra privilege which would include 2 |
If the 3rd option really is automatically applied for private channels, then yes, this would make things work more how I think most people would expect. However, one should not have to edit channel settings or user roles to achieve this. |
Same thing, there are 6 of us in a private channel, all our usernames starts with the same prefix (for the company name) and we just keep HL-ing people out of the channel for no reason. I think it would make a lot more sense, at least in private channels, to only auto-complete on people who have access rights to join, or something like that. |
Is anything going on here? |
I have observed some pull requests for things similar to this - but nothing directly yet. We are still on 0.38.0 due to security concerns by not having this feature. Lots of unprivileged users (commission work) we don't want to get access to the name of everyone on the chat system - just direct message to our employees who manage them. Really need this feature added! |
+1 |
This issue was solved by PR #7830 so I'll close the issue, if anyone has opinions or any problem with the implementation, please open a new issue. |
When you're in a private channel and start to type @name... it attempts to autocomplete, but it will include names of people NOT in the channel. If you're using private channels for conversations with customers, this leaks info on other customers (or employees)
The text was updated successfully, but these errors were encountered: