Skip to main content

· One min read
moonrailgun

Because of new version of group permission, all group user which create group before cannot view panel because of lost view panel permission.

To batch update all group permission, you may need this script below.

Go into mongodb bash, you can use script in bash like its operation: docker exec -it <your-mongodb-container-name> mongo

switch to tailchat db

use tailchat

update all group and append core.viewPanel permission to all group

db.groups.updateMany({}, { $addToSet: { fallbackPermissions: "core.viewPanel" } })

· 3 min read
moonrailgun

Feature updates

Add panel-level permission control management

A panel field has been added to the permission registration. When this field is set and matched to a certain panel type, the permission will be displayed in the advanced permission control.

Permission design is based on whitelist form. This means that he will inherit the group's permissions.

Example one:

  • This role in the group has the [Send Message] permission
  • This role does not have the [Send Message] permission in the panel
  • Finally, this character has the [Send Message] permission in all text panels

Example two:

  • This role in the group does not have the [Send Message] permission
  • This role has the [Send Message] permission in the panel
  • In the end, this role only has the [Send Message] permission in the panels with permissions set above, and does not have the permission to send messages in other panels.

Q: Why does tailchat use the union of panel permissions and group permissions instead of permission override?

A: Because compared to many fixed-design applications, Tailchat needs to consider the design of the plug-in. The plug-in can register customized permissions, and these permissions are uncontrolled. Only by allowing users to develop the habit of whitelisting permission management during their operations and actual use will the permissions not be out of control when new plug-ins are added. In addition, the behavior of overwriting is more unpredictable because it will overwrite each other.

An example is, if we want users to have no permissions in a certain panel, but have permissions in other panels, then the most convenient way is to set the group scope to have permissions, but the panels have no permissions. The lack of permissions on the panel will override the permission design of the group. But there is a difference here. We don’t know whether the user expects to have permissions by default or not by default. But currently he has permissions except for a certain panel. The difference between the two is that when a new panel is added, whether he expects to have permissions or not. permission denied. Tailchat wants to eliminate the mental coverage and understanding costs that the difference between the two situations brings to users, so it chose the most conservative way to design the permission system.

Other updates

  • Fixed a possible xss attack because we allowed iframes to pass in srcdom, which could inject inline style code.

· One min read
moonrailgun

Feature update

Markdown editor adds the function of uploading images

You can now paste images via the clipboard or upload image files by clicking the image icon on the toolbar.

Add online status in user popup window

Now, you can check the user's online status in the pop-up box

Other updates

  • MarkdownRender supports native html syntax
  • admin: user search supports nickname fuzzy search
  • Add private message list to allow deletion of conversations
  • Fixed the issue where uploaded svg cannot be rendered directly in preview due to lack of type header
  • Fixed the issue of losing extension after compressing images
  • Optimize small size image display
  • Markdown editor adds dark mode adaptation

· One min read
moonrailgun

Feature update

Open platform application management enhancement

  • Added the viewing and modification of application name, description and avatar
  • Added the feature of returning to the application list
  • Added delete app feature

Other Updates

  • admin add file delete action, also delete minio files and allow fuzzy matching by objectName
  • OAuth adds display support for custom open platform avatars
  • The optimization algorithm complements the missing offline icons in the static analysis
  • Fixed the bug that the add friend button was still displayed when the DISABLE_ADD_FRIEND function was turned on
  • Fixed the problem that the button to jump to the tab without adding friends is incorrect
  • Fixed the problem that the icon flickered after modifying the user settings
  • Fix the bug that in some cases the user settings cache is lost, resulting in the loss of the past configuration of the user's modified data
  • The open platform fixes the error caused by the avatar parsing problem
  • Optimized group drag and drop sorting logic, added Y-axis lock

· 2 min read
moonrailgun

Feature update

Added the ability to create converse from groups

In the user avatar pop-up layer in the group conversation, a button to quickly start the conversation is added, which can conveniently send private messages to the users in the group.

If the group manager does not want group members to initiate private messages, they can actively close it in the group settings.

Other Updates

  • Add refresh operation to admin message list
  • Fix the risk of unauthorized message sending #143
    • Added all session permissions for plugin bots (not open platform bots)
  • Fixed the problem that the receiving message taskbar could not flash on the desktop
  • Fixed an issue where the logo flickered when hovering over the group list with a scroll bar
  • Fix the problem that the danger button color is wrong in light mode
  • Fix the problem that the cache key of userSetting is incorrect
  • Fixed the problem that you can still use the input box on the right in the chat box after being banned
  • For some high-frequency requests (parts with front-end cache before), a persistent cache is added to reduce the impact of front-end cache invalidation caused by frequent page refreshes on back-end services
  • Optimize the display strategy of user avatars in the admin background, and remove problems caused by null/undefined
  • Optimize the size of the feature bar icon on the homepage of the official website, the current volume is about 1/3 of the original
  • Increase the database index and optimize the request time consumption of the fetchConverseMessage operation in the case of a large amount of data
  • Optimize the update group configuration interaction under low-speed network
  • Optimize the entry file size of the sentry plugin to reduce the time spent on first loading