Rocket.chat: If an admin leaves a private group, it seems there is no way to reenter without asking another person to add them back

+1

What's the expected result?

On Fri, Jan 29, 2016, 11:28 PM Vitaly Barakov [email protected]
wrote:

+1

—
Reply to this email directly or view it on GitHub
https://github.com/RocketChat/Rocket.Chat/issues/2084#issuecomment-177073523
.

Well, two parts.

1) leaving channels/groups should have a confirmation dialog
2) admins should be able to see private groups even if they aren't in them.
(Or at least that's what seems logical)

-Brian
On Jan 30, 2016 3:07 PM, "Bradley Hilton" [email protected] wrote:

What's the expected result?

On Fri, Jan 29, 2016, 11:28 PM Vitaly Barakov [email protected]
wrote:

+1

—
Reply to this email directly or view it on GitHub
<
https://github.com/RocketChat/Rocket.Chat/issues/2084#issuecomment-177073523

.

—
Reply to this email directly or view it on GitHub
https://github.com/RocketChat/Rocket.Chat/issues/2084#issuecomment-177287864
.

@graywolf336 i mean i confirm this bug, so, there should be ability to view all private groups like open channels. e.g. by click button "more private channel" in bottom of pg

I ran into exactly this because of #2056 . The proposed solution by @bgupta sounds good to me.

The fix for @jasperla's issue was marvelous. Thank you making it clear (by the way, I've gone through that). But then again, I guess that wouldn't solve the confusing issue about setting a random admin in place of the previous one, right after he/she leaves the room (on his/her own).
Could we get something like Slack's no-admin policy for private groups (configurable, as it should be) or even WhatsApp's multiple admin feature for groups?

1) leaving channels/groups should have a confirmation dialog - DONE via https://github.com/RocketChat/Rocket.Chat/pull/2113

We should add the respective permission to the admin role, create the security checks, and amend the UI so admin can have a button to view/join private groups.

Do you guys think that admins should be able to see/join private groups? By design, we decided they wouldn't be possible to, but that's changeable, of course. @RocketChat/core what do you think?

I have mixed fellings about this..
If I was an admin, I would like to be able to see/join private groups.
But if I am just an user, I don't know if I like the idea of someone reading my messages on privates groups.

For the project, I think it should be possible (to an admin see/join private groups), also we should have a permission to allow others to do so.

I think that defeats the purpose of private groups... I think we should protect users privacy on this one.
Although I'm not convinced this is a good thing to have, I'd accept it if admins could not see the contents of the room prior to entering. This way, if they wanted to read the messages, they'd be announcing they joined (through system messages).

Shall we close this issue?

At the end of the day it will be very difficult to block a (sys)admin from seeing the details of something he manages. I like the confirmation dialog, as it does help, but at the end of the day, one needs to trust the admins, and they should have a way to deal with this. e.g. - I could see in some orgs where admins put people in their appropriate groups without being member of the groups themselves.

I think I am in agreement with @sampaiodiego and I'm ok with @marceloschmidt's suggestion that admins not being able to see the content of rooms, prior to entering.

We have decided to keep admins from getting into private groups (and direct messages). This issue solves the question about assigning a new room owner before the last owner leaves a room. Thanks @bgupta.

I create a private group as admin, and there is no other member in the group yet.
I leave the group, and how could I reenter the group.

@developerlaoz when you create a private group, the user who created it becomes owner. The owner cannot leave the group unless he/she sets another user as owner.

@developerlaoz did it work as @marceloschmidt explained?

Create a private group -> show the member list -> select owner (myself) -> delete from the group -> select confirm to delete the user.

Now I lost the group, and never enter it again.
And I can not create the private group with the same name again.

I use the Rocket.Chat+ app in mac installed from app store.

Got it. We have added the check on LEAVE room method, but forgot to add the same check on DELETE and REMOVE user methods.

@developerlaoz I have opened the issue https://github.com/RocketChat/Rocket.Chat/issues/3965 for that.

I got it, thanks and wait for the new release.

Is there any way to get my private group back?

@developerlaoz Do you have access to your DB?

What is the suggestion if I can access the DB?
Is there admin role to manage all the data in any management tool?

A super-admin (the guy who installed and manages RC) can always go to the DB and see the messages, so I guess everyone agrees that at this level privacy nonexistent, right?

All that said, the _admin can manage private groups_ use case is a legitimate one, and I also guess that the mixed opinions are because many RC admins are OS admins, and many are not (and I suppose some may not want to give superpowers to their RC admins).

But again, RC admin superpower is a legitimate use case, IMHO. My example: I am now an admin of a RC instance in which employees created a bunch of channels. Those persons left the company, and now nobody is able to add anyone to those channels anymore, not even me. We cannot see the messages that got exchanged either, and I cannot tell who created the channels at first place (a missing feature of desktop app?). To make things worst, another RC admin (mistakenly) have deleted some of those former employee accounts. Lastly, I cannot just delete and recreate the channels, because I want the content on them to be preserved.

Now to get a peek at the messages I need to go straight to the DB which, beside being a lot of work, defeats the purpose of privacy of all channels in my RC, including DMs.

Maybe one way to solve this would be to provide a server-level argument that tells the app that RC admin privacy enforcement should be turned off? Something like node main.js --no-admin-privacy?

I hate to leave your argument on a closed ticket unseen. Might be best posting on an open ticket or opening one requesting some sort of feature or permission to allow what you desire. There might be a request already open

I totally agree with flaviovs suggestions and we have similar problem, this issue should be re-opened or new one created

I have the same problem too. Sure I can go into the DB and try to understand the relations between the tables but that's like open heart surgery when the patient is awake.