Role user assign to registered users despite of Default Roles for Users settings #24148
Description
Description:
Some versions ago a very good setting was added to Admin UI - Account - Registration
It's a Default Roles for Users
As you can see on a screen we assign special restricted role invited-user to self registered users.
We are using secret URL and invite links to register external users.
In description of settings you see this:
Default roles (comma-separated) users will be given when registering through manual registration (including via API)
But in fact it's not true! Role user is added to registered user anyway!
I believe it's a bug! Because if I need that role user assigned to new registered user account I will set Default Roles for Users with that role.
As you can see, there is no role user in list, but anyway all new registered users get that user role for some strange reason.
Steps to reproduce:
- Setup registration via secret URL
- Setup restricted role to new registered users
- Setup only that role to
Default Roles for Userslist in Admin UI - Account - Registration - Try to register new user via invite link in any chat
- User get restricted role and
userrole
Expected behavior:
Role user should be added to new registered users only if it is set in Default Roles for Users setting of Admin UI - Account - Registration and should not be added if it's not in list of Default Roles for Users setting
Actual behavior:
Role user added to new registered users for some reason
Server Setup Information:
- Version of Rocket.Chat Server: 4.2.2
- Operating System: CentOS7
- Deployment Method: docker
- Number of Running Instances: 20
- DB Replicaset Oplog: Enabled
- NodeJS Version: 12.22.1
- MongoDB Version: 4.4.11
Client Setup Information
- Desktop App or Browser Version: 3.7.5
- Operating System: Windows 10
Additional context
We used our own patch in 3.x versions to remove that user role, but now on 4.x server version with our patch users gets an error on registration process
Here is a patch
Roles.removeUserRoles(userId, ['user']);
And here is an error:
{"level":50,"time":"2022-01-11T11:17:19.603Z","pid":10,"hostname":"27525ea62f59","name":"System","msg":"Exception while invoking method registerUser 'Cannot read property 'removeUserRoles' of undefined'"}
Relevant logs:
No