DM creation blocked for non-admin workspace members (channel.create gate too strict) #30

New issue

Closed

opened 2026-04-27 17:01:45 +00:00 by sameh-farouk · 0 comments

sameh-farouk commented

2026-04-27 17:01:45 +00:00

Member

Symptom

Non-admin workspace members can't start DMs. Clicking another user in the DM picker surfaces:

Error: caller '<id>' lacks permission for 'channel.create'
    at rpc (chat-app.js:382)
    at async startDm (chat-app.js:3321)

Reproduced as viewer_test@example.com (workspace 1 member, no admin rights) trying to DM sameh.

Root cause

channel.create routes every kind through permissions::check_permission("channel.create", ...), which requires channel_manage or workspace_admin. That admin gate is correct for workspace-level public/private channels but wrong for DM/group_dm — Slack-parity says any workspace member can DM any other.

Surfaced in

#10 dogfooding thread while testing viewer_test's ability to start a DM with the canvas owner.

Fix in

PR linked below.

### Symptom Non-admin workspace members can't start DMs. Clicking another user in the DM picker surfaces: ``` Error: caller '<id>' lacks permission for 'channel.create' at rpc (chat-app.js:382) at async startDm (chat-app.js:3321) ``` Reproduced as `viewer_test@example.com` (workspace 1 member, no admin rights) trying to DM `sameh`. ### Root cause `channel.create` routes every kind through `permissions::check_permission("channel.create", ...)`, which requires `channel_manage` or `workspace_admin`. That admin gate is correct for workspace-level public/private channels but wrong for DM/group_dm — Slack-parity says any workspace member can DM any other. ### Surfaced in [#10 dogfooding thread](https://forge.ourworld.tf/lhumina_code/hero_collab/issues/10) while testing `viewer_test`'s ability to start a DM with the canvas owner. ### Fix in PR linked below.