fix: add permission check

4 months ago · 874a6e6e21
parent 25ccc7fd97
commit 874a6e6e21
3 changed files with 37 additions and 13 deletions
--- a/internal/rpc/msg/send.go
+++ b/internal/rpc/msg/send.go
@ -176,13 +176,7 @@ func (m *msgServer) sendMsgSingleChat(ctx context.Context, req *pbmsg.SendMsgReq
 	isSend := true
 	isNotification := msgprocessor.IsNotificationByMsg(req.MsgData)
 	if !isNotification {
-		isSend, err = m.modifyMessageByUserMessageReceiveOpt(
+		isSend, err = m.modifyMessageByUserMessageReceiveOpt(authverify.WithTempAdmin(ctx), req.MsgData.RecvID, conversationutil.GenConversationIDForSingle(req.MsgData.SendID, req.MsgData.RecvID), constant.SingleChatType, req)
 			ctx,
 			req.MsgData.RecvID,
 			conversationutil.GenConversationIDForSingle(req.MsgData.SendID, req.MsgData.RecvID),
 			constant.SingleChatType,
 			req,
 		)
 		if err != nil {
 			return nil, err
 		}
--- a/pkg/authverify/token.go
+++ b/pkg/authverify/token.go
@ -64,15 +64,14 @@ func GetIMAdminUserIDs(ctx context.Context) []string {
 }
 func IsAdmin(ctx context.Context) bool {
-	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
+	return IsTempAdmin(ctx) || IsSystemAdmin(ctx)
 }
 func CheckAccess(ctx context.Context, ownerUserID string) error {
-	opUserID := mcontext.GetOpUserID(ctx)
+	if mcontext.GetOpUserID(ctx) == ownerUserID {
 	if opUserID == ownerUserID {
 		return nil
 	}
-	if datautil.Contain(opUserID, GetIMAdminUserIDs(ctx)...) {
+	if IsAdmin(ctx) {
 		return nil
 	}
 	return servererrs.ErrNoPermission.WrapMsg("ownerUserID", ownerUserID)
@ -85,8 +84,37 @@ func CheckAccessIn(ctx context.Context, ownerUserIDs ...string) error {
 			return nil
 		}
 	}
-	if datautil.Contain(opUserID, GetIMAdminUserIDs(ctx)...) {
+	if IsAdmin(ctx) {
 		return nil
 	}
 	return servererrs.ErrNoPermission.WrapMsg("opUser in ownerUserIDs")
 }
 var tempAdminValue = []string{"1"}
 const ctxTempAdminKey = "ctxImTempAdminKey"
 func WithTempAdmin(ctx context.Context) context.Context {
 	keys, _ := ctx.Value(constant.RpcCustomHeader).([]string)
 	if datautil.Contain(ctxTempAdminKey, keys...) {
 		return ctx
 	}
 	if len(keys) > 0 {
 		temp := make([]string, 0, len(keys)+1)
 		temp = append(temp, keys...)
 		keys = append(temp, ctxTempAdminKey)
 	} else {
 		keys = []string{ctxTempAdminKey}
 	}
 	ctx = context.WithValue(ctx, constant.RpcCustomHeader, keys)
 	return context.WithValue(ctx, ctxTempAdminKey, tempAdminValue)
 }
 func IsTempAdmin(ctx context.Context) bool {
 	values, _ := ctx.Value(ctxTempAdminKey).([]string)
 	return datautil.Equal(tempAdminValue, values)
 }
 func IsSystemAdmin(ctx context.Context) bool {
 	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
 }
--- a/pkg/tools/batcher/batcher.go
+++ b/pkg/tools/batcher/batcher.go
@ -7,6 +7,7 @@ import (
 	"sync"
 	"time"
 	"github.com/openimsdk/open-im-server/v3/pkg/authverify"
 	"github.com/openimsdk/tools/errs"
 	"github.com/openimsdk/tools/utils/idutil"
 )
@ -253,13 +254,14 @@ func (b *Batcher[T]) distributeMessage(messages map[string][]*T, totalCount int,
 func (b *Batcher[T]) run(channelID int, ch <-chan *Msg[T]) {
 	defer b.wait.Done()
 	ctx := authverify.WithTempAdmin(context.Background())
 	for {
 		select {
 		case messages, ok := <-ch:
 			if !ok {
 				return
 			}
-			b.Do(context.Background(), channelID, messages)
+			b.Do(ctx, channelID, messages)
 			if b.config.syncWait {
 				b.counter.Done()
 			}