Check if recipient is actually able to receive messages.

2024-02-02 02:07:29 +00:00 · 2024-02-02 02:07:29 +00:00 · 8ef11afe02
commit 8ef11afe02
parent cca016ba10
2 changed files with 27 additions and 3 deletions
--- a/src/Messages/MessagesRoutes.php
+++ b/src/Messages/MessagesRoutes.php
@ -10,8 +10,9 @@ use Syokuhou\IConfig;
 use Misuzu\{CSRF,Pagination,Perm,Template};
 use Misuzu\Auth\AuthInfo;
 use Misuzu\Parsers\Parser;
+use Misuzu\Perms\Permissions;
 use Misuzu\URLs\{URLInfo,URLRegistry};
-use Misuzu\Users\UsersContext;
+use Misuzu\Users\{UsersContext,UserInfo};

 class MessagesRoutes extends RouteHandler {
    public const FOLDER_META = [
@ -26,7 +27,8 @@ class MessagesRoutes extends RouteHandler {
        private URLRegistry $urls,
        private AuthInfo $authInfo,
        private MessagesContext $msgsCtx,
-        private UsersContext $usersCtx
+        private UsersContext $usersCtx,
+        private Permissions $perms
    ) {}

    private bool $canSendMessages;
@ -248,6 +250,19 @@ class MessagesRoutes extends RouteHandler {
        ]);
    }

+    private function checkCanReceiveMessages(UserInfo|string $userInfo): ?array {
+        $globalPerms = $this->perms->getPermissions('global', $userInfo);
+        if(!$globalPerms->check(Perm::G_MESSAGES_VIEW))
+            return [
+                'error' => [
+                    'name' => 'msgs:recipient_cannot_recv',
+                    'text' => 'This person is not allowed to receive messages.',
+                ],
+            ];
+
+        return null;
+    }
+
    private function checkMessageFields(string $title, string $body, int $parser): ?array {
        if(!Parser::isValid($parser))
            return [
@ -349,6 +364,10 @@ class MessagesRoutes extends RouteHandler {
            ];
        }

+        $error = $this->checkCanReceiveMessages($recipientInfo);
+        if($error !== null)
+            return $error;
+
        $replyToInfo = null;
        if(!empty($replyTo)) {
            try {
@ -463,6 +482,10 @@ class MessagesRoutes extends RouteHandler {
                ],
            ];

+        $error = $this->checkCanReceiveMessages($messageInfo->getRecipientId());
+        if($error !== null)
+            return $error;
+
        $sentAt = $draft ? null : time();

        $msgsDb->updateMessage(
--- a/src/MisuzuContext.php
+++ b/src/MisuzuContext.php
@ -248,7 +248,8 @@ class MisuzuContext {
            $this->urls,
            $this->authInfo,
            $this->messagesCtx,
-            $this->usersCtx
+            $this->usersCtx,
+            $this->perms
        ));

        $routingCtx->register(new \Misuzu\Changelog\ChangelogRoutes(