Loading CHANGELOG.md +1 −0 Original line number Diff line number Diff line Loading @@ -14,6 +14,7 @@ The format is based on [keep a changelog](http://keepachangelog.com) and this pr ### Fixed - Consistent validation of override operator in runtime leaderboard record writes. - Correctly filter open/closed groups in the listing API. - Ensure direct message channel message listing is correctly scoped to participants only. ## [3.15.0] - 2023-01-04 ### Added Loading server/api_channel.go +3 −1 Original line number Diff line number Diff line Loading @@ -16,10 +16,10 @@ package server import ( "context" "github.com/heroiclabs/nakama-common/runtime" "github.com/gofrs/uuid" "github.com/heroiclabs/nakama-common/api" "github.com/heroiclabs/nakama-common/runtime" "go.uber.org/zap" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" Loading Loading @@ -78,6 +78,8 @@ func (s *ApiServer) ListChannelMessages(ctx context.Context, in *api.ListChannel return nil, status.Error(codes.InvalidArgument, "Cursor is invalid or expired.") } else if err == runtime.ErrChannelGroupNotFound { return nil, status.Error(codes.InvalidArgument, "Group not found.") } else if err == runtime.ErrChannelIDInvalid { return nil, status.Error(codes.InvalidArgument, "Channel not found.") } else if err != nil { return nil, status.Error(codes.Internal, "Error listing messages from channel.") } Loading server/core_channel.go +21 −8 Original line number Diff line number Diff line Loading @@ -89,8 +89,11 @@ func ChannelMessagesList(ctx context.Context, logger *zap.Logger, db *sql.DB, ca } } // Check channel permissions for non-authoritative calls. if caller != uuid.Nil { switch stream.Mode { case StreamModeGroup: // If it's a group, check membership. if caller != uuid.Nil && stream.Mode == StreamModeGroup { allowed, err := groupCheckUserPermission(ctx, logger, db, stream.Subject, caller, 2) if err != nil { return nil, err Loading @@ -98,6 +101,16 @@ func ChannelMessagesList(ctx context.Context, logger *zap.Logger, db *sql.DB, ca if !allowed { return nil, runtime.ErrChannelGroupNotFound } case StreamModeDM: // If it's a DM chat, check that the user is one of the chat participants. if stream.Subject != caller && stream.Subcontext != caller { return nil, runtime.ErrChannelIDInvalid } case StreamModeChannel: fallthrough default: // No } } query := `SELECT id, code, sender_id, username, content, create_time, update_time FROM message Loading Loading
CHANGELOG.md +1 −0 Original line number Diff line number Diff line Loading @@ -14,6 +14,7 @@ The format is based on [keep a changelog](http://keepachangelog.com) and this pr ### Fixed - Consistent validation of override operator in runtime leaderboard record writes. - Correctly filter open/closed groups in the listing API. - Ensure direct message channel message listing is correctly scoped to participants only. ## [3.15.0] - 2023-01-04 ### Added Loading
server/api_channel.go +3 −1 Original line number Diff line number Diff line Loading @@ -16,10 +16,10 @@ package server import ( "context" "github.com/heroiclabs/nakama-common/runtime" "github.com/gofrs/uuid" "github.com/heroiclabs/nakama-common/api" "github.com/heroiclabs/nakama-common/runtime" "go.uber.org/zap" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" Loading Loading @@ -78,6 +78,8 @@ func (s *ApiServer) ListChannelMessages(ctx context.Context, in *api.ListChannel return nil, status.Error(codes.InvalidArgument, "Cursor is invalid or expired.") } else if err == runtime.ErrChannelGroupNotFound { return nil, status.Error(codes.InvalidArgument, "Group not found.") } else if err == runtime.ErrChannelIDInvalid { return nil, status.Error(codes.InvalidArgument, "Channel not found.") } else if err != nil { return nil, status.Error(codes.Internal, "Error listing messages from channel.") } Loading
server/core_channel.go +21 −8 Original line number Diff line number Diff line Loading @@ -89,8 +89,11 @@ func ChannelMessagesList(ctx context.Context, logger *zap.Logger, db *sql.DB, ca } } // Check channel permissions for non-authoritative calls. if caller != uuid.Nil { switch stream.Mode { case StreamModeGroup: // If it's a group, check membership. if caller != uuid.Nil && stream.Mode == StreamModeGroup { allowed, err := groupCheckUserPermission(ctx, logger, db, stream.Subject, caller, 2) if err != nil { return nil, err Loading @@ -98,6 +101,16 @@ func ChannelMessagesList(ctx context.Context, logger *zap.Logger, db *sql.DB, ca if !allowed { return nil, runtime.ErrChannelGroupNotFound } case StreamModeDM: // If it's a DM chat, check that the user is one of the chat participants. if stream.Subject != caller && stream.Subcontext != caller { return nil, runtime.ErrChannelIDInvalid } case StreamModeChannel: fallthrough default: // No } } query := `SELECT id, code, sender_id, username, content, create_time, update_time FROM message Loading
