Prevent deleting messages of subscribed-only channels

2023-07-27 15:23:56 +02:00
parent 44df964f6f
commit 308361a834
3 changed files with 13 additions and 1 deletions
--- a/scnserver/api/handler/apiMessage.go
+++ b/scnserver/api/handler/apiMessage.go
@@ -266,7 +266,7 @@ func (h APIHandler) DeleteMessage(g *gin.Context) ginresp.HTTPResponse {
 		return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to query message", err)
 	}

-	if !ctx.CheckPermissionMessageRead(msg) {
+	if !ctx.CheckPermissionMessageDelete(msg) {
 		return ginresp.APIError(g, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil)
 	}