From 8ef11afe02ef4be051b11171d483d89d48160cf9 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 2 Feb 2024 02:07:29 +0000
Subject: [PATCH] Check if recipient is actually able to receive messages.

---
 src/Messages/MessagesRoutes.php | 27 +++++++++++++++++++++++++--
 src/MisuzuContext.php           |  3 ++-
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/src/Messages/MessagesRoutes.php b/src/Messages/MessagesRoutes.php
index 1c6a02d..6938bc7 100644
--- a/src/Messages/MessagesRoutes.php
+++ b/src/Messages/MessagesRoutes.php
@@ -10,8 +10,9 @@ use Syokuhou\IConfig;
 use Misuzu\{CSRF,Pagination,Perm,Template};
 use Misuzu\Auth\AuthInfo;
 use Misuzu\Parsers\Parser;
+use Misuzu\Perms\Permissions;
 use Misuzu\URLs\{URLInfo,URLRegistry};
-use Misuzu\Users\UsersContext;
+use Misuzu\Users\{UsersContext,UserInfo};
 
 class MessagesRoutes extends RouteHandler {
     public const FOLDER_META = [
@@ -26,7 +27,8 @@ class MessagesRoutes extends RouteHandler {
         private URLRegistry $urls,
         private AuthInfo $authInfo,
         private MessagesContext $msgsCtx,
-        private UsersContext $usersCtx
+        private UsersContext $usersCtx,
+        private Permissions $perms
     ) {}
 
     private bool $canSendMessages;
@@ -248,6 +250,19 @@ class MessagesRoutes extends RouteHandler {
         ]);
     }
 
+    private function checkCanReceiveMessages(UserInfo|string $userInfo): ?array {
+        $globalPerms = $this->perms->getPermissions('global', $userInfo);
+        if(!$globalPerms->check(Perm::G_MESSAGES_VIEW))
+            return [
+                'error' => [
+                    'name' => 'msgs:recipient_cannot_recv',
+                    'text' => 'This person is not allowed to receive messages.',
+                ],
+            ];
+
+        return null;
+    }
+
     private function checkMessageFields(string $title, string $body, int $parser): ?array {
         if(!Parser::isValid($parser))
             return [
@@ -349,6 +364,10 @@ class MessagesRoutes extends RouteHandler {
             ];
         }
 
+        $error = $this->checkCanReceiveMessages($recipientInfo);
+        if($error !== null)
+            return $error;
+
         $replyToInfo = null;
         if(!empty($replyTo)) {
             try {
@@ -463,6 +482,10 @@ class MessagesRoutes extends RouteHandler {
                 ],
             ];
 
+        $error = $this->checkCanReceiveMessages($messageInfo->getRecipientId());
+        if($error !== null)
+            return $error;
+
         $sentAt = $draft ? null : time();
 
         $msgsDb->updateMessage(
diff --git a/src/MisuzuContext.php b/src/MisuzuContext.php
index 85a2018..f0e61f7 100644
--- a/src/MisuzuContext.php
+++ b/src/MisuzuContext.php
@@ -248,7 +248,8 @@ class MisuzuContext {
             $this->urls,
             $this->authInfo,
             $this->messagesCtx,
-            $this->usersCtx
+            $this->usersCtx,
+            $this->perms
         ));
 
         $routingCtx->register(new \Misuzu\Changelog\ChangelogRoutes(