benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(web): enforce channel read-only and admin delete rules

Browse Source
This commit is contained in:
Alex
2026-03-08 13:18:52 +03:00
parent 13b5f5b855
commit 18596e6dab
3 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/components/ChatInfoPanel.tsx
View File

@@ -611,7 +611,7 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
} }
}} }}
> >
Leave chat {chat.type === "channel" ? "Leave channel" : "Leave chat"}
</button> </button>
) : null} ) : null}
</> </>

33
web/src/components/MessageComposer.tsx
View File

@@ -9,6 +9,7 @@ type RecordingState = "idle" | "recording" | "locked";
export function MessageComposer() { export function MessageComposer() {
const activeChatId = useChatStore((s) => s.activeChatId); const activeChatId = useChatStore((s) => s.activeChatId);
const chats = useChatStore((s) => s.chats);
const me = useAuthStore((s) => s.me); const me = useAuthStore((s) => s.me);
const draftsByChat = useChatStore((s) => s.draftsByChat); const draftsByChat = useChatStore((s) => s.draftsByChat);
const setDraft = useChatStore((s) => s.setDraft); const setDraft = useChatStore((s) => s.setDraft);
@@ -52,6 +53,12 @@ export function MessageComposer() {
const [recordSeconds, setRecordSeconds] = useState(0); const [recordSeconds, setRecordSeconds] = useState(0);
const [dragHint, setDragHint] = useState<"idle" | "lock" | "cancel">("idle"); const [dragHint, setDragHint] = useState<"idle" | "lock" | "cancel">("idle");
const hasTextToSend = text.trim().length > 0; const hasTextToSend = text.trim().length > 0;
const activeChat = chats.find((chat) => chat.id === activeChatId);
const canSendInActiveChat = Boolean(
activeChatId &&
activeChat &&
(activeChat.type !== "channel" || activeChat.my_role === "owner" || activeChat.my_role === "admin" || activeChat.is_saved)
);
useEffect(() => { useEffect(() => {
recordingStateRef.current = recordingState; recordingStateRef.current = recordingState;
@@ -146,7 +153,7 @@ export function MessageComposer() {
} }
async function handleSend() { async function handleSend() {
if (!activeChatId || !text.trim() || !me) { if (!activeChatId || !text.trim() || !me || !canSendInActiveChat) {
return; return;
} }
const clientMessageId = makeClientMessageId(); const clientMessageId = makeClientMessageId();
@@ -205,7 +212,7 @@ export function MessageComposer() {
messageType: "file" | "image" | "video" | "audio" | "voice" | "circle_video" = "file", messageType: "file" | "image" | "video" | "audio" | "voice" | "circle_video" = "file",
waveformPoints?: number[] | null waveformPoints?: number[] | null
) { ) {
if (!activeChatId || !me) { if (!activeChatId || !me || !canSendInActiveChat) {
return; return;
} }
setIsUploading(true); setIsUploading(true);
@@ -303,7 +310,7 @@ export function MessageComposer() {
} }
async function startRecord() { async function startRecord() {
if (recordingState !== "idle") { if (recordingState !== "idle" || !canSendInActiveChat) {
return false; return false;
} }
try { try {
@@ -694,11 +701,17 @@ export function MessageComposer() {
</div> </div>
) : null} ) : null}
{!canSendInActiveChat && activeChat?.type === "channel" ? (
<div className="mb-2 rounded-xl border border-amber-500/30 bg-amber-500/10 px-3 py-2 text-xs text-amber-200">
Read-only channel: only owners and admins can post.
</div>
) : null}
<div className="mb-2 flex items-end gap-2"> <div className="mb-2 flex items-end gap-2">
<div className="relative"> <div className="relative">
<button <button
className="h-[42px] min-w-[42px] rounded-full bg-slate-700/85 px-3 text-sm font-semibold text-slate-200 hover:bg-slate-700 disabled:opacity-60" className="h-[42px] min-w-[42px] rounded-full bg-slate-700/85 px-3 text-sm font-semibold text-slate-200 hover:bg-slate-700 disabled:opacity-60"
disabled={isUploading || recordingState !== "idle"} disabled={isUploading || recordingState !== "idle" || !canSendInActiveChat}
onClick={() => setShowAttachMenu((v) => !v)} onClick={() => setShowAttachMenu((v) => !v)}
type="button" type="button"
> >
@@ -728,7 +741,7 @@ export function MessageComposer() {
type="file" type="file"
multiple multiple
accept="image/*,video/*" accept="image/*,video/*"
disabled={isUploading || recordingState !== "idle"} disabled={isUploading || recordingState !== "idle" || !canSendInActiveChat}
onChange={(event) => { onChange={(event) => {
const files = event.target.files ? Array.from(event.target.files) : []; const files = event.target.files ? Array.from(event.target.files) : [];
if (files.length) { if (files.length) {
@@ -742,7 +755,7 @@ export function MessageComposer() {
className="hidden" className="hidden"
type="file" type="file"
multiple multiple
disabled={isUploading || recordingState !== "idle"} disabled={isUploading || recordingState !== "idle" || !canSendInActiveChat}
onChange={(event) => { onChange={(event) => {
const files = event.target.files ? Array.from(event.target.files) : []; const files = event.target.files ? Array.from(event.target.files) : [];
if (files.length) { if (files.length) {
@@ -758,6 +771,7 @@ export function MessageComposer() {
onClick={() => setShowFormatMenu((v) => !v)} onClick={() => setShowFormatMenu((v) => !v)}
type="button" type="button"
title="Text formatting" title="Text formatting"
disabled={!canSendInActiveChat}
> >
Aa Aa
</button> </button>
@@ -765,9 +779,10 @@ export function MessageComposer() {
<textarea <textarea
ref={textareaRef} ref={textareaRef}
className="min-h-[42px] max-h-40 flex-1 resize-y rounded-2xl border border-slate-700/80 bg-slate-800/80 px-4 py-2.5 text-sm outline-none placeholder:text-slate-400 focus:border-sky-500" className="min-h-[42px] max-h-40 flex-1 resize-y rounded-2xl border border-slate-700/80 bg-slate-800/80 px-4 py-2.5 text-sm outline-none placeholder:text-slate-400 focus:border-sky-500"
placeholder="Write a message..." placeholder={canSendInActiveChat ? "Write a message..." : "Read-only channel"}
rows={1} rows={1}
value={text} value={text}
disabled={!canSendInActiveChat}
onKeyDown={onComposerKeyDown} onKeyDown={onComposerKeyDown}
onChange={(event) => { onChange={(event) => {
const next = event.target.value; const next = event.target.value;
@@ -783,7 +798,7 @@ export function MessageComposer() {
{hasTextToSend ? ( {hasTextToSend ? (
<button <button
className="h-[42px] w-[56px] rounded-full bg-sky-500 px-3 text-sm font-semibold text-slate-950 hover:bg-sky-400 disabled:opacity-60" className="h-[42px] w-[56px] rounded-full bg-sky-500 px-3 text-sm font-semibold text-slate-950 hover:bg-sky-400 disabled:opacity-60"
disabled={recordingState !== "idle" || !activeChatId} disabled={recordingState !== "idle" || !activeChatId || !canSendInActiveChat}
onClick={handleSend} onClick={handleSend}
type="button" type="button"
title="Send message" title="Send message"
@@ -795,7 +810,7 @@ export function MessageComposer() {
className={`h-[42px] w-[56px] rounded-full px-3 text-sm font-semibold ${ className={`h-[42px] w-[56px] rounded-full px-3 text-sm font-semibold ${
recordingState === "idle" ? "bg-emerald-500 text-slate-950 hover:bg-emerald-400" : "bg-slate-700 text-slate-300" recordingState === "idle" ? "bg-emerald-500 text-slate-950 hover:bg-emerald-400" : "bg-slate-700 text-slate-300"
}`} }`}
disabled={isUploading || !activeChatId} disabled={isUploading || !activeChatId || !canSendInActiveChat}
onPointerDown={onMicPointerDown} onPointerDown={onMicPointerDown}
type="button" type="button"
title="Hold to record voice" title="Hold to record voice"

3
web/src/components/MessageList.tsx
View File

@@ -1025,6 +1025,9 @@ function canDeleteForEveryone(
if (chat.type === "channel") { if (chat.type === "channel") {
return chat.my_role === "owner" || chat.my_role === "admin"; return chat.my_role === "owner" || chat.my_role === "admin";
} }
if (chat.type === "group" && (chat.my_role === "owner" || chat.my_role === "admin")) {
return true;
}
return message.sender_id === meId; return message.sender_id === meId;
} }