feat(privacy): enforce avatar/presence visibility and invite restrictions
This commit is contained in:
@@ -755,6 +755,18 @@ Response: `200` + `ChatNotificationSettingsRead`
|
||||
|
||||
Note: mentions (`@username`) are delivered even when chat is muted.
|
||||
|
||||
## 3.7 Privacy enforcement notes
|
||||
|
||||
- User profile privacy is enforced server-side:
|
||||
- `privacy_avatar` controls whether other users receive `avatar_url`.
|
||||
- `privacy_last_seen` controls whether private-chat counterpart presence fields are visible:
|
||||
- `counterpart_is_online`
|
||||
- `counterpart_last_seen_at`
|
||||
- For `contacts` mode, visibility is granted only when the viewer is in target user's contacts.
|
||||
- Group/channel invite restrictions are enforced by `privacy_group_invites`:
|
||||
- Users with `contacts` can be added only by users present in their contacts list.
|
||||
- Applies to group/channel creation with initial members and admin add-member action.
|
||||
|
||||
### POST `/api/v1/chats/{chat_id}/archive`
|
||||
|
||||
Auth required.
|
||||
|
||||
Reference in New Issue
Block a user