From 5006a14935b8bca2e55d2834094a6ab80f4bc9e0 Mon Sep 17 00:00:00 2001
From: Denis Arh <denis.arh@kendu.si>
Date: Mon, 29 Oct 2018 08:34:43 +0100
Subject: [PATCH] FindMessages now only selects messages from channles we have
 access to

---
 sam/repository/message.go | 3 +++
 sam/service/message.go    | 3 +--
 sam/types/message.go      | 3 +++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/sam/repository/message.go b/sam/repository/message.go
index aef804661..f38771d3b 100644
--- a/sam/repository/message.go
+++ b/sam/repository/message.go
@@ -112,6 +112,9 @@ func (r *message) FindMessages(filter *types.MessageFilter) (types.MessageSet, e
 		}
 	}
 
+	sql += " AND rel_channel IN " + sqlChannelAccess
+	params = append(params, filter.CurrentUserID, types.ChannelTypePublic)
+
 	sql += " ORDER BY id DESC"
 
 	if filter.Limit == 0 || filter.Limit > MESSAGES_MAX_LIMIT {
diff --git a/sam/service/message.go b/sam/service/message.go
index 364972b4d..354f37239 100644
--- a/sam/service/message.go
+++ b/sam/service/message.go
@@ -78,10 +78,9 @@ func (svc *message) With(ctx context.Context) MessageService {
 
 func (svc *message) Find(filter *types.MessageFilter) (mm types.MessageSet, err error) {
 	// @todo get user from context
-	var currentUserID uint64 = repository.Identity(svc.ctx)
+	filter.CurrentUserID = repository.Identity(svc.ctx)
 
 	// @todo verify if current user can access & read from this channel
-	_ = currentUserID
 	_ = filter.ChannelID
 
 	mm, err = svc.message.FindMessages(filter)
diff --git a/sam/types/message.go b/sam/types/message.go
index 334edcb30..021e00d14 100644
--- a/sam/types/message.go
+++ b/sam/types/message.go
@@ -28,6 +28,9 @@ type (
 	MessageFilter struct {
 		Query string
 
+		// Required param to filter accessible messages
+		CurrentUserID uint64
+
 		// All messages that belong to a channel
 		ChannelID uint64