feat: add rpc interface permission check (#3366)

* pb * fix: Modifying other fields while setting IsPrivateChat does not take effect * fix: quote message error revoke * refactoring scheduled tasks * refactoring scheduled tasks * refactoring scheduled tasks * refactoring scheduled tasks * refactoring scheduled tasks * refactoring scheduled tasks * upgrading pkg tools * fix * fix * optimize log output * feat: support GetLastMessage * feat: support GetLastMessage * feat: s3 switch * feat: s3 switch * fix: GetUsersOnline * feat: SendBusinessNotification supported configuration parameters * feat: SendBusinessNotification supported configuration parameters * feat: SendBusinessNotification supported configuration parameters * feat: seq conversion failed without exiting * fix: DeleteDoc crash * fix: fill send time * fix: fill send time * fix: crash caused by withdrawing messages from users who have left the group * fix: user msg timestamp * seq read config * seq read config * fix: the source message of the reference is withdrawn, and the referenced message is deleted * feat: optimize the default notification.yml * fix: shouldPushOffline * fix: the sorting is wrong after canceling the administrator in group settings * feat: Sending messages supports returning fields modified by webhook * feat: Sending messages supports returning fields modified by webhook * feat: Sending messages supports returning fields modified by webhook * fix: oss specifies content-type when uploading * fix: the version number contains a line break * fix: the version number contains a line break * feat: GetConversationsHasReadAndMaxSeq support pinned * feat: GetConversationsHasReadAndMaxSeq support pinned * feat: GetConversationsHasReadAndMaxSeq support pinned * fix: transferring the group owner to a muted member, incremental version error * feat: unified conversion code * feat: update gomake * fix: in standalone mode, the user online status is wrong * fix: add permission check * fix: add permission check
2026-04-28 06:19:20 +08:00 · 2025-05-20 11:30:00 +08:00
parent 632a65303c
commit 748d783d36
20 changed files with 222 additions and 63 deletions
@@ -64,16 +64,57 @@ func GetIMAdminUserIDs(ctx context.Context) []string {
 }

 func IsAdmin(ctx context.Context) bool {
-	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
+	return IsTempAdmin(ctx) || IsSystemAdmin(ctx)
 }

 func CheckAccess(ctx context.Context, ownerUserID string) error {
-	opUserID := mcontext.GetOpUserID(ctx)
-	if opUserID == ownerUserID {
+	if mcontext.GetOpUserID(ctx) == ownerUserID {
 		return nil
 	}
-	if datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...) {
+	if IsAdmin(ctx) {
 		return nil
 	}
 	return servererrs.ErrNoPermission.WrapMsg("ownerUserID", ownerUserID)
 }
+
+func CheckAccessIn(ctx context.Context, ownerUserIDs ...string) error {
+	opUserID := mcontext.GetOpUserID(ctx)
+	for _, userID := range ownerUserIDs {
+		if opUserID == userID {
+			return nil
+		}
+	}
+	if IsAdmin(ctx) {
+		return nil
+	}
+	return servererrs.ErrNoPermission.WrapMsg("opUser in ownerUserIDs")
+}
+
+var tempAdminValue = []string{"1"}
+
+const ctxTempAdminKey = "ctxImTempAdminKey"
+
+func WithTempAdmin(ctx context.Context) context.Context {
+	keys, _ := ctx.Value(constant.RpcCustomHeader).([]string)
+	if datautil.Contain(ctxTempAdminKey, keys...) {
+		return ctx
+	}
+	if len(keys) > 0 {
+		temp := make([]string, 0, len(keys)+1)
+		temp = append(temp, keys...)
+		keys = append(temp, ctxTempAdminKey)
+	} else {
+		keys = []string{ctxTempAdminKey}
+	}
+	ctx = context.WithValue(ctx, constant.RpcCustomHeader, keys)
+	return context.WithValue(ctx, ctxTempAdminKey, tempAdminValue)
+}
+
+func IsTempAdmin(ctx context.Context) bool {
+	values, _ := ctx.Value(ctxTempAdminKey).([]string)
+	return datautil.Equal(tempAdminValue, values)
+}
+
+func IsSystemAdmin(ctx context.Context) bool {
+	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
+}
@@ -7,6 +7,7 @@ import (
 	"sync"
 	"time"

+	"github.com/openimsdk/open-im-server/v3/pkg/authverify"
 	"github.com/openimsdk/tools/errs"
 	"github.com/openimsdk/tools/utils/idutil"
 )
@@ -253,13 +254,14 @@ func (b *Batcher[T]) distributeMessage(messages map[string][]*T, totalCount int,

 func (b *Batcher[T]) run(channelID int, ch <-chan *Msg[T]) {
 	defer b.wait.Done()
+	ctx := authverify.WithTempAdmin(context.Background())
 	for {
 		select {
 		case messages, ok := <-ch:
 			if !ok {
 				return
 			}
-			b.Do(context.Background(), channelID, messages)
+			b.Do(ctx, channelID, messages)
 			if b.config.syncWait {
 				b.counter.Done()
 			}