Merge pull request #3 from pmmaga/patch-1

fix(MessageRepository): Check user for deletion

src/Repositories/MessageRepository.php

@@ -54,6 +54,10 @@ public function send(int $senderId, int $receiverId, string $message)
     public function delete($msg, $user)
     {
         try {
+            if (!in_array($user, [$msg->sender_id, $msg->receiver_id])) {
+                return ['status' => false, 'message' => 'Unauthorized'];
+            }
+
             // Set message 'deleted' for the current user only
             if ($msg->sender_id == $user) {
                 $msg->deleted_by_sender = true;