Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Able to send reaction in token gated communities #11915

Closed
alaibe opened this issue Aug 17, 2023 · 5 comments · Fixed by status-im/status-go#4064
Closed

Able to send reaction in token gated communities #11915

alaibe opened this issue Aug 17, 2023 · 5 comments · Fixed by status-im/status-go#4064
Assignees
@shinnok
Labels
backend-team bug Something isn't working
Milestone
0.15

Comments

@alaibe
Copy link
Contributor

alaibe commented Aug 17, 2023

Members not yet approved in the communities are able to send reaction to message

Expected: they should not be able to react
@alaibe alaibe added bug Something isn't working backend-team labels Aug 17, 2023
@jrainville jrainville added this to the 0.15 milestone Aug 17, 2023
@shinnok
Copy link
Contributor

shinnok commented Sep 22, 2023

Hi,

I cannot reproduce this on latest dev, on a test Community, with existing or new messages, neither with mouse hover nor right click.

temporary-krantzite-hepialus.mov

@jrainville
Copy link
Member

jrainville commented Sep 22, 2023
edited
Loading

I tried also and I can't reproduce. I wonder what made it possible before.

Maybe one other thing you could try @shinnok is remove the UI blockers and try to send a message or emoji reaction when not part of a community.

The messages should not appear for other users, ie status-go should not accept those (backend validation). Can you confirm that please?

@shinnok
Copy link
Contributor

shinnok commented Sep 26, 2023

@jrainville I re-enabled the chat input by commenting out the piece below and I was able to send messages to a community without having joined yet:

status-desktop/ui/app/AppLayouts/Chat/views/ChatColumnView.qml

Lines 260 to 267 in 29629a3

Binding on enabled {
delayed: true
value: !!d.activeChatContentModule
&& !d.activeChatContentModule.chatDetails.blocked
&& root.rootStore.sectionDetails.joined
&& !root.rootStore.sectionDetails.amIBanned
&& root.rootStore.isUserAllowedToSendMessage
}

As for the best place to block this in the back-end, I'm currently investigating in status-go PR status-im/status-go#4064.

@jrainville
Copy link
Member

Nice find @shinnok .

So we should block that both on sending side, but most importantly on receiver side, so that if someone clones the repo and "hacks" the sending code, we still don't accept messages from non-members.

I recommend using the Go tests available in status-go. They are very powerful (you can debug) and way faster than running the app.

Let me know if you need some coaching on them. All members of the messenger team know how they work, so you can reach out to any of them.

@shinnok shinnok mentioned this issue Sep 27, 2023
Merged
@igor-sirotin
Copy link
Contributor

related: status-im/status-go#3869

jrainville pushed a commit to status-im/status-go that referenced this issue Oct 25, 2023
@shinnok
fix(messenger_communities): block messages and reactions to token gat…
3805662 
…ed or spectated communities (#4064)

Which specifies that if a user is not a community member & a
chat member, he can't post, react or pin messages in that chat.

Notes:
- also fix&cleanup associated failing tests.
- refactor Community.CanPost() to reflect the new requirement.
- grant code is not fully implemented and is to be removed later.

Fixes status-im/status-desktop#11915
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shinnok shinnok

Labels
backend-team bug Something isn't working
Projects
Status Desktop/Mobile Board
Archived in project
Milestone
0.15
5 participants
@iurimatias @alaibe @shinnok @jrainville @igor-sirotin