From ea4f14ee0a045bbc675634440b578b4ad9a9523b Mon Sep 17 00:00:00 2001
From: Juliusz Chroboczek <jch@irif.fr>
Date: Wed, 8 May 2024 15:38:51 +0200
Subject: [PATCH] Enforce clearchat permissions in the server.

It was only being enforced in the client.
---
 rtpconn/webclient.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go
index f4ef07c..d0cbf43 100644
--- a/rtpconn/webclient.go
+++ b/rtpconn/webclient.go
@@ -1619,6 +1619,9 @@ func handleClientMessage(c *webClient, m clientMessage) error {
 		}
 		switch m.Kind {
 		case "clearchat":
+			if !member("op", c.permissions) {
+				return c.error(group.UserError("not authorised"))
+			}
 			g.ClearChatHistory()
 			m := clientMessage{
 				Type:       "usermessage",