From 3390dfff8d1422e713697007f8e87dd007c8bac0 Mon Sep 17 00:00:00 2001
From: Gordon <1432970085@qq.com>
Date: Mon, 27 Mar 2023 19:33:51 +0800
Subject: [PATCH] msg add permission judge

---
 internal/api/msg.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/api/msg.go b/internal/api/msg.go
index b8c3036c6..95e90a0da 100644
--- a/internal/api/msg.go
+++ b/internal/api/msg.go
@@ -9,6 +9,7 @@ import (
 	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/constant"
 	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/log"
 	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/mcontext"
+	"github.com/OpenIMSDK/Open-IM-Server/pkg/common/tokenverify"
 	"github.com/OpenIMSDK/Open-IM-Server/pkg/discoveryregistry"
 	"github.com/OpenIMSDK/Open-IM-Server/pkg/errs"
 	"github.com/OpenIMSDK/Open-IM-Server/pkg/proto/msg"
@@ -155,6 +156,10 @@ func (m *Message) SendMessage(c *gin.Context) {
 		apiresp.GinError(c, errs.ErrArgs.WithDetail(err.Error()).Wrap())
 		return
 	}
+	if !tokenverify.IsAppManagerUid(c) {
+		apiresp.GinError(c, errs.ErrNoPermission.Wrap("only app manager can send message"))
+		return
+	}
 
 	var data interface{}
 	switch params.ContentType {