fix: add permission check

internal/rpc/msg/send.go

@@ -176,13 +176,7 @@ func (m *msgServer) sendMsgSingleChat(ctx context.Context, req *pbmsg.SendMsgReq
 	isSend := true
 	isNotification := msgprocessor.IsNotificationByMsg(req.MsgData)
 	if !isNotification {
-		isSend, err = m.modifyMessageByUserMessageReceiveOpt(
+		isSend, err = m.modifyMessageByUserMessageReceiveOpt(authverify.WithTempAdmin(ctx), req.MsgData.RecvID, conversationutil.GenConversationIDForSingle(req.MsgData.SendID, req.MsgData.RecvID), constant.SingleChatType, req)
-			ctx,
-			req.MsgData.RecvID,
-			conversationutil.GenConversationIDForSingle(req.MsgData.SendID, req.MsgData.RecvID),
-			constant.SingleChatType,
-			req,
-		)
 		if err != nil {
 			return nil, err
 		}

pkg/authverify/token.go

@@ -64,15 +64,14 @@ func GetIMAdminUserIDs(ctx context.Context) []string {
 }
 
 func IsAdmin(ctx context.Context) bool {
-	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
+	return IsTempAdmin(ctx) || IsSystemAdmin(ctx)
 }
 
 func CheckAccess(ctx context.Context, ownerUserID string) error {
-	opUserID := mcontext.GetOpUserID(ctx)
+	if mcontext.GetOpUserID(ctx) == ownerUserID {
-	if opUserID == ownerUserID {
 		return nil
 	}
-	if datautil.Contain(opUserID, GetIMAdminUserIDs(ctx)...) {
+	if IsAdmin(ctx) {
 		return nil
 	}
 	return servererrs.ErrNoPermission.WrapMsg("ownerUserID", ownerUserID)
@@ -85,8 +84,37 @@ func CheckAccessIn(ctx context.Context, ownerUserIDs ...string) error {
 			return nil
 		}
 	}
-	if datautil.Contain(opUserID, GetIMAdminUserIDs(ctx)...) {
+	if IsAdmin(ctx) {
 		return nil
 	}
 	return servererrs.ErrNoPermission.WrapMsg("opUser in ownerUserIDs")
 }
+
+var tempAdminValue = []string{"1"}
+
+const ctxTempAdminKey = "ctxImTempAdminKey"
+
+func WithTempAdmin(ctx context.Context) context.Context {
+	keys, _ := ctx.Value(constant.RpcCustomHeader).([]string)
+	if datautil.Contain(ctxTempAdminKey, keys...) {
+		return ctx
+	}
+	if len(keys) > 0 {
+		temp := make([]string, 0, len(keys)+1)
+		temp = append(temp, keys...)
+		keys = append(temp, ctxTempAdminKey)
+	} else {
+		keys = []string{ctxTempAdminKey}
+	}
+	ctx = context.WithValue(ctx, constant.RpcCustomHeader, keys)
+	return context.WithValue(ctx, ctxTempAdminKey, tempAdminValue)
+}
+
+func IsTempAdmin(ctx context.Context) bool {
+	values, _ := ctx.Value(ctxTempAdminKey).([]string)
+	return datautil.Equal(tempAdminValue, values)
+}
+
+func IsSystemAdmin(ctx context.Context) bool {
+	return datautil.Contain(mcontext.GetOpUserID(ctx), GetIMAdminUserIDs(ctx)...)
+}

pkg/tools/batcher/batcher.go

@@ -7,6 +7,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/openimsdk/open-im-server/v3/pkg/authverify"
 	"github.com/openimsdk/tools/errs"
 	"github.com/openimsdk/tools/utils/idutil"
 )
@@ -253,13 +254,14 @@ func (b *Batcher[T]) distributeMessage(messages map[string][]*T, totalCount int,
 
 func (b *Batcher[T]) run(channelID int, ch <-chan *Msg[T]) {
 	defer b.wait.Done()
+	ctx := authverify.WithTempAdmin(context.Background())
 	for {
 		select {
 		case messages, ok := <-ch:
 			if !ok {
 				return
 			}
-			b.Do(context.Background(), channelID, messages)
+			b.Do(ctx, channelID, messages)
 			if b.config.syncWait {
 				b.counter.Done()
 			}