From 406eb9c93bfcd101c939ac48b77a26484ebdcc2c Mon Sep 17 00:00:00 2001
From: LittleSheep <littlesheep.code@hotmail.com>
Date: Sat, 15 Feb 2025 15:49:07 +0800
Subject: [PATCH] :bug: Fix no perm check on DM

---
 pkg/internal/http/api/direct_channels_api.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/internal/http/api/direct_channels_api.go b/pkg/internal/http/api/direct_channels_api.go
index 27cb810..63f7051 100644
--- a/pkg/internal/http/api/direct_channels_api.go
+++ b/pkg/internal/http/api/direct_channels_api.go
@@ -53,6 +53,10 @@ func createDirectChannel(c *fiber.Ctx) error {
 		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("you already have a direct with that user #%d", ch.ID))
 	}
 
+	if err := authkit.EnsureUserPermGranted(gap.Nx, user.ID, relatedUser.ID, "ChannelAdd", true); err != nil {
+		return fmt.Errorf("unable to add user into your channel due to access denied: %v", err)
+	}
+
 	channel := models.Channel{
 		Alias:       data.Alias,
 		Name:        data.Name,