From a0ad3a74b8baca08f31d37c9f019728c4d3d73d3 Mon Sep 17 00:00:00 2001
From: Luna Mendes <git@l4.pm>
Date: Wed, 21 Nov 2018 20:49:03 -0300
Subject: [PATCH] channel.messages: add permission checks

---
 litecord/blueprints/channel/messages.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/litecord/blueprints/channel/messages.py b/litecord/blueprints/channel/messages.py
index 0e035d8..36e7459 100644
--- a/litecord/blueprints/channel/messages.py
+++ b/litecord/blueprints/channel/messages.py
@@ -51,8 +51,8 @@ def query_tuple_from_args(args: dict, limit: int) -> tuple:
 async def get_messages(channel_id):
     user_id = await token_check()
 
-    # TODO: check READ_MESSAGE_HISTORY permission
     ctype, peer_id = await channel_check(user_id, channel_id)
+    await channel_perm_check(user_id, channel_id, 'read_history')
 
     if ctype == ChannelType.DM:
         # make sure both parties will be subbed
@@ -97,8 +97,8 @@ async def get_messages(channel_id):
 async def get_single_message(channel_id, message_id):
     user_id = await token_check()
     await channel_check(user_id, channel_id)
+    await channel_perm_check(user_id, channel_id, 'read_history')
 
-    # TODO: check READ_MESSAGE_HISTORY permissions
     message = await app.storage.get_message(message_id, user_id)
 
     if not message: