4 Commits

Author SHA1 Message Date
hobokenchicken 215f931311 fix: wire permission checks into message/channel handlers
- Add CheckChannelPermission to permissions.Checker (layers channel overrides on top of role permissions)
- Refactor requireChannelAccess to accept required permission bitmap
- Message Create checks SEND_MESSAGES; List/Search check VIEW_CHANNEL
- BulkDelete uses Checker.CheckPermission for MANAGE_MESSAGES
- Channel handler List filters out channels user cannot view
- Remove dead checkPermission method from message handler
- Fix frontend avatar upload: parse response URL, call updateProfile
2026-06-30 13:47:08 -04:00
root cc8ebc1f8a docs: update repository audit report after re-audit 2026-06-30 17:36:58 +00:00
hobokenchicken 2caedc172b fix: resolve 7 audit issues - webhook tokens, cookie security, avatar save, TUI fallback, dead code, valkey default 2026-06-30 13:29:34 -04:00
root 6f43e4f3a0 docs: add repository audit report 2026-06-30 17:22:54 +00:00