marketing-shibata50/multica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(inbox): scope all inbox queries by workspace_id

Browse source 
Inbox items were previously queried only by recipient, which leaked data
across workspaces. All list/count/batch operations now filter by
workspace_id from the X-Workspace-ID header.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Naiyuan Qing 2026-03-29 17:42:45 +08:00
parent 42f72371bd
commit 4126073229
4 changed files with 75 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/cmd/server/notification_listeners_test.go
View file

@ -18,6 +18,7 @@ import (
func inboxItemsForRecipient(t *testing.T, queries *db.Queries, recipientID string) []db.ListInboxItemsRow {
t.Helper()
items, err := queries.ListInboxItems(context.Background(), db.ListInboxItemsParams{
WorkspaceID: util.ParseUUID(testWorkspaceID),
RecipientType: "member",
RecipientID: util.ParseUUID(recipientID),
Limit: 100,