From 081d6fba976ba8c9838f389d8a05a04ed9b755f2 Mon Sep 17 00:00:00 2001
From: lifegpc <g1710431395@gmail.com>
Date: Fri, 8 Jan 2021 15:20:25 +0800
Subject: [PATCH] add permission check

---
 rssbot.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/rssbot.py b/rssbot.py
index 97e23d1..ab90489 100644
--- a/rssbot.py
+++ b/rssbot.py
@@ -585,6 +585,7 @@ class callbackQueryHandle(Thread):
 
     def run(self):
         self._callbackQueryId = self._data['id']
+        self._fromUserId = self._data['from']['id']
         l = self._data['data'].split(',')
         if len(l) < 3:
             self.answer('错误的按钮数据。')
@@ -788,6 +789,10 @@ class callbackQueryHandle(Thread):
             if 'message' not in self._data:
                 self.answer('找不到信息。')
                 return
+            if self._data['message']['chat']['type'] != 'private':
+                if checkUserPermissionsInChat(self._main, chatId, self._fromUserId) != UserPermissionsInChatCheckResult.OK:
+                    self.answer('您没有权限操作')
+                    return
             if self._inlineKeyBoardForRSSListCommand == InlineKeyBoardForRSSList.FirstPage:
                 di = {'chat_id': self._data['message']['chat']['id'],
                       'message_id': self._data['message']['message_id']}