Any person can get a list of all the chatrooms available and having this list the person can read all the message, metadata, ... of all the chatrooms.
As a fix we need to have access control to check whether a user is allowed to read a chatroom or not. also we should only list chatroom_ids to users who have permissions to read them.
Any person can get a list of all the chatrooms available and having this list the person can read all the message, metadata, ... of all the chatrooms. As a fix we need to have access control to check whether a user is allowed to read a chatroom or not. also we should only list chatroom_ids to users who have permissions to read them.