fix(telegram): fail closed on empty group allowFrom override

2026-05-08 08:21:26 +00:00 · 2026-02-24 18:30:21 -07:00
parent 81752564e9
commit 6bc7544a6a
3 changed files with 84 additions and 0 deletions
--- a/src/telegram/group-access.ts
+++ b/src/telegram/group-access.ts
@@ -42,6 +42,11 @@ export const evaluateTelegramGroupBaseAccess = (params: {
    return { allowed: true };
  }

+  // Explicit per-group/topic allowFrom override must fail closed when empty.
+  if (!params.effectiveGroupAllow.hasEntries) {
+    return { allowed: false, reason: "group-override-unauthorized" };
+  }
+
  const senderId = params.senderId ?? "";
  if (params.requireSenderForAllowOverride && !senderId) {
    return { allowed: false, reason: "group-override-unauthorized" };