From c38404b5d50b507a08ba456b07ec90b9aecba5bb Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Sun, 21 Jan 2024 10:57:53 +0800
Subject: [PATCH] chore: tweak get memo by name

---
 api/v2/acl_config.go   |  1 +
 api/v2/memo_service.go | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/api/v2/acl_config.go b/api/v2/acl_config.go
index 8e9d7c38..f3482eb7 100644
--- a/api/v2/acl_config.go
+++ b/api/v2/acl_config.go
@@ -8,6 +8,7 @@ var authenticationAllowlistMethods = map[string]bool{
 	"/memos.api.v2.UserService/GetUser":           true,
 	"/memos.api.v2.MemoService/ListMemos":         true,
 	"/memos.api.v2.MemoService/GetMemo":           true,
+	"/memos.api.v2.MemoService/GetMemoByName":     true,
 	"/memos.api.v2.MemoService/ListMemoResources": true,
 	"/memos.api.v2.MemoService/ListMemoRelations": true,
 	"/memos.api.v2.MemoService/ListMemoComments":  true,
diff --git a/api/v2/memo_service.go b/api/v2/memo_service.go
index 3260f26f..f71f4a15 100644
--- a/api/v2/memo_service.go
+++ b/api/v2/memo_service.go
@@ -247,6 +247,18 @@ func (s *APIV2Service) GetMemoByName(ctx context.Context, request *apiv2pb.GetMe
 	if memo == nil {
 		return nil, status.Errorf(codes.NotFound, "memo not found")
 	}
+	if memo.Visibility != store.Public {
+		user, err := getCurrentUser(ctx, s.Store)
+		if err != nil {
+			return nil, status.Errorf(codes.Internal, "failed to get user")
+		}
+		if user == nil {
+			return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+		}
+		if memo.Visibility == store.Private && memo.CreatorID != user.ID {
+			return nil, status.Errorf(codes.PermissionDenied, "permission denied")
+		}
+	}
 
 	memoMessage, err := s.convertMemoFromStore(ctx, memo)
 	if err != nil {