Change Details

I tested this locally in `keyserver.js`, by importing the function and running this code: ``` fetchMediaForThread("85372").then((media) => { console.log(media); }); ``` Checking the console logs confirms that the media is successfully fetched. {F354058}

I tested the membership permissions in two ways: 1. By simulating a user who should have access to the media, navigating to the thread and confirming that the shared media is still present in the gallery. 2. More importantly, to try to simulate a user who shouldn't have access to the shared media, I ran the query in TablePlus and filled in the `${viewer.id}` parameter with a user who definitely should not have access to the thread media. I confirmed that the query returned 0 results, as opposed to, prior to the permissions checking, the query always returned all of the media. {F402533}

I tested this locally in `keyserver.js`, by importing the function and running this code:e membership permissions in two ways: ``` fetchMediaForThread("85372").then((media) => { console.log(media); }); ```1. By simulating a user who should have access to the media, navigating to the thread and confirming that the shared media is still present in the gallery. Checking the console logs confirms that the media is successfully fetched. {F3540582. More importantly, to try to simulate a user who shouldn't have access to the shared media, I ran the query in TablePlus and filled in the `${viewer.id}` parameter with a user who definitely should not have access to the thread media. I confirmed that the query returned 0 results, as opposed to, prior to the permissions checking, the query always returned all of the media. {F402533}