Make sure nodes can read only own mail

db_operations.py

@@ -123,24 +123,26 @@ def get_mail(recipient_id):
     c.execute("SELECT id, sender_short_name, subject, date, unique_id FROM mail WHERE recipient = ?", (recipient_id,))
     return c.fetchall()
 
-def get_mail_content(mail_id):
+def get_mail_content(mail_id, recipient_id):
+    # TODO: ensure only recipient can read mail
     conn = get_db_connection()
     c = conn.cursor()
-    c.execute("SELECT sender_short_name, date, subject, content, unique_id FROM mail WHERE id = ?", (mail_id,))
+    c.execute("SELECT sender_short_name, date, subject, content, unique_id FROM mail WHERE id = ? and recipient = ?", (mail_id, recipient_id,))
     return c.fetchone()
 
-def delete_mail(unique_id, bbs_nodes, interface):
-    logging.info(f"Attempting to delete mail with unique_id: {unique_id}")
+def delete_mail(unique_id, recipient_id, bbs_nodes, interface):
+    # TODO: ensure only recipient can delete mail
+    logging.info(f"Attempting to delete mail with unique_id: {unique_id} by {recipient_id}")
     conn = get_db_connection()
     c = conn.cursor()
     try:
-        c.execute("SELECT unique_id FROM mail WHERE unique_id = ?", (unique_id,))
+        c.execute("SELECT unique_id FROM mail WHERE unique_id = ? and recipient = ?", (unique_id, recipient_id,))
         result = c.fetchone()
         logging.debug(f"Fetch result for unique_id {unique_id}: {result}")
         if result is None:
             logging.error(f"No mail found with unique_id: {unique_id}")
             return  # Early exit if no matching mail found
-        c.execute("DELETE FROM mail WHERE unique_id = ?", (unique_id,))
+        c.execute("DELETE FROM mail WHERE unique_id = ? and recipient = ?", (unique_id, recipient_id,))
         conn.commit()
         send_delete_mail_to_bbs_nodes(unique_id, bbs_nodes, interface)
         logging.info(f"Mail with unique_id: {unique_id} deleted and sync message sent.")