fix: Force account_id in the query (#13388)

### What Forces `account_id` to be applied consistently in queries and message creation paths. ### Why Some queries were missing `account_id`, leading to cross-account scans and slow performance in large datasets. ### Changes * Added `account_id` to the relevant query columns. * Ensured messages are always created within the correct account scope. * Updated `created_at` handling where required for consistency. ### Impact * Prevents cross-account queries. * Improves query performance. * Reduces risk of incorrect data access across accounts. ### Notes No functional behavior change for end users. This is a performance and safety fix.
2026-01-28 14:51:24 -08:00
parent 2a69b37958
commit 0d9c0b2ed2
3 changed files with 13 additions and 9 deletions
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -114,7 +114,7 @@ class Message < ApplicationRecord

  scope :created_since, ->(datetime) { where('created_at > ?', datetime) }
  scope :chat, -> { where.not(message_type: :activity).where(private: false) }
-  scope :non_activity_messages, -> { where.not(message_type: :activity).reorder('id desc') }
+  scope :non_activity_messages, -> { where.not(message_type: :activity).reorder('created_at desc') }
  scope :today, -> { where("date_trunc('day', created_at) = ?", Date.current) }
  scope :voice_calls, -> { where(content_type: :voice_call) }

--- a/app/services/conversations/message_window_service.rb
+++ b/app/services/conversations/message_window_service.rb
@@ -65,6 +65,6 @@ class Conversations::MessageWindowService
  end

  def last_incoming_message
-    @last_incoming_message ||= @conversation.messages&.incoming&.last
+    @last_incoming_message ||= @conversation.messages.where(account_id: @conversation.account_id).incoming&.last
  end
 end
--- a/spec/services/whatsapp/send_on_whatsapp_service_spec.rb
+++ b/spec/services/whatsapp/send_on_whatsapp_service_spec.rb
@@ -57,9 +57,9 @@ describe Whatsapp::SendOnWhatsappService do
      it 'calls channel.send_message when with in 24 hour limit' do
        # to handle the case of 24 hour window limit.
        create(:message, message_type: :incoming, content: 'test',
-                         conversation: conversation)
+                         conversation: conversation, account: conversation.account)
        message = create(:message, message_type: :outgoing, content: 'test',
-                                   conversation: conversation)
+                                   conversation: conversation, account: conversation.account)

        stub_request(:post, 'https://waba.360dialog.io/v1/messages')
          .with(
@@ -88,7 +88,8 @@ describe Whatsapp::SendOnWhatsappService do
        message = create(:message,
                         additional_attributes: { template_params: invalid_template_params },
                         conversation: conversation,
-                         message_type: :outgoing)
+                         message_type: :outgoing,
+                         account: conversation.account)

        described_class.new(message: message).perform

@@ -98,7 +99,8 @@ describe Whatsapp::SendOnWhatsappService do

      it 'calls channel.send_template when after 24 hour limit' do
        message = create(:message, message_type: :outgoing, content: 'Your package has been shipped. It will be delivered in 3 business days.',
-                                   conversation: conversation, additional_attributes: { template_params: template_params })
+                                   conversation: conversation, additional_attributes: { template_params: template_params },
+                                   account: conversation.account)

        stub_request(:post, 'https://waba.360dialog.io/v1/messages')
          .with(
@@ -112,7 +114,8 @@ describe Whatsapp::SendOnWhatsappService do

      it 'calls channel.send_template if template_params are present' do
        message = create(:message, additional_attributes: { template_params: template_params },
-                                   content: 'Your package will be delivered in 3 business days.', conversation: conversation, message_type: :outgoing)
+                                   content: 'Your package will be delivered in 3 business days.', conversation: conversation, message_type: :outgoing,
+                                   account: conversation.account)
        stub_request(:post, 'https://waba.360dialog.io/v1/messages')
          .with(
            headers: headers,
@@ -148,7 +151,8 @@ describe Whatsapp::SendOnWhatsappService do
          ).to_return(status: 200, body: success_response, headers: { 'content-type' => 'application/json' })
        message = create(:message,
                         additional_attributes: { template_params: named_template_params },
-                         content: 'Your package will be delivered in 3 business days.', conversation: cloud_conversation, message_type: :outgoing)
+                         content: 'Your package will be delivered in 3 business days.', conversation: cloud_conversation, message_type: :outgoing,
+                         account: cloud_conversation.account)

        described_class.new(message: message).perform
        expect(message.reload.source_id).to eq('123456789')
@@ -192,7 +196,7 @@ describe Whatsapp::SendOnWhatsappService do
        }

        message = create(:message, additional_attributes: { template_params: empty_template_params },
-                                   conversation: conversation, message_type: :outgoing)
+                                   conversation: conversation, message_type: :outgoing, account: conversation.account)

        stub_request(:post, 'https://waba.360dialog.io/v1/messages')
          .with(