v0.10.5 added some new permission options

backend/src/routes/usergroups.js

@@ -310,5 +310,44 @@ router.delete('/:id', authMiddleware, teamManagerMiddleware, async (req, res) =>
   } catch (e) { res.status(500).json({ error: e.message }); }
 });
 
+
+// ── U2U DM Restrictions ───────────────────────────────────────────────────────
+
+// GET /:id/restrictions — get blocked group IDs for a user group
+router.get('/:id/restrictions', authMiddleware, teamManagerMiddleware, async (req, res) => {
+  try {
+    const rows = await query(req.schema,
+      'SELECT blocked_group_id FROM user_group_dm_restrictions WHERE restricting_group_id = $1',
+      [req.params.id]
+    );
+    res.json({ blockedGroupIds: rows.map(r => r.blocked_group_id) });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
+// PUT /:id/restrictions — replace the full restriction list for a user group
+// Body: { blockedGroupIds: [id, id, ...] }
+router.put('/:id/restrictions', authMiddleware, teamManagerMiddleware, async (req, res) => {
+  const { blockedGroupIds = [] } = req.body;
+  const restrictingId = parseInt(req.params.id);
+  try {
+    const ug = await queryOne(req.schema, 'SELECT id FROM user_groups WHERE id = $1', [restrictingId]);
+    if (!ug) return res.status(404).json({ error: 'User group not found' });
+
+    // Clear all existing restrictions for this group then insert new ones
+    await exec(req.schema,
+      'DELETE FROM user_group_dm_restrictions WHERE restricting_group_id = $1',
+      [restrictingId]
+    );
+    for (const blockedId of blockedGroupIds) {
+      if (parseInt(blockedId) === restrictingId) continue; // cannot restrict own group
+      await exec(req.schema,
+        'INSERT INTO user_group_dm_restrictions (restricting_group_id, blocked_group_id) VALUES ($1, $2) ON CONFLICT DO NOTHING',
+        [restrictingId, parseInt(blockedId)]
+      );
+    }
+    res.json({ success: true, blockedGroupIds });
+  } catch (e) { res.status(500).json({ error: e.message }); }
+});
+
 return router;
 };