summary refs log tree commit diff
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2021-06-02 11:31:41 -0400
committerGitHub <noreply@github.com>2021-06-02 11:31:41 -0400
commit3cf6b34b4e203dcda803ab3ac88c9dadc591e4a1 (patch)
treee78c4245fa489820e6697be307d17aa4a0b506c2
parentMake /sync do less state res (#10102) (diff)
downloadsynapse-3cf6b34b4e203dcda803ab3ac88c9dadc591e4a1.tar.xz
Do not show invite-only rooms in spaces summary (unless joined/invited). (#10109)
-rw-r--r--changelog.d/10109.bugfix1
-rw-r--r--synapse/handlers/space_summary.py19
2 files changed, 10 insertions, 10 deletions
diff --git a/changelog.d/10109.bugfix b/changelog.d/10109.bugfix
new file mode 100644
index 0000000000..bc41bf9e5e
--- /dev/null
+++ b/changelog.d/10109.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in v1.35.0 where invite-only rooms would be shown to users in a space who were not invited.
diff --git a/synapse/handlers/space_summary.py b/synapse/handlers/space_summary.py
index abd9ddecca..046dba6fd8 100644
--- a/synapse/handlers/space_summary.py
+++ b/synapse/handlers/space_summary.py
@@ -26,7 +26,6 @@ from synapse.api.constants import (
     HistoryVisibility,
     Membership,
 )
-from synapse.api.errors import AuthError
 from synapse.events import EventBase
 from synapse.events.utils import format_event_for_client_v2
 from synapse.types import JsonDict
@@ -456,16 +455,16 @@ class SpaceSummaryHandler:
                     return True
 
             # Otherwise, check if they should be allowed access via membership in a space.
-            try:
-                await self._event_auth_handler.check_restricted_join_rules(
-                    state_ids, room_version, requester, member_event
+            if self._event_auth_handler.has_restricted_join_rules(
+                state_ids, room_version
+            ):
+                allowed_spaces = (
+                    await self._event_auth_handler.get_spaces_that_allow_join(state_ids)
                 )
-            except AuthError:
-                # The user doesn't have access due to spaces, but might have access
-                # another way. Keep trying.
-                pass
-            else:
-                return True
+                if await self._event_auth_handler.is_user_in_rooms(
+                    allowed_spaces, requester
+                ):
+                    return True
 
         # If this is a request over federation, check if the host is in the room or
         # is in one of the spaces specified via the join rules.