diff options
| author | David Baker <dave@matrix.org> | 2016-06-02 15:33:28 +0100 |
|---|---|---|
| committer | David Baker <dave@matrix.org> | 2016-06-02 15:33:28 +0100 |
| commit | 812b5de0feeb905643faf4decff3d7b566d3dbe9 (patch) | |
| tree | 70c5d4a2dab2e35bc39711392cba52e22e5a145f /synapse/api/auth.py | |
| parent | Merge branch 'dbkr/split_out_auth_handler' into dbkr/email_unsubscribe (diff) | |
| parent | Fix setting the _clock in SQLBaseStore (diff) | |
| download | synapse-812b5de0feeb905643faf4decff3d7b566d3dbe9.tar.xz | |
Merge remote-tracking branch 'origin/develop' into dbkr/email_unsubscribe
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 2ece59bb19..463bd8b692 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -126,6 +126,24 @@ class Auth(object): return allowed self.check_event_sender_in_room(event, auth_events) + + # Special case to allow m.room.third_party_invite events wherever + # a user is allowed to issue invites. Fixes + # https://github.com/vector-im/vector-web/issues/1208 hopefully + if event.type == EventTypes.ThirdPartyInvite: + user_level = self._get_user_power_level(event.user_id, auth_events) + invite_level = self._get_named_level(auth_events, "invite", 0) + + if user_level < invite_level: + raise AuthError( + 403, ( + "You cannot issue a third party invite for %s." % + (event.content.display_name,) + ) + ) + else: + return True + self._can_send_event(event, auth_events) if event.type == EventTypes.PowerLevels: |