summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
authorKegan Dougal <kegan@matrix.org>2014-08-26 10:37:31 +0100
committerKegan Dougal <kegan@matrix.org>2014-08-26 10:37:31 +0100
commitf6daa9f1703d0f924dc2c519151b841def4a051b (patch)
treefeebb74986533487afe19e91f3e52437d3fd1fad /synapse/api/auth.py
parentAdd 'state_key' to valid_keys (diff)
parentURL renaming: Room state keys now use the format /rooms/$roomid/state/$event_... (diff)
downloadsynapse-f6daa9f1703d0f924dc2c519151b841def4a051b.tar.xz
Merge branch 'client_server_url_rename' into develop
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r--synapse/api/auth.py28
1 files changed, 15 insertions, 13 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 31852b29a5..385f93763a 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -44,15 +44,15 @@ class Auth(object):
             be raised only if raises=True.
         """
         try:
-            if event.type in [RoomTopicEvent.TYPE, MessageEvent.TYPE,
-                              FeedbackEvent.TYPE]:
-                yield self.check_joined_room(event.room_id, event.user_id)
-                defer.returnValue(True)
-            elif event.type == RoomMemberEvent.TYPE:
-                allowed = yield self.is_membership_change_allowed(event)
-                defer.returnValue(allowed)
+            if hasattr(event, "room_id"):
+                if event.type == RoomMemberEvent.TYPE:
+                    allowed = yield self.is_membership_change_allowed(event)
+                    defer.returnValue(allowed)
+                else:
+                    yield self.check_joined_room(event.room_id, event.user_id)
+                    defer.returnValue(True)
             else:
-                raise AuthError(500, "Unknown event type %s" % event.type)
+                raise AuthError(500, "Unknown event: %s" % event)
         except AuthError as e:
             logger.info("Event auth check failed on event %s with msg: %s",
                         event, e.msg)
@@ -77,6 +77,8 @@ class Auth(object):
 
     @defer.inlineCallbacks
     def is_membership_change_allowed(self, event):
+        target_user_id = event.state_key
+
         # does this room even exist
         room = yield self.store.get_room(event.room_id)
         if not room:
@@ -94,7 +96,7 @@ class Auth(object):
         # get info about the target
         try:
             target = yield self.store.get_room_member(
-                user_id=event.target_user_id,
+                user_id=target_user_id,
                 room_id=event.room_id)
         except:
             target = None
@@ -108,12 +110,12 @@ class Auth(object):
                 raise AuthError(403, "You are not in room %s." % event.room_id)
             elif target_in_room:  # the target is already in the room.
                 raise AuthError(403, "%s is already in the room." %
-                                     event.target_user_id)
+                                     target_user_id)
         elif Membership.JOIN == membership:
             # Joins are valid iff caller == target and they were:
             # invited: They are accepting the invitation
             # joined: It's a NOOP
-            if event.user_id != event.target_user_id:
+            if event.user_id != target_user_id:
                 raise AuthError(403, "Cannot force another user to join.")
             elif room.is_public:
                 pass  # anyone can join public rooms.
@@ -123,10 +125,10 @@ class Auth(object):
         elif Membership.LEAVE == membership:
             if not caller_in_room:  # trying to leave a room you aren't joined
                 raise AuthError(403, "You are not in room %s." % event.room_id)
-            elif event.target_user_id != event.user_id:
+            elif target_user_id != event.user_id:
                 # trying to force another user to leave
                 raise AuthError(403, "Cannot force %s to leave." %
-                                event.target_user_id)
+                                target_user_id)
         else:
             raise AuthError(500, "Unknown membership %s" % membership)