summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
authorKegan Dougal <kegan@matrix.org>2014-08-26 09:26:07 +0100
committerKegan Dougal <kegan@matrix.org>2014-08-26 09:26:07 +0100
commitcab3095803db0c046f414959d12e3549505f54c4 (patch)
treea00409373497d934a2f4bbc488f5eef3d5421420 /synapse/api/auth.py
parentImpl: /rooms/roomid/state/eventtype/state_key - Renamed RoomTopicRestServlet ... (diff)
downloadsynapse-cab3095803db0c046f414959d12e3549505f54c4.tar.xz
Removed member list servlet: now using generic state paths.
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r--synapse/api/auth.py12
1 files changed, 7 insertions, 5 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index ae61319a2c..385f93763a 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -77,6 +77,8 @@ class Auth(object):
 
     @defer.inlineCallbacks
     def is_membership_change_allowed(self, event):
+        target_user_id = event.state_key
+
         # does this room even exist
         room = yield self.store.get_room(event.room_id)
         if not room:
@@ -94,7 +96,7 @@ class Auth(object):
         # get info about the target
         try:
             target = yield self.store.get_room_member(
-                user_id=event.target_user_id,
+                user_id=target_user_id,
                 room_id=event.room_id)
         except:
             target = None
@@ -108,12 +110,12 @@ class Auth(object):
                 raise AuthError(403, "You are not in room %s." % event.room_id)
             elif target_in_room:  # the target is already in the room.
                 raise AuthError(403, "%s is already in the room." %
-                                     event.target_user_id)
+                                     target_user_id)
         elif Membership.JOIN == membership:
             # Joins are valid iff caller == target and they were:
             # invited: They are accepting the invitation
             # joined: It's a NOOP
-            if event.user_id != event.target_user_id:
+            if event.user_id != target_user_id:
                 raise AuthError(403, "Cannot force another user to join.")
             elif room.is_public:
                 pass  # anyone can join public rooms.
@@ -123,10 +125,10 @@ class Auth(object):
         elif Membership.LEAVE == membership:
             if not caller_in_room:  # trying to leave a room you aren't joined
                 raise AuthError(403, "You are not in room %s." % event.room_id)
-            elif event.target_user_id != event.user_id:
+            elif target_user_id != event.user_id:
                 # trying to force another user to leave
                 raise AuthError(403, "Cannot force %s to leave." %
-                                event.target_user_id)
+                                target_user_id)
         else:
             raise AuthError(500, "Unknown membership %s" % membership)