diff options
author | Erik Johnston <erik@matrix.org> | 2014-11-18 15:36:36 +0000 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2014-11-18 15:36:41 +0000 |
commit | 95614e52204c6ffd8be62a4e4cab716c9a985473 (patch) | |
tree | 178ddb8eb515eba1c40c9b97d3da0f6f36a4d469 /synapse/api | |
parent | SYN-149: Send join event immediately after the room create event (diff) | |
download | synapse-95614e52204c6ffd8be62a4e4cab716c9a985473.tar.xz |
Fix auth to correctly handle initial creation of rooms
Diffstat (limited to 'synapse/api')
-rw-r--r-- | synapse/api/auth.py | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 87f19a96d6..635571d2b6 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -21,7 +21,7 @@ from synapse.api.constants import Membership, JoinRules from synapse.api.errors import AuthError, StoreError, Codes, SynapseError from synapse.api.events.room import ( RoomMemberEvent, RoomPowerLevelsEvent, RoomRedactionEvent, - RoomJoinRulesEvent, RoomCreateEvent, + RoomJoinRulesEvent, RoomCreateEvent, RoomAliasesEvent, ) from synapse.util.logutils import log_function from syutil.base64util import encode_base64 @@ -63,6 +63,10 @@ class Auth(object): # FIXME return True + # FIXME: Temp hack + if event.type == RoomAliasesEvent.TYPE: + return True + if event.type == RoomMemberEvent.TYPE: allowed = self.is_membership_change_allowed(event) if allowed: @@ -144,6 +148,17 @@ class Auth(object): @log_function def is_membership_change_allowed(self, event): + membership = event.content["membership"] + + # Check if this is the room creator joining: + if len(event.prev_events) == 1 and Membership.JOIN == membership: + # Get room creation event: + key = (RoomCreateEvent.TYPE, "", ) + create = event.old_state_events.get(key) + if event.prev_events[0][0] == create.event_id: + if create.content["creator"] == event.state_key: + return True + target_user_id = event.state_key # get info about the caller @@ -159,8 +174,6 @@ class Auth(object): target_in_room = target and target.membership == Membership.JOIN - membership = event.content["membership"] - key = (RoomJoinRulesEvent.TYPE, "", ) join_rule_event = event.old_state_events.get(key) if join_rule_event: @@ -255,6 +268,11 @@ class Auth(object): level = power_level_event.content.get("users", {}).get(user_id) if not level: level = power_level_event.content.get("users_default", 0) + else: + key = (RoomCreateEvent.TYPE, "", ) + create_event = event.old_state_events.get(key) + if create_event.content["creator"] == user_id: + return 100 return level |