diff options
| author | Erik Johnston <erik@matrix.org> | 2014-09-23 17:36:17 +0100 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2014-09-23 17:36:24 +0100 |
| commit | bc250a6afa68b7584f3b7b3aacb919df406da75a (patch) | |
| tree | db6bfd1b559eadcb70e742f5df0b4531d6ed17ff /synapse/api | |
| parent | Add prune_event method (diff) | |
| download | synapse-bc250a6afa68b7584f3b7b3aacb919df406da75a.tar.xz | |
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event
SYN-12 # comment Auth has been added.
Diffstat (limited to 'synapse/api')
| -rw-r--r-- | synapse/api/auth.py | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 8f32191b57..fb14d9a2b3 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -19,7 +19,9 @@ from twisted.internet import defer from synapse.api.constants import Membership, JoinRules from synapse.api.errors import AuthError, StoreError, Codes, SynapseError -from synapse.api.events.room import RoomMemberEvent, RoomPowerLevelsEvent +from synapse.api.events.room import ( + RoomMemberEvent, RoomPowerLevelsEvent, RoomDeletionEvent, +) from synapse.util.logutils import log_function import logging @@ -70,6 +72,9 @@ class Auth(object): if event.type == RoomPowerLevelsEvent.TYPE: yield self._check_power_levels(event) + if event.type == RoomDeletionEvent.TYPE: + yield self._check_deletion(event) + defer.returnValue(True) else: raise AuthError(500, "Unknown event: %s" % event) @@ -170,7 +175,7 @@ class Auth(object): event.room_id, event.user_id, ) - _, kick_level = yield self.store.get_ops_levels(event.room_id) + _, kick_level, _ = yield self.store.get_ops_levels(event.room_id) if kick_level: kick_level = int(kick_level) @@ -187,7 +192,7 @@ class Auth(object): event.user_id, ) - ban_level, _ = yield self.store.get_ops_levels(event.room_id) + ban_level, _, _ = yield self.store.get_ops_levels(event.room_id) if ban_level: ban_level = int(ban_level) @@ -322,6 +327,29 @@ class Auth(object): ) @defer.inlineCallbacks + def _check_deletion(self, event): + user_level = yield self.store.get_power_level( + event.room_id, + event.user_id, + ) + + if user_level: + user_level = int(user_level) + else: + user_level = 0 + + _, _, delete_level = yield self.store.get_ops_levels(event.room_id) + + if not delete_level: + delete_level = 50 + + if user_level < delete_level: + raise AuthError( + 403, + "You don't have permission to delete events" + ) + + @defer.inlineCallbacks def _check_power_levels(self, event): for k, v in event.content.items(): if k == "default": |