summary refs log tree commit diff
path: root/synapse/api
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2014-09-23 17:36:17 +0100
committerErik Johnston <erik@matrix.org>2014-09-23 17:36:24 +0100
commitbc250a6afa68b7584f3b7b3aacb919df406da75a (patch)
treedb6bfd1b559eadcb70e742f5df0b4531d6ed17ff /synapse/api
parentAdd prune_event method (diff)
downloadsynapse-bc250a6afa68b7584f3b7b3aacb919df406da75a.tar.xz
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event
SYN-12 # comment Auth has been added.
Diffstat (limited to 'synapse/api')
-rw-r--r--synapse/api/auth.py34
1 files changed, 31 insertions, 3 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 8f32191b57..fb14d9a2b3 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -19,7 +19,9 @@ from twisted.internet import defer
 
 from synapse.api.constants import Membership, JoinRules
 from synapse.api.errors import AuthError, StoreError, Codes, SynapseError
-from synapse.api.events.room import RoomMemberEvent, RoomPowerLevelsEvent
+from synapse.api.events.room import (
+    RoomMemberEvent, RoomPowerLevelsEvent, RoomDeletionEvent,
+)
 from synapse.util.logutils import log_function
 
 import logging
@@ -70,6 +72,9 @@ class Auth(object):
                 if event.type == RoomPowerLevelsEvent.TYPE:
                     yield self._check_power_levels(event)
 
+                if event.type == RoomDeletionEvent.TYPE:
+                    yield self._check_deletion(event)
+
                 defer.returnValue(True)
             else:
                 raise AuthError(500, "Unknown event: %s" % event)
@@ -170,7 +175,7 @@ class Auth(object):
                     event.room_id,
                     event.user_id,
                 )
-                _, kick_level = yield self.store.get_ops_levels(event.room_id)
+                _, kick_level, _ = yield self.store.get_ops_levels(event.room_id)
 
                 if kick_level:
                     kick_level = int(kick_level)
@@ -187,7 +192,7 @@ class Auth(object):
                 event.user_id,
             )
 
-            ban_level, _ = yield self.store.get_ops_levels(event.room_id)
+            ban_level, _, _  = yield self.store.get_ops_levels(event.room_id)
 
             if ban_level:
                 ban_level = int(ban_level)
@@ -322,6 +327,29 @@ class Auth(object):
                 )
 
     @defer.inlineCallbacks
+    def _check_deletion(self, event):
+        user_level = yield self.store.get_power_level(
+            event.room_id,
+            event.user_id,
+        )
+
+        if user_level:
+            user_level = int(user_level)
+        else:
+            user_level = 0
+
+        _, _, delete_level  = yield self.store.get_ops_levels(event.room_id)
+
+        if not delete_level:
+            delete_level = 50
+
+        if user_level < delete_level:
+            raise AuthError(
+                403,
+                "You don't have permission to delete events"
+            )
+
+    @defer.inlineCallbacks
     def _check_power_levels(self, event):
         for k, v in event.content.items():
             if k == "default":