summary refs log tree commit diff
path: root/synapse/handlers
diff options
context:
space:
mode:
authorDavid Teller <d.o.teller+github@gmail.com>2021-01-28 12:27:30 +0100
committerDavid Teller <d.o.teller+github@gmail.com>2021-01-28 12:31:07 +0100
commit93f84e037349cb3efddd8df5adf22512530a295c (patch)
tree16dceb00a4e889340b3aeaaae8a99277b07de5fd /synapse/handlers
parentFIXUP: Removing awaitable (diff)
downloadsynapse-93f84e037349cb3efddd8df5adf22512530a295c.tar.xz
FIXUP: Making get_event_context a bit more paranoid
Diffstat (limited to 'synapse/handlers')
-rw-r--r--synapse/handlers/room.py10
1 files changed, 8 insertions, 2 deletions
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index c103488076..e039cea024 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -38,6 +38,7 @@ from synapse.api.filtering import Filter
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion
 from synapse.events import EventBase
 from synapse.events.utils import copy_power_levels_contents
+from synapse.rest.admin._base import assert_user_is_admin
 from synapse.storage.state import StateFilter
 from synapse.types import (
     JsonDict,
@@ -997,13 +998,14 @@ class RoomCreationHandler(BaseHandler):
 class RoomContextHandler:
     def __init__(self, hs: "HomeServer"):
         self.hs = hs
+        self.auth = hs.get_auth()
         self.store = hs.get_datastore()
         self.storage = hs.get_storage()
         self.state_store = self.storage.state
 
     async def get_event_context(
         self,
-        user: UserID,
+        requester: Requester,
         room_id: str,
         event_id: str,
         limit: int,
@@ -1014,7 +1016,7 @@ class RoomContextHandler:
         in a room.
 
         Args:
-            user
+            requester
             room_id
             event_id
             limit: The maximum number of events to return in total
@@ -1027,6 +1029,10 @@ class RoomContextHandler:
         Returns:
             dict, or None if the event isn't found
         """
+        user = requester.user
+        if use_admin_priviledge:
+            await assert_user_is_admin(self.auth, requester.user)
+
         before_limit = math.floor(limit / 2.0)
         after_limit = limit - before_limit