summary refs log tree commit diff
path: root/synapse/rest/admin/_base.py
diff options
context:
space:
mode:
authorQuentin Gliech <quenting@element.io>2022-08-22 15:17:59 +0200
committerGitHub <noreply@github.com>2022-08-22 14:17:59 +0100
commit3dd175b628bab5638165f20de9eade36a4e88147 (patch)
tree9f4f0b459e22c9665baf03e0fb509baa447c4ce2 /synapse/rest/admin/_base.py
parentRemove redundant opentracing spans for `/sendToDevice` and `/keys/upload` (#1... (diff)
downloadsynapse-3dd175b628bab5638165f20de9eade36a4e88147.tar.xz
`synapse.api.auth.Auth` cleanup: make permission-related methods use `Requester` instead of the `UserID` (#13024)
Part of #13019

This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it.

It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
Diffstat (limited to 'synapse/rest/admin/_base.py')
-rw-r--r--synapse/rest/admin/_base.py10
1 files changed, 5 insertions, 5 deletions
diff --git a/synapse/rest/admin/_base.py b/synapse/rest/admin/_base.py

index 399b205aaf..b467a61dfb 100644
--- a/synapse/rest/admin/_base.py
+++ b/synapse/rest/admin/_base.py
@@ -19,7 +19,7 @@ from typing import Iterable, Pattern
 from synapse.api.auth import Auth
 from synapse.api.errors import AuthError
 from synapse.http.site import SynapseRequest
-from synapse.types import UserID
+from synapse.types import Requester
 
 
 def admin_patterns(path_regex: str, version: str = "v1") -> Iterable[Pattern]:
@@ -48,19 +48,19 @@ async def assert_requester_is_admin(auth: Auth, request: SynapseRequest) -> None
         AuthError if the requester is not a server admin
     """
     requester = await auth.get_user_by_req(request)
-    await assert_user_is_admin(auth, requester.user)
+    await assert_user_is_admin(auth, requester)
 
 
-async def assert_user_is_admin(auth: Auth, user_id: UserID) -> None:
+async def assert_user_is_admin(auth: Auth, requester: Requester) -> None:
     """Verify that the given user is an admin user
 
     Args:
         auth: Auth singleton
-        user_id: user to check
+        requester: The user making the request, according to the access token.
 
     Raises:
         AuthError if the user is not a server admin
     """
-    is_admin = await auth.is_server_admin(user_id)
+    is_admin = await auth.is_server_admin(requester)
     if not is_admin:
         raise AuthError(HTTPStatus.FORBIDDEN, "You are not a server admin")
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-08 03:19:46 +0000