diff --git a/synapse/rest/client/v1/presence.py b/synapse/rest/client/v1/presence.py
index a6f8754e32..bbfa1d6ac4 100644
--- a/synapse/rest/client/v1/presence.py
+++ b/synapse/rest/client/v1/presence.py
@@ -17,7 +17,7 @@
"""
from twisted.internet import defer
-from synapse.api.errors import SynapseError
+from synapse.api.errors import SynapseError, AuthError
from synapse.types import UserID
from .base import ClientV1RestServlet, client_path_patterns
@@ -35,8 +35,15 @@ class PresenceStatusRestServlet(ClientV1RestServlet):
requester = yield self.auth.get_user_by_req(request)
user = UserID.from_string(user_id)
- state = yield self.handlers.presence_handler.get_state(
- target_user=user, auth_user=requester.user)
+ if requester.user != user:
+ allowed = yield self.handlers.presence_handler.is_visible(
+ observed_user=user, observer_user=requester.user,
+ )
+
+ if not allowed:
+ raise AuthError(403, "You are not allowed to see their presence.")
+
+ state = yield self.handlers.presence_handler.get_state(target_user=user)
defer.returnValue((200, state))
@@ -45,6 +52,9 @@ class PresenceStatusRestServlet(ClientV1RestServlet):
requester = yield self.auth.get_user_by_req(request)
user = UserID.from_string(user_id)
+ if requester.user != user:
+ raise AuthError(403, "Can only set your own presence state")
+
state = {}
try:
content = json.loads(request.content.read())
@@ -63,8 +73,7 @@ class PresenceStatusRestServlet(ClientV1RestServlet):
except:
raise SynapseError(400, "Unable to parse state")
- yield self.handlers.presence_handler.set_state(
- target_user=user, auth_user=requester.user, state=state)
+ yield self.handlers.presence_handler.set_state(user, state)
defer.returnValue((200, {}))
@@ -87,11 +96,8 @@ class PresenceListRestServlet(ClientV1RestServlet):
raise SynapseError(400, "Cannot get another user's presence list")
presence = yield self.handlers.presence_handler.get_presence_list(
- observer_user=user, accepted=True)
-
- for p in presence:
- observed_user = p.pop("observed_user")
- p["user_id"] = observed_user.to_string()
+ observer_user=user, accepted=True
+ )
defer.returnValue((200, presence))
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index cf7fcb04ff..e6f5c5614a 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -298,18 +298,6 @@ class RoomMemberListRestServlet(ClientV1RestServlet):
if event["type"] != EventTypes.Member:
continue
chunk.append(event)
- # FIXME: should probably be state_key here, not user_id
- target_user = UserID.from_string(event["user_id"])
- # Presence is an optional cache; don't fail if we can't fetch it
- try:
- presence_handler = self.handlers.presence_handler
- presence_state = yield presence_handler.get_state(
- target_user=target_user,
- auth_user=requester.user,
- )
- event["content"].update(presence_state)
- except:
- pass
defer.returnValue((200, {
"chunk": chunk
@@ -535,6 +523,10 @@ class RoomTypingRestServlet(ClientV1RestServlet):
"/rooms/(?P<room_id>[^/]*)/typing/(?P<user_id>[^/]*)$"
)
+ def __init__(self, hs):
+ super(RoomTypingRestServlet, self).__init__(hs)
+ self.presence_handler = hs.get_handlers().presence_handler
+
@defer.inlineCallbacks
def on_PUT(self, request, room_id, user_id):
requester = yield self.auth.get_user_by_req(request)
@@ -546,6 +538,8 @@ class RoomTypingRestServlet(ClientV1RestServlet):
typing_handler = self.handlers.typing_notification_handler
+ yield self.presence_handler.bump_presence_active_time(requester.user)
+
if content["typing"]:
yield typing_handler.started_typing(
target_user=target_user,
|
