Add support for MSC3823 - Account Suspension Part 2 (#17255)

author: Shay <hillerys@element.io> 2024-06-24 06:21:22 -0700
committer: GitHub <noreply@github.com> 2024-06-24 14:21:22 +0100
commit: 7a11c0ac4fd3bab42d6edb17593c9d7ed8371001 (patch)
tree: 379871363c060013772bb212ed24000ad06b958a /synapse/rest/client
parent: Reduce device lists replication traffic. (#17333) (diff)
download: synapse-7a11c0ac4fd3bab42d6edb17593c9d7ed8371001.tar.xz
2 files changed, 40 insertions, 0 deletions
diff --git a/synapse/rest/client/profile.py b/synapse/rest/client/profile.py
index 0323f6afa1..c1a80c5c3d 100644
--- a/synapse/rest/client/profile.py
+++ b/synapse/rest/client/profile.py
@@ -108,6 +108,19 @@ class ProfileDisplaynameRestServlet(RestServlet):
 
         propagate = _read_propagate(self.hs, request)
 
+        requester_suspended = (
+            await self.hs.get_datastores().main.get_user_suspended_status(
+                requester.user.to_string()
+            )
+        )
+
+        if requester_suspended:
+            raise SynapseError(
+                403,
+                "Updating displayname while account is suspended is not allowed.",
+                Codes.USER_ACCOUNT_SUSPENDED,
+            )
+
         await self.profile_handler.set_displayname(
             user, requester, new_name, is_admin, propagate=propagate
         )
@@ -167,6 +180,19 @@ class ProfileAvatarURLRestServlet(RestServlet):
 
         propagate = _read_propagate(self.hs, request)
 
+        requester_suspended = (
+            await self.hs.get_datastores().main.get_user_suspended_status(
+                requester.user.to_string()
+            )
+        )
+
+        if requester_suspended:
+            raise SynapseError(
+                403,
+                "Updating avatar URL while account is suspended is not allowed.",
+                Codes.USER_ACCOUNT_SUSPENDED,
+            )
+
         await self.profile_handler.set_avatar_url(
             user, requester, new_avatar_url, is_admin, propagate=propagate
         )
diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
index bd65cf4b83..903c74f6d8 100644
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
@@ -1120,6 +1120,20 @@ class RoomRedactEventRestServlet(TransactionRestServlet):
     ) -> Tuple[int, JsonDict]:
         content = parse_json_object_from_request(request)
 
+        requester_suspended = await self._store.get_user_suspended_status(
+            requester.user.to_string()
+        )
+
+        if requester_suspended:
+            event = await self._store.get_event(event_id, allow_none=True)
+            if event:
+                if event.sender != requester.user.to_string():
+                    raise SynapseError(
+                        403,
+                        "You can only redact your own events while account is suspended.",
+                        Codes.USER_ACCOUNT_SUSPENDED,
+                    )
+
         # Ensure the redacts property in the content matches the one provided in
         # the URL.
         room_version = await self._store.get_room_version(room_id)
author	Shay <hillerys@element.io>	2024-06-24 06:21:22 -0700
committer	GitHub <noreply@github.com>	2024-06-24 14:21:22 +0100
commit	7a11c0ac4fd3bab42d6edb17593c9d7ed8371001 (patch)
tree	379871363c060013772bb212ed24000ad06b958a /synapse/rest/client
parent	Reduce device lists replication traffic. (#17333) (diff)
download	synapse-7a11c0ac4fd3bab42d6edb17593c9d7ed8371001.tar.xz