summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2017-07-24 13:40:56 +0100
committerErik Johnston <erik@matrix.org>2017-07-24 13:40:56 +0100
commit851aeae7c796b127dddf7ca6df882df6104ee5e7 (patch)
tree74a2fab849c681bf1959e810cd7d36b13b806b66 /synapse
parentCorrectly add joins to correct segment (diff)
downloadsynapse-851aeae7c796b127dddf7ca6df882df6104ee5e7.tar.xz
Check users/rooms are in group before adding to summary
Diffstat (limited to 'synapse')
-rw-r--r--synapse/storage/group_server.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/synapse/storage/group_server.py b/synapse/storage/group_server.py
index d42e215b26..258c3168aa 100644
--- a/synapse/storage/group_server.py
+++ b/synapse/storage/group_server.py
@@ -152,6 +152,18 @@ class GroupServerStore(SQLBaseStore):
                 an order of 1 will put the room first. Otherwise, the room gets
                 added to the end.
         """
+        room_in_group = self._simple_select_one_onecol_txn(
+            txn,
+            table="group_rooms",
+            keyvalues={
+                "group_id": group_id,
+                "room_id": room_id,
+            },
+            retcol="room_id",
+            allow_none=True,
+        )
+        if not room_in_group:
+            raise SynapseError(400, "room not in group")
 
         if category_id is None:
             category_id = _DEFAULT_CATEGORY_ID
@@ -426,6 +438,19 @@ class GroupServerStore(SQLBaseStore):
                 an order of 1 will put the user first. Otherwise, the user gets
                 added to the end.
         """
+        user_in_group = self._simple_select_one_onecol_txn(
+            txn,
+            table="group_users",
+            keyvalues={
+                "group_id": group_id,
+                "user_id": user_id,
+            },
+            retcol="user_id",
+            allow_none=True,
+        )
+        if not user_in_group:
+            raise SynapseError(400, "user not in group")
+
         if role_id is None:
             role_id = _DEFAULT_ROLE_ID
         else: