summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--changelog.d/16205.bugfix1
-rw-r--r--synapse/event_auth.py8
2 files changed, 8 insertions, 1 deletions
diff --git a/changelog.d/16205.bugfix b/changelog.d/16205.bugfix
new file mode 100644
index 0000000000..97ac92a148
--- /dev/null
+++ b/changelog.d/16205.bugfix
@@ -0,0 +1 @@
+Fix inaccurate error message while attempting to ban or unban a user with the same or higher PL by spliting the conditional statements. Contributed by @leviosacz.
\ No newline at end of file
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index 3a260a492b..531bb74f07 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -669,12 +669,18 @@ def _is_membership_change_allowed(
                     errcode=Codes.INSUFFICIENT_POWER,
                 )
     elif Membership.BAN == membership:
-        if user_level < ban_level or user_level <= target_level:
+        if user_level < ban_level:
             raise UnstableSpecAuthError(
                 403,
                 "You don't have permission to ban",
                 errcode=Codes.INSUFFICIENT_POWER,
             )
+        elif user_level <= target_level:
+            raise UnstableSpecAuthError(
+                403,
+                "You don't have permission to ban this user",
+                errcode=Codes.INSUFFICIENT_POWER,
+            )
     elif room_version.knock_join_rule and Membership.KNOCK == membership:
         if join_rule != JoinRules.KNOCK and (
             not room_version.knock_restricted_join_rule