summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--synapse/rest/client/v2_alpha/relations.py17
-rw-r--r--tests/rest/client/v2_alpha/test_relations.py2
2 files changed, 16 insertions, 3 deletions
diff --git a/synapse/rest/client/v2_alpha/relations.py b/synapse/rest/client/v2_alpha/relations.py
index f468409b68..1b53e638eb 100644
--- a/synapse/rest/client/v2_alpha/relations.py
+++ b/synapse/rest/client/v2_alpha/relations.py
@@ -131,6 +131,7 @@ class RelationPaginationServlet(RestServlet):
         self.store = hs.get_datastore()
         self.clock = hs.get_clock()
         self._event_serializer = hs.get_event_client_serializer()
+        self.event_handler = hs.get_event_handler()
 
     @defer.inlineCallbacks
     def on_GET(self, request, room_id, parent_id, relation_type=None, event_type=None):
@@ -140,6 +141,10 @@ class RelationPaginationServlet(RestServlet):
             room_id, requester.user.to_string()
         )
 
+        # This checks that a) the event exists and b) the user is allowed to
+        # view it.
+        yield self.event_handler.get_event(requester.user, room_id, parent_id)
+
         limit = parse_integer(request, "limit", default=5)
         from_token = parse_string(request, "from")
         to_token = parse_string(request, "to")
@@ -195,6 +200,7 @@ class RelationAggregationPaginationServlet(RestServlet):
         super(RelationAggregationPaginationServlet, self).__init__()
         self.auth = hs.get_auth()
         self.store = hs.get_datastore()
+        self.event_handler = hs.get_event_handler()
 
     @defer.inlineCallbacks
     def on_GET(self, request, room_id, parent_id, relation_type=None, event_type=None):
@@ -204,6 +210,10 @@ class RelationAggregationPaginationServlet(RestServlet):
             room_id, requester.user.to_string()
         )
 
+        # This checks that a) the event exists and b) the user is allowed to
+        # view it.
+        yield self.event_handler.get_event(requester.user, room_id, parent_id)
+
         if relation_type not in (RelationTypes.ANNOTATION, None):
             raise SynapseError(400, "Relation type must be 'annotation'")
 
@@ -258,6 +268,7 @@ class RelationAggregationGroupPaginationServlet(RestServlet):
         self.store = hs.get_datastore()
         self.clock = hs.get_clock()
         self._event_serializer = hs.get_event_client_serializer()
+        self.event_handler = hs.get_event_handler()
 
     @defer.inlineCallbacks
     def on_GET(self, request, room_id, parent_id, relation_type, event_type, key):
@@ -267,6 +278,10 @@ class RelationAggregationGroupPaginationServlet(RestServlet):
             room_id, requester.user.to_string()
         )
 
+        # This checks that a) the event exists and b) the user is allowed to
+        # view it.
+        yield self.event_handler.get_event(requester.user, room_id, parent_id)
+
         if relation_type != RelationTypes.ANNOTATION:
             raise SynapseError(400, "Relation type must be 'annotation'")
 
@@ -296,8 +311,6 @@ class RelationAggregationGroupPaginationServlet(RestServlet):
 
         defer.returnValue((200, return_value))
 
-        defer.returnValue((200, return_value))
-
 
 def register_servlets(hs, http_server):
     RelationSendServlet(hs).register(http_server)
diff --git a/tests/rest/client/v2_alpha/test_relations.py b/tests/rest/client/v2_alpha/test_relations.py
index 661dd45755..775622bd2b 100644
--- a/tests/rest/client/v2_alpha/test_relations.py
+++ b/tests/rest/client/v2_alpha/test_relations.py
@@ -296,7 +296,7 @@ class RelationsTestCase(unittest.HomeserverTestCase):
 
         request, channel = self.make_request(
             "GET",
-            "/_matrix/client/unstable/rooms/%s/aggregations/m.replaces/%s?limit=1"
+            "/_matrix/client/unstable/rooms/%s/aggregations/%s/m.replace?limit=1"
             % (self.room, self.parent_id),
         )
         self.render(request)