1 files changed, 7 insertions, 5 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index ae61319a2c..385f93763a 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -77,6 +77,8 @@ class Auth(object):
@defer.inlineCallbacks
def is_membership_change_allowed(self, event):
+ target_user_id = event.state_key
+
# does this room even exist
room = yield self.store.get_room(event.room_id)
if not room:
@@ -94,7 +96,7 @@ class Auth(object):
# get info about the target
try:
target = yield self.store.get_room_member(
- user_id=event.target_user_id,
+ user_id=target_user_id,
room_id=event.room_id)
except:
target = None
@@ -108,12 +110,12 @@ class Auth(object):
raise AuthError(403, "You are not in room %s." % event.room_id)
elif target_in_room: # the target is already in the room.
raise AuthError(403, "%s is already in the room." %
- event.target_user_id)
+ target_user_id)
elif Membership.JOIN == membership:
# Joins are valid iff caller == target and they were:
# invited: They are accepting the invitation
# joined: It's a NOOP
- if event.user_id != event.target_user_id:
+ if event.user_id != target_user_id:
raise AuthError(403, "Cannot force another user to join.")
elif room.is_public:
pass # anyone can join public rooms.
@@ -123,10 +125,10 @@ class Auth(object):
elif Membership.LEAVE == membership:
if not caller_in_room: # trying to leave a room you aren't joined
raise AuthError(403, "You are not in room %s." % event.room_id)
- elif event.target_user_id != event.user_id:
+ elif target_user_id != event.user_id:
# trying to force another user to leave
raise AuthError(403, "Cannot force %s to leave." %
- event.target_user_id)
+ target_user_id)
else:
raise AuthError(500, "Unknown membership %s" % membership)
|
