diff options
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 31852b29a5..385f93763a 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -44,15 +44,15 @@ class Auth(object): be raised only if raises=True. """ try: - if event.type in [RoomTopicEvent.TYPE, MessageEvent.TYPE, - FeedbackEvent.TYPE]: - yield self.check_joined_room(event.room_id, event.user_id) - defer.returnValue(True) - elif event.type == RoomMemberEvent.TYPE: - allowed = yield self.is_membership_change_allowed(event) - defer.returnValue(allowed) + if hasattr(event, "room_id"): + if event.type == RoomMemberEvent.TYPE: + allowed = yield self.is_membership_change_allowed(event) + defer.returnValue(allowed) + else: + yield self.check_joined_room(event.room_id, event.user_id) + defer.returnValue(True) else: - raise AuthError(500, "Unknown event type %s" % event.type) + raise AuthError(500, "Unknown event: %s" % event) except AuthError as e: logger.info("Event auth check failed on event %s with msg: %s", event, e.msg) @@ -77,6 +77,8 @@ class Auth(object): @defer.inlineCallbacks def is_membership_change_allowed(self, event): + target_user_id = event.state_key + # does this room even exist room = yield self.store.get_room(event.room_id) if not room: @@ -94,7 +96,7 @@ class Auth(object): # get info about the target try: target = yield self.store.get_room_member( - user_id=event.target_user_id, + user_id=target_user_id, room_id=event.room_id) except: target = None @@ -108,12 +110,12 @@ class Auth(object): raise AuthError(403, "You are not in room %s." % event.room_id) elif target_in_room: # the target is already in the room. raise AuthError(403, "%s is already in the room." % - event.target_user_id) + target_user_id) elif Membership.JOIN == membership: # Joins are valid iff caller == target and they were: # invited: They are accepting the invitation # joined: It's a NOOP - if event.user_id != event.target_user_id: + if event.user_id != target_user_id: raise AuthError(403, "Cannot force another user to join.") elif room.is_public: pass # anyone can join public rooms. @@ -123,10 +125,10 @@ class Auth(object): elif Membership.LEAVE == membership: if not caller_in_room: # trying to leave a room you aren't joined raise AuthError(403, "You are not in room %s." % event.room_id) - elif event.target_user_id != event.user_id: + elif target_user_id != event.user_id: # trying to force another user to leave raise AuthError(403, "Cannot force %s to leave." % - event.target_user_id) + target_user_id) else: raise AuthError(500, "Unknown membership %s" % membership) |