summary refs log tree commit diff
path: root/synapse/api
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/api')
-rw-r--r--synapse/api/auth.py19
-rw-r--r--synapse/api/constants.py3
-rw-r--r--synapse/api/events/factory.py3
-rw-r--r--synapse/api/events/room.py7
4 files changed, 30 insertions, 2 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index c77f52dc30..0e8973e823 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -57,6 +57,8 @@ class Auth(object):
                 )
 
                 if hasattr(event, "state_key"):
+                    # TODO (erikj): This really only should be called for *new*
+                    # state
                     yield self._can_add_state(event)
                 else:
                     yield self._can_send_event(event)
@@ -152,12 +154,29 @@ class Auth(object):
                 # TODO (erikj): private rooms
                 raise AuthError(403, "You are not allowed to join this room")
         elif Membership.LEAVE == membership:
+            # TODO (erikj): Implement kicks.
+
             if not caller_in_room:  # trying to leave a room you aren't joined
                 raise AuthError(403, "You are not in room %s." % event.room_id)
             elif target_user_id != event.user_id:
                 # trying to force another user to leave
                 raise AuthError(403, "Cannot force %s to leave." %
                                 target_user_id)
+        elif Membership.BAN == membership:
+            user_level = yield self.store.get_power_level(
+                event.room_id,
+                event.user_id,
+            )
+
+            ban_level, _ = yield self.store.get_ops_levels(event.room_id)
+
+            if ban_level:
+                ban_level = int(ban_level)
+            else:
+                ban_level = 5  # FIXME (erikj): What should we do here?
+
+            if ban_level < user_level:
+                raise AuthError(403, "You don't have permission to ban")
         else:
             raise AuthError(500, "Unknown membership %s" % membership)
 
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 9b5b9f5936..668ffa07ca 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -23,7 +23,8 @@ class Membership(object):
     JOIN = u"join"
     KNOCK = u"knock"
     LEAVE = u"leave"
-    LIST = (INVITE, JOIN, KNOCK, LEAVE)
+    BAN = u"ban"
+    LIST = (INVITE, JOIN, KNOCK, LEAVE, BAN)
 
 
 class Feedback(object):
diff --git a/synapse/api/events/factory.py b/synapse/api/events/factory.py
index 56180899b2..159728b2d2 100644
--- a/synapse/api/events/factory.py
+++ b/synapse/api/events/factory.py
@@ -16,7 +16,7 @@
 from synapse.api.events.room import (
     RoomTopicEvent, MessageEvent, RoomMemberEvent, FeedbackEvent,
     InviteJoinEvent, RoomConfigEvent, RoomNameEvent, GenericEvent,
-    RoomPowerLevelsEvent, RoomJoinRulesEvent,
+    RoomPowerLevelsEvent, RoomJoinRulesEvent, RoomOpsPowerLevelsEvent,
     RoomCreateEvent, RoomAddStateLevelEvent, RoomSendEventLevelEvent
 )
 
@@ -38,6 +38,7 @@ class EventFactory(object):
         RoomCreateEvent,
         RoomAddStateLevelEvent,
         RoomSendEventLevelEvent,
+        RoomOpsPowerLevelsEvent,
     ]
 
     def __init__(self, hs):
diff --git a/synapse/api/events/room.py b/synapse/api/events/room.py
index 6b431e24ea..f6d3c59a9a 100644
--- a/synapse/api/events/room.py
+++ b/synapse/api/events/room.py
@@ -167,3 +167,10 @@ class RoomSendEventLevelEvent(SynapseStateEvent):
 
     def get_content_template(self):
         return {}
+
+
+class RoomOpsPowerLevelsEvent(SynapseStateEvent):
+    TYPE = "m.room.ops_levels"
+
+    def get_content_template(self):
+        return {}