From cab3095803db0c046f414959d12e3549505f54c4 Mon Sep 17 00:00:00 2001 From: Kegan Dougal Date: Tue, 26 Aug 2014 09:26:07 +0100 Subject: Removed member list servlet: now using generic state paths. --- synapse/api/auth.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'synapse/api/auth.py') diff --git a/synapse/api/auth.py b/synapse/api/auth.py index ae61319a2c..385f93763a 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -77,6 +77,8 @@ class Auth(object): @defer.inlineCallbacks def is_membership_change_allowed(self, event): + target_user_id = event.state_key + # does this room even exist room = yield self.store.get_room(event.room_id) if not room: @@ -94,7 +96,7 @@ class Auth(object): # get info about the target try: target = yield self.store.get_room_member( - user_id=event.target_user_id, + user_id=target_user_id, room_id=event.room_id) except: target = None @@ -108,12 +110,12 @@ class Auth(object): raise AuthError(403, "You are not in room %s." % event.room_id) elif target_in_room: # the target is already in the room. raise AuthError(403, "%s is already in the room." % - event.target_user_id) + target_user_id) elif Membership.JOIN == membership: # Joins are valid iff caller == target and they were: # invited: They are accepting the invitation # joined: It's a NOOP - if event.user_id != event.target_user_id: + if event.user_id != target_user_id: raise AuthError(403, "Cannot force another user to join.") elif room.is_public: pass # anyone can join public rooms. @@ -123,10 +125,10 @@ class Auth(object): elif Membership.LEAVE == membership: if not caller_in_room: # trying to leave a room you aren't joined raise AuthError(403, "You are not in room %s." % event.room_id) - elif event.target_user_id != event.user_id: + elif target_user_id != event.user_id: # trying to force another user to leave raise AuthError(403, "Cannot force %s to leave." % - event.target_user_id) + target_user_id) else: raise AuthError(500, "Unknown membership %s" % membership) -- cgit 1.4.1