From 95614e52204c6ffd8be62a4e4cab716c9a985473 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Tue, 18 Nov 2014 15:36:36 +0000
Subject: Fix auth to correctly handle initial creation of rooms

---
 synapse/api/auth.py | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'synapse/api')

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 87f19a96d6..635571d2b6 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -21,7 +21,7 @@ from synapse.api.constants import Membership, JoinRules
 from synapse.api.errors import AuthError, StoreError, Codes, SynapseError
 from synapse.api.events.room import (
     RoomMemberEvent, RoomPowerLevelsEvent, RoomRedactionEvent,
-    RoomJoinRulesEvent, RoomCreateEvent,
+    RoomJoinRulesEvent, RoomCreateEvent, RoomAliasesEvent,
 )
 from synapse.util.logutils import log_function
 from syutil.base64util import encode_base64
@@ -63,6 +63,10 @@ class Auth(object):
                     # FIXME
                     return True
 
+                # FIXME: Temp hack
+                if event.type == RoomAliasesEvent.TYPE:
+                    return True
+
                 if event.type == RoomMemberEvent.TYPE:
                     allowed = self.is_membership_change_allowed(event)
                     if allowed:
@@ -144,6 +148,17 @@ class Auth(object):
 
     @log_function
     def is_membership_change_allowed(self, event):
+        membership = event.content["membership"]
+
+        # Check if this is the room creator joining:
+        if len(event.prev_events) == 1 and Membership.JOIN == membership:
+            # Get room creation event:
+            key = (RoomCreateEvent.TYPE, "", )
+            create = event.old_state_events.get(key)
+            if event.prev_events[0][0] == create.event_id:
+                if create.content["creator"] == event.state_key:
+                    return True
+
         target_user_id = event.state_key
 
         # get info about the caller
@@ -159,8 +174,6 @@ class Auth(object):
 
         target_in_room = target and target.membership == Membership.JOIN
 
-        membership = event.content["membership"]
-
         key = (RoomJoinRulesEvent.TYPE, "", )
         join_rule_event = event.old_state_events.get(key)
         if join_rule_event:
@@ -255,6 +268,11 @@ class Auth(object):
             level = power_level_event.content.get("users", {}).get(user_id)
             if not level:
                 level = power_level_event.content.get("users_default", 0)
+        else:
+            key = (RoomCreateEvent.TYPE, "", )
+            create_event = event.old_state_events.get(key)
+            if create_event.content["creator"] == user_id:
+                return 100
 
         return level
 
-- 
cgit 1.4.1