From 93f84e037349cb3efddd8df5adf22512530a295c Mon Sep 17 00:00:00 2001 From: David Teller Date: Thu, 28 Jan 2021 12:27:30 +0100 Subject: FIXUP: Making get_event_context a bit more paranoid --- synapse/handlers/room.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'synapse/handlers/room.py') diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py index c103488076..e039cea024 100644 --- a/synapse/handlers/room.py +++ b/synapse/handlers/room.py @@ -38,6 +38,7 @@ from synapse.api.filtering import Filter from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion from synapse.events import EventBase from synapse.events.utils import copy_power_levels_contents +from synapse.rest.admin._base import assert_user_is_admin from synapse.storage.state import StateFilter from synapse.types import ( JsonDict, @@ -997,13 +998,14 @@ class RoomCreationHandler(BaseHandler): class RoomContextHandler: def __init__(self, hs: "HomeServer"): self.hs = hs + self.auth = hs.get_auth() self.store = hs.get_datastore() self.storage = hs.get_storage() self.state_store = self.storage.state async def get_event_context( self, - user: UserID, + requester: Requester, room_id: str, event_id: str, limit: int, @@ -1014,7 +1016,7 @@ class RoomContextHandler: in a room. Args: - user + requester room_id event_id limit: The maximum number of events to return in total @@ -1027,6 +1029,10 @@ class RoomContextHandler: Returns: dict, or None if the event isn't found """ + user = requester.user + if use_admin_priviledge: + await assert_user_is_admin(self.auth, requester.user) + before_limit = math.floor(limit / 2.0) after_limit = limit - before_limit -- cgit 1.4.1