mirror of
https://github.com/matrix-construct/construct
synced 2024-09-30 04:38:52 +02:00
modules/client/rooms: Add pre-checks for membership on the convenience endpoints.
This commit is contained in:
parent
b7023a6dc7
commit
c944818f4b
3 changed files with 33 additions and 0 deletions
|
@ -40,6 +40,18 @@ post__ban(client &client,
|
||||||
power.level("ban")
|
power.level("ban")
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Check if the target user has any membership state at all. We don't
|
||||||
|
// yet care *what* that state is, and whatever that is may also change,
|
||||||
|
// but we can filter out clearly mistaken requests and typo'ed inputs.
|
||||||
|
if(!room.has("m.room.member", user_id))
|
||||||
|
throw m::error
|
||||||
|
{
|
||||||
|
http::NOT_MODIFIED, "M_TARGET_NOT_IN_ROOM",
|
||||||
|
"The user %s has no membership state in %s",
|
||||||
|
string_view{user_id},
|
||||||
|
string_view{room_id},
|
||||||
|
};
|
||||||
|
|
||||||
const auto event_id
|
const auto event_id
|
||||||
{
|
{
|
||||||
send(room, request.user_id, "m.room.member", user_id,
|
send(room, request.user_id, "m.room.member", user_id,
|
||||||
|
|
|
@ -40,6 +40,18 @@ post__kick(client &client,
|
||||||
power.level("kick")
|
power.level("kick")
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Check if the target user has any membership state at all. We don't
|
||||||
|
// yet care *what* that state is, and whatever that is may also change,
|
||||||
|
// but we can filter out clearly mistaken requests and typo'ed inputs.
|
||||||
|
if(!room.has("m.room.member", user_id))
|
||||||
|
throw m::error
|
||||||
|
{
|
||||||
|
http::NOT_MODIFIED, "M_TARGET_NOT_IN_ROOM",
|
||||||
|
"The user %s has no membership state in %s",
|
||||||
|
string_view{user_id},
|
||||||
|
string_view{room_id},
|
||||||
|
};
|
||||||
|
|
||||||
const auto event_id
|
const auto event_id
|
||||||
{
|
{
|
||||||
send(room, request.user_id, "m.room.member", user_id,
|
send(room, request.user_id, "m.room.member", user_id,
|
||||||
|
|
|
@ -23,6 +23,15 @@ post__leave(client &client,
|
||||||
room_id
|
room_id
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if(!room.has("m.room.member", request.user_id))
|
||||||
|
throw m::error
|
||||||
|
{
|
||||||
|
http::NOT_MODIFIED, "M_TARGET_NOT_IN_ROOM",
|
||||||
|
"The user %s has no membership state in %s",
|
||||||
|
string_view{request.user_id},
|
||||||
|
string_view{room_id},
|
||||||
|
};
|
||||||
|
|
||||||
const auto event_id
|
const auto event_id
|
||||||
{
|
{
|
||||||
m::leave(room, request.user_id)
|
m::leave(room, request.user_id)
|
||||||
|
|
Loading…
Reference in a new issue