mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-14 20:33:53 +01:00
Return a 404 when deleting unknown room alias
As per https://github.com/matrix-org/matrix-doc/issues/1675 Fixes https://github.com/matrix-org/synapse/issues/2782
This commit is contained in:
parent
c6363f7269
commit
85a43f4167
2 changed files with 16 additions and 4 deletions
|
@ -20,7 +20,14 @@ import string
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse.api.constants import EventTypes
|
from synapse.api.constants import EventTypes
|
||||||
from synapse.api.errors import AuthError, CodeMessageException, Codes, SynapseError
|
from synapse.api.errors import (
|
||||||
|
AuthError,
|
||||||
|
CodeMessageException,
|
||||||
|
Codes,
|
||||||
|
NotFoundError,
|
||||||
|
StoreError,
|
||||||
|
SynapseError,
|
||||||
|
)
|
||||||
from synapse.types import RoomAlias, UserID, get_domain_from_id
|
from synapse.types import RoomAlias, UserID, get_domain_from_id
|
||||||
|
|
||||||
from ._base import BaseHandler
|
from ._base import BaseHandler
|
||||||
|
@ -109,7 +116,13 @@ class DirectoryHandler(BaseHandler):
|
||||||
def delete_association(self, requester, user_id, room_alias):
|
def delete_association(self, requester, user_id, room_alias):
|
||||||
# association deletion for human users
|
# association deletion for human users
|
||||||
|
|
||||||
|
try:
|
||||||
can_delete = yield self._user_can_delete_alias(room_alias, user_id)
|
can_delete = yield self._user_can_delete_alias(room_alias, user_id)
|
||||||
|
except StoreError as e:
|
||||||
|
if e.code == 404:
|
||||||
|
raise NotFoundError("Unknown room alias")
|
||||||
|
raise
|
||||||
|
|
||||||
if not can_delete:
|
if not can_delete:
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
403, "You don't have permission to delete the alias.",
|
403, "You don't have permission to delete the alias.",
|
||||||
|
@ -320,7 +333,7 @@ class DirectoryHandler(BaseHandler):
|
||||||
def _user_can_delete_alias(self, alias, user_id):
|
def _user_can_delete_alias(self, alias, user_id):
|
||||||
creator = yield self.store.get_room_alias_creator(alias.to_string())
|
creator = yield self.store.get_room_alias_creator(alias.to_string())
|
||||||
|
|
||||||
if creator and creator == user_id:
|
if creator == user_id:
|
||||||
defer.returnValue(True)
|
defer.returnValue(True)
|
||||||
|
|
||||||
is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))
|
is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))
|
||||||
|
|
|
@ -75,7 +75,6 @@ class DirectoryWorkerStore(SQLBaseStore):
|
||||||
},
|
},
|
||||||
retcol="creator",
|
retcol="creator",
|
||||||
desc="get_room_alias_creator",
|
desc="get_room_alias_creator",
|
||||||
allow_none=True
|
|
||||||
)
|
)
|
||||||
|
|
||||||
@cached(max_entries=5000)
|
@cached(max_entries=5000)
|
||||||
|
|
Loading…
Reference in a new issue