0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-12-13 22:43:50 +01:00

FIXUP: Now testing that the user is admin!

This commit is contained in:
David Teller 2021-01-28 12:18:07 +01:00
parent de7f049527
commit b859919acc
3 changed files with 38 additions and 6 deletions

View file

@ -1,4 +1 @@
New API /_synapse/admin/rooms/{roomId}/context/{eventId} New API /_synapse/admin/rooms/{roomId}/context/{eventId}.
This API mirrors /_matrix/client/r0/rooms/{roomId}/context/{eventId} but lets administrators
inspect rooms. Designed to annotate abuse reports with context.

View file

@ -578,7 +578,8 @@ class RoomEventContextServlet(RestServlet):
self.auth = hs.get_auth() self.auth = hs.get_auth()
async def on_GET(self, request, room_id, event_id): async def on_GET(self, request, room_id, event_id):
requester = await self.auth.get_user_by_req(request, allow_guest=True) requester = await self.auth.get_user_by_req(request, allow_guest=False)
await assert_user_is_admin(self.auth, requester.user)
limit = parse_integer(request, "limit", default=10) limit = parse_integer(request, "limit", default=10)

View file

@ -1430,7 +1430,41 @@ class JoinAliasRoomTestCase(unittest.HomeserverTestCase):
self.assertEquals(200, int(channel.result["code"]), msg=channel.result["body"]) self.assertEquals(200, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(private_room_id, channel.json_body["joined_rooms"][0]) self.assertEqual(private_room_id, channel.json_body["joined_rooms"][0])
def test_context(self): def test_context_as_non_admin(self):
"""
Test that, without being admin, one cannot use the context admin API
"""
# Create a room.
user_id = self.register_user("test", "test")
user_tok = self.login("test", "test")
self.register_user("test_2", "test")
user_tok_2 = self.login("test_2", "test")
room_id = self.helper.create_room_as(user_id, tok=user_tok)
# Populate the room with events.
events = []
for i in range(30):
events.append(
self.helper.send_event(
room_id, "com.example.test", content={"index": i}, tok=user_tok
)
)
# Now attempt to find the context using the admin API without being admin.
midway = (len(events) - 1) // 2
for tok in [user_tok, user_tok_2]:
channel = self.make_request(
"GET",
"/_synapse/admin/v1/rooms/%s/context/%s"
% (room_id, events[midway]["event_id"]),
access_token=tok,
)
self.assertEquals(403, int(channel.result["code"]), msg=channel.result["body"])
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
def test_context_as_admin(self):
""" """
Test that, as admin, we can find the context of an event without having joined the room. Test that, as admin, we can find the context of an event without having joined the room.
""" """