mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-17 23:42:33 +01:00
Allow alias creators to delete aliases
This commit is contained in:
parent
742ec37ca3
commit
f9af8962f8
4 changed files with 51 additions and 10 deletions
|
@ -17,9 +17,9 @@
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
from ._base import BaseHandler
|
from ._base import BaseHandler
|
||||||
|
|
||||||
from synapse.api.errors import SynapseError, Codes, CodeMessageException
|
from synapse.api.errors import SynapseError, Codes, CodeMessageException, AuthError
|
||||||
from synapse.api.constants import EventTypes
|
from synapse.api.constants import EventTypes
|
||||||
from synapse.types import RoomAlias
|
from synapse.types import RoomAlias, UserID
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
import string
|
import string
|
||||||
|
@ -38,7 +38,7 @@ class DirectoryHandler(BaseHandler):
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _create_association(self, room_alias, room_id, servers=None):
|
def _create_association(self, room_alias, room_id, servers=None, creator=None):
|
||||||
# general association creation for both human users and app services
|
# general association creation for both human users and app services
|
||||||
|
|
||||||
for wchar in string.whitespace:
|
for wchar in string.whitespace:
|
||||||
|
@ -60,7 +60,8 @@ class DirectoryHandler(BaseHandler):
|
||||||
yield self.store.create_room_alias_association(
|
yield self.store.create_room_alias_association(
|
||||||
room_alias,
|
room_alias,
|
||||||
room_id,
|
room_id,
|
||||||
servers
|
servers,
|
||||||
|
creator=creator,
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
|
@ -77,7 +78,7 @@ class DirectoryHandler(BaseHandler):
|
||||||
400, "This alias is reserved by an application service.",
|
400, "This alias is reserved by an application service.",
|
||||||
errcode=Codes.EXCLUSIVE
|
errcode=Codes.EXCLUSIVE
|
||||||
)
|
)
|
||||||
yield self._create_association(room_alias, room_id, servers)
|
yield self._create_association(room_alias, room_id, servers, creator=user_id)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def create_appservice_association(self, service, room_alias, room_id,
|
def create_appservice_association(self, service, room_alias, room_id,
|
||||||
|
@ -95,7 +96,11 @@ class DirectoryHandler(BaseHandler):
|
||||||
def delete_association(self, user_id, room_alias):
|
def delete_association(self, user_id, room_alias):
|
||||||
# association deletion for human users
|
# association deletion for human users
|
||||||
|
|
||||||
# TODO Check if server admin
|
can_delete = yield self._user_can_delete_alias(room_alias, user_id)
|
||||||
|
if not can_delete:
|
||||||
|
raise AuthError(
|
||||||
|
403, "You don't have permission to delete the alias.",
|
||||||
|
)
|
||||||
|
|
||||||
can_delete = yield self.can_modify_alias(
|
can_delete = yield self.can_modify_alias(
|
||||||
room_alias,
|
room_alias,
|
||||||
|
@ -257,3 +262,13 @@ class DirectoryHandler(BaseHandler):
|
||||||
return
|
return
|
||||||
# either no interested services, or no service with an exclusive lock
|
# either no interested services, or no service with an exclusive lock
|
||||||
defer.returnValue(True)
|
defer.returnValue(True)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _user_can_delete_alias(self, alias, user_id):
|
||||||
|
creator = yield self.store.get_room_alias_creator(alias.to_string())
|
||||||
|
|
||||||
|
if creator and creator == user_id:
|
||||||
|
defer.returnValue(True)
|
||||||
|
|
||||||
|
is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))
|
||||||
|
defer.returnValue(is_admin)
|
||||||
|
|
|
@ -118,9 +118,6 @@ class ClientDirectoryServer(ClientV1RestServlet):
|
||||||
|
|
||||||
requester = yield self.auth.get_user_by_req(request)
|
requester = yield self.auth.get_user_by_req(request)
|
||||||
user = requester.user
|
user = requester.user
|
||||||
is_admin = yield self.auth.is_server_admin(user)
|
|
||||||
if not is_admin:
|
|
||||||
raise AuthError(403, "You need to be a server admin")
|
|
||||||
|
|
||||||
room_alias = RoomAlias.from_string(room_alias)
|
room_alias = RoomAlias.from_string(room_alias)
|
||||||
|
|
||||||
|
|
|
@ -70,13 +70,14 @@ class DirectoryStore(SQLBaseStore):
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def create_room_alias_association(self, room_alias, room_id, servers):
|
def create_room_alias_association(self, room_alias, room_id, servers, creator=None):
|
||||||
""" Creates an associatin between a room alias and room_id/servers
|
""" Creates an associatin between a room alias and room_id/servers
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
room_alias (RoomAlias)
|
room_alias (RoomAlias)
|
||||||
room_id (str)
|
room_id (str)
|
||||||
servers (list)
|
servers (list)
|
||||||
|
creator (str): Optional user_id of creator.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Deferred
|
Deferred
|
||||||
|
@ -87,6 +88,7 @@ class DirectoryStore(SQLBaseStore):
|
||||||
{
|
{
|
||||||
"room_alias": room_alias.to_string(),
|
"room_alias": room_alias.to_string(),
|
||||||
"room_id": room_id,
|
"room_id": room_id,
|
||||||
|
"creator": creator,
|
||||||
},
|
},
|
||||||
desc="create_room_alias_association",
|
desc="create_room_alias_association",
|
||||||
)
|
)
|
||||||
|
@ -107,6 +109,17 @@ class DirectoryStore(SQLBaseStore):
|
||||||
)
|
)
|
||||||
self.get_aliases_for_room.invalidate((room_id,))
|
self.get_aliases_for_room.invalidate((room_id,))
|
||||||
|
|
||||||
|
def get_room_alias_creator(self, room_alias):
|
||||||
|
return self._simple_select_one_onecol(
|
||||||
|
table="room_aliases",
|
||||||
|
keyvalues={
|
||||||
|
"room_alias": room_alias,
|
||||||
|
},
|
||||||
|
retcol="creator",
|
||||||
|
desc="get_room_alias_creator",
|
||||||
|
allow_none=True
|
||||||
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def delete_room_alias(self, room_alias):
|
def delete_room_alias(self, room_alias):
|
||||||
room_id = yield self.runInteraction(
|
room_id = yield self.runInteraction(
|
||||||
|
|
16
synapse/storage/schema/delta/30/alias_creator.sql
Normal file
16
synapse/storage/schema/delta/30/alias_creator.sql
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
/* Copyright 2016 OpenMarket Ltd
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
ALTER TABLE room_aliases ADD COLUMN creator TEXT;
|
Loading…
Reference in a new issue