forked from MirrorHub/synapse
Only allow people in a room to look up room state.
This commit is contained in:
parent
997ed151db
commit
37900a92db
2 changed files with 12 additions and 42 deletions
|
@ -147,49 +147,19 @@ class MessageHandler(BaseHandler):
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def get_room_data(self, user_id=None, room_id=None,
|
def get_room_data(self, user_id=None, room_id=None,
|
||||||
event_type=None, state_key="",
|
event_type=None, state_key=""):
|
||||||
public_room_rules=[],
|
|
||||||
private_room_rules=["join"]):
|
|
||||||
""" Get data from a room.
|
""" Get data from a room.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
event : The room path event
|
event : The room path event
|
||||||
public_room_rules : A list of membership states the user can be in,
|
|
||||||
in order to read this data IN A PUBLIC ROOM. An empty list means
|
|
||||||
'any state'.
|
|
||||||
private_room_rules : A list of membership states the user can be
|
|
||||||
in, in order to read this data IN A PRIVATE ROOM. An empty list
|
|
||||||
means 'any state'.
|
|
||||||
Returns:
|
Returns:
|
||||||
The path data content.
|
The path data content.
|
||||||
Raises:
|
Raises:
|
||||||
SynapseError if something went wrong.
|
SynapseError if something went wrong.
|
||||||
"""
|
"""
|
||||||
if event_type == RoomTopicEvent.TYPE:
|
have_joined = yield self.auth.check_joined_room(room_id, user_id)
|
||||||
# anyone invited/joined can read the topic
|
if not have_joined:
|
||||||
private_room_rules = ["invite", "join"]
|
raise RoomError(403, "User not in room.")
|
||||||
|
|
||||||
# does this room exist
|
|
||||||
room = yield self.store.get_room(room_id)
|
|
||||||
if not room:
|
|
||||||
raise RoomError(403, "Room does not exist.")
|
|
||||||
|
|
||||||
# does this user exist in this room
|
|
||||||
member = yield self.store.get_room_member(
|
|
||||||
room_id=room_id,
|
|
||||||
user_id="" if not user_id else user_id)
|
|
||||||
|
|
||||||
member_state = member.membership if member else None
|
|
||||||
|
|
||||||
if room.is_public and public_room_rules:
|
|
||||||
# make sure the user meets public room rules
|
|
||||||
if member_state not in public_room_rules:
|
|
||||||
raise RoomError(403, "Member does not meet public room rules.")
|
|
||||||
elif not room.is_public and private_room_rules:
|
|
||||||
# make sure the user meets private room rules
|
|
||||||
if member_state not in private_room_rules:
|
|
||||||
raise RoomError(
|
|
||||||
403, "Member does not meet private room rules.")
|
|
||||||
|
|
||||||
data = yield self.state_handler.get_current_state(
|
data = yield self.state_handler.get_current_state(
|
||||||
room_id, event_type, state_key
|
room_id, event_type, state_key
|
||||||
|
|
|
@ -230,9 +230,9 @@ class RoomPermissionsTestCase(RestTestCase):
|
||||||
"PUT", topic_path, topic_content)
|
"PUT", topic_path, topic_content)
|
||||||
self.assertEquals(403, code, msg=str(response))
|
self.assertEquals(403, code, msg=str(response))
|
||||||
|
|
||||||
# get topic in created PRIVATE room and invited, expect 200 (or 404)
|
# get topic in created PRIVATE room and invited, expect 403
|
||||||
(code, response) = yield self.mock_resource.trigger_get(topic_path)
|
(code, response) = yield self.mock_resource.trigger_get(topic_path)
|
||||||
self.assertEquals(404, code, msg=str(response))
|
self.assertEquals(403, code, msg=str(response))
|
||||||
|
|
||||||
# set/get topic in created PRIVATE room and joined, expect 200
|
# set/get topic in created PRIVATE room and joined, expect 200
|
||||||
yield self.join(room=self.created_rmid, user=self.user_id)
|
yield self.join(room=self.created_rmid, user=self.user_id)
|
||||||
|
@ -256,10 +256,10 @@ class RoomPermissionsTestCase(RestTestCase):
|
||||||
(code, response) = yield self.mock_resource.trigger_get(topic_path)
|
(code, response) = yield self.mock_resource.trigger_get(topic_path)
|
||||||
self.assertEquals(403, code, msg=str(response))
|
self.assertEquals(403, code, msg=str(response))
|
||||||
|
|
||||||
# get topic in PUBLIC room, not joined, expect 200 (or 404)
|
# get topic in PUBLIC room, not joined, expect 403
|
||||||
(code, response) = yield self.mock_resource.trigger_get(
|
(code, response) = yield self.mock_resource.trigger_get(
|
||||||
"/rooms/%s/state/m.room.topic" % self.created_public_rmid)
|
"/rooms/%s/state/m.room.topic" % self.created_public_rmid)
|
||||||
self.assertEquals(200, code, msg=str(response))
|
self.assertEquals(403, code, msg=str(response))
|
||||||
|
|
||||||
# set topic in PUBLIC room, not joined, expect 403
|
# set topic in PUBLIC room, not joined, expect 403
|
||||||
(code, response) = yield self.mock_resource.trigger(
|
(code, response) = yield self.mock_resource.trigger(
|
||||||
|
@ -326,12 +326,12 @@ class RoomPermissionsTestCase(RestTestCase):
|
||||||
def test_membership_public_room_perms(self):
|
def test_membership_public_room_perms(self):
|
||||||
room = self.created_public_rmid
|
room = self.created_public_rmid
|
||||||
# get membership of self, get membership of other, public room + invite
|
# get membership of self, get membership of other, public room + invite
|
||||||
# expect all 200s - public rooms, you can see who is in them.
|
# expect 403
|
||||||
yield self.invite(room=room, src=self.rmcreator_id,
|
yield self.invite(room=room, src=self.rmcreator_id,
|
||||||
targ=self.user_id)
|
targ=self.user_id)
|
||||||
yield self._test_get_membership(
|
yield self._test_get_membership(
|
||||||
members=[self.user_id, self.rmcreator_id],
|
members=[self.user_id, self.rmcreator_id],
|
||||||
room=room, expect_code=200)
|
room=room, expect_code=403)
|
||||||
|
|
||||||
# get membership of self, get membership of other, public room + joined
|
# get membership of self, get membership of other, public room + joined
|
||||||
# expect all 200s
|
# expect all 200s
|
||||||
|
@ -341,11 +341,11 @@ class RoomPermissionsTestCase(RestTestCase):
|
||||||
room=room, expect_code=200)
|
room=room, expect_code=200)
|
||||||
|
|
||||||
# get membership of self, get membership of other, public room + left
|
# get membership of self, get membership of other, public room + left
|
||||||
# expect all 200s - public rooms, you can always see who is in them.
|
# expect 403.
|
||||||
yield self.leave(room=room, user=self.user_id)
|
yield self.leave(room=room, user=self.user_id)
|
||||||
yield self._test_get_membership(
|
yield self._test_get_membership(
|
||||||
members=[self.user_id, self.rmcreator_id],
|
members=[self.user_id, self.rmcreator_id],
|
||||||
room=room, expect_code=200)
|
room=room, expect_code=403)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def test_invited_permissions(self):
|
def test_invited_permissions(self):
|
||||||
|
|
Loading…
Reference in a new issue