FIXUP: Making get_event_context a bit more paranoid

This commit is contained in:
David Teller 2021-01-28 12:27:30 +01:00
parent b755f60ce2
commit 93f84e0373
3 changed files with 10 additions and 4 deletions

View file

@ -38,6 +38,7 @@ from synapse.api.filtering import Filter
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion
from synapse.events import EventBase from synapse.events import EventBase
from synapse.events.utils import copy_power_levels_contents from synapse.events.utils import copy_power_levels_contents
from synapse.rest.admin._base import assert_user_is_admin
from synapse.storage.state import StateFilter from synapse.storage.state import StateFilter
from synapse.types import ( from synapse.types import (
JsonDict, JsonDict,
@ -997,13 +998,14 @@ class RoomCreationHandler(BaseHandler):
class RoomContextHandler: class RoomContextHandler:
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
self.hs = hs self.hs = hs
self.auth = hs.get_auth()
self.store = hs.get_datastore() self.store = hs.get_datastore()
self.storage = hs.get_storage() self.storage = hs.get_storage()
self.state_store = self.storage.state self.state_store = self.storage.state
async def get_event_context( async def get_event_context(
self, self,
user: UserID, requester: Requester,
room_id: str, room_id: str,
event_id: str, event_id: str,
limit: int, limit: int,
@ -1014,7 +1016,7 @@ class RoomContextHandler:
in a room. in a room.
Args: Args:
user requester
room_id room_id
event_id event_id
limit: The maximum number of events to return in total limit: The maximum number of events to return in total
@ -1027,6 +1029,10 @@ class RoomContextHandler:
Returns: Returns:
dict, or None if the event isn't found dict, or None if the event isn't found
""" """
user = requester.user
if use_admin_priviledge:
await assert_user_is_admin(self.auth, requester.user)
before_limit = math.floor(limit / 2.0) before_limit = math.floor(limit / 2.0)
after_limit = limit - before_limit after_limit = limit - before_limit

View file

@ -600,7 +600,7 @@ class RoomEventContextServlet(RestServlet):
event_filter = None event_filter = None
results = await self.room_context_handler.get_event_context( results = await self.room_context_handler.get_event_context(
requester.user, requester,
room_id, room_id,
event_id, event_id,
limit, limit,

View file

@ -650,7 +650,7 @@ class RoomEventContextServlet(RestServlet):
event_filter = None event_filter = None
results = await self.room_context_handler.get_event_context( results = await self.room_context_handler.get_event_context(
requester.user, room_id, event_id, limit, event_filter requester, room_id, event_id, limit, event_filter
) )
if not results: if not results: