forked from MirrorHub/synapse
Merge pull request #2476 from matrix-org/erikj/joined_members_auth
Fix /joined_members to work with AS users
This commit is contained in:
commit
bf86a41ef1
2 changed files with 26 additions and 13 deletions
|
@ -420,27 +420,41 @@ class MessageHandler(BaseHandler):
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def get_joined_members(self, user_id, room_id):
|
def get_joined_members(self, requester, room_id):
|
||||||
"""Get all the joined members in the room and their profile information.
|
"""Get all the joined members in the room and their profile information.
|
||||||
|
|
||||||
If the user has left the room return the state events from when they left.
|
If the user has left the room return the state events from when they left.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
user_id(str): The user requesting state events.
|
requester(Requester): The user requesting state events.
|
||||||
room_id(str): The room ID to get all state events from.
|
room_id(str): The room ID to get all state events from.
|
||||||
Returns:
|
Returns:
|
||||||
A dict of user_id to profile info
|
A dict of user_id to profile info
|
||||||
"""
|
"""
|
||||||
membership, membership_event_id = yield self._check_in_room_or_world_readable(
|
user_id = requester.user.to_string()
|
||||||
room_id, user_id
|
if not requester.app_service:
|
||||||
)
|
# We check AS auth after fetching the room membership, as it
|
||||||
|
# requires us to pull out all joined members anyway.
|
||||||
if membership == Membership.JOIN:
|
membership, _ = yield self._check_in_room_or_world_readable(
|
||||||
users_with_profile = yield self.state.get_current_user_in_room(room_id)
|
room_id, user_id
|
||||||
else:
|
|
||||||
raise NotImplementedError(
|
|
||||||
"Getting joined members after leaving is not implemented"
|
|
||||||
)
|
)
|
||||||
|
if membership != Membership.JOIN:
|
||||||
|
raise NotImplementedError(
|
||||||
|
"Getting joined members after leaving is not implemented"
|
||||||
|
)
|
||||||
|
|
||||||
|
users_with_profile = yield self.state.get_current_user_in_room(room_id)
|
||||||
|
|
||||||
|
# If this is an AS, double check that they are allowed to see the members.
|
||||||
|
# This can either be because the AS user is in the room or becuase there
|
||||||
|
# is a user in the room that the AS is "interested in"
|
||||||
|
if requester.app_service and user_id not in users_with_profile:
|
||||||
|
for uid in users_with_profile:
|
||||||
|
if requester.app_service.is_interested_in_user(uid):
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
# Loop fell through, AS has no interested users in room
|
||||||
|
raise AuthError(403, "Appservice not in room")
|
||||||
|
|
||||||
defer.returnValue({
|
defer.returnValue({
|
||||||
user_id: {
|
user_id: {
|
||||||
|
|
|
@ -403,10 +403,9 @@ class JoinedRoomMemberListRestServlet(ClientV1RestServlet):
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_GET(self, request, room_id):
|
def on_GET(self, request, room_id):
|
||||||
requester = yield self.auth.get_user_by_req(request)
|
requester = yield self.auth.get_user_by_req(request)
|
||||||
user_id = requester.user.to_string()
|
|
||||||
|
|
||||||
users_with_profile = yield self.message_handler.get_joined_members(
|
users_with_profile = yield self.message_handler.get_joined_members(
|
||||||
user_id, room_id,
|
requester, room_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
defer.returnValue((200, {
|
defer.returnValue((200, {
|
||||||
|
|
Loading…
Reference in a new issue