Merge pull request #2476 from matrix-org/erikj/joined_members_auth

Fix /joined_members to work with AS users
This commit is contained in:
Erik Johnston 2017-09-28 10:44:44 +01:00 committed by GitHub
commit bf86a41ef1
2 changed files with 26 additions and 13 deletions

View file

@ -420,27 +420,41 @@ class MessageHandler(BaseHandler):
) )
@defer.inlineCallbacks @defer.inlineCallbacks
def get_joined_members(self, user_id, room_id): def get_joined_members(self, requester, room_id):
"""Get all the joined members in the room and their profile information. """Get all the joined members in the room and their profile information.
If the user has left the room return the state events from when they left. If the user has left the room return the state events from when they left.
Args: Args:
user_id(str): The user requesting state events. requester(Requester): The user requesting state events.
room_id(str): The room ID to get all state events from. room_id(str): The room ID to get all state events from.
Returns: Returns:
A dict of user_id to profile info A dict of user_id to profile info
""" """
membership, membership_event_id = yield self._check_in_room_or_world_readable( user_id = requester.user.to_string()
room_id, user_id if not requester.app_service:
) # We check AS auth after fetching the room membership, as it
# requires us to pull out all joined members anyway.
if membership == Membership.JOIN: membership, _ = yield self._check_in_room_or_world_readable(
users_with_profile = yield self.state.get_current_user_in_room(room_id) room_id, user_id
else:
raise NotImplementedError(
"Getting joined members after leaving is not implemented"
) )
if membership != Membership.JOIN:
raise NotImplementedError(
"Getting joined members after leaving is not implemented"
)
users_with_profile = yield self.state.get_current_user_in_room(room_id)
# If this is an AS, double check that they are allowed to see the members.
# This can either be because the AS user is in the room or becuase there
# is a user in the room that the AS is "interested in"
if requester.app_service and user_id not in users_with_profile:
for uid in users_with_profile:
if requester.app_service.is_interested_in_user(uid):
break
else:
# Loop fell through, AS has no interested users in room
raise AuthError(403, "Appservice not in room")
defer.returnValue({ defer.returnValue({
user_id: { user_id: {

View file

@ -403,10 +403,9 @@ class JoinedRoomMemberListRestServlet(ClientV1RestServlet):
@defer.inlineCallbacks @defer.inlineCallbacks
def on_GET(self, request, room_id): def on_GET(self, request, room_id):
requester = yield self.auth.get_user_by_req(request) requester = yield self.auth.get_user_by_req(request)
user_id = requester.user.to_string()
users_with_profile = yield self.message_handler.get_joined_members( users_with_profile = yield self.message_handler.get_joined_members(
user_id, room_id, requester, room_id,
) )
defer.returnValue((200, { defer.returnValue((200, {