mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-29 01:33:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow deleting a local alias with enough PL

Browse source
This commit is contained in:
Neil Alexander 2021-07-21 16:11:09 +01:00
parent 3de41c60a3
commit 48cc6c8446
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 36 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
clientapi/routing/directory.go
View file

@ -194,14 +194,14 @@ func RemoveLocalAlias(
req *http.Request, req *http.Request,
device *api.Device, device *api.Device,
alias string, alias string,
aliasAPI roomserverAPI.RoomserverInternalAPI, rsAPI roomserverAPI.RoomserverInternalAPI,
) util.JSONResponse { ) util.JSONResponse {
creatorQueryReq := roomserverAPI.GetCreatorIDForAliasRequest{ creatorQueryReq := roomserverAPI.GetCreatorIDForAliasRequest{
Alias: alias, Alias: alias,
} }
var creatorQueryRes roomserverAPI.GetCreatorIDForAliasResponse var creatorQueryRes roomserverAPI.GetCreatorIDForAliasResponse
if err := aliasAPI.GetCreatorIDForAlias(req.Context(), &creatorQueryReq, &creatorQueryRes); err != nil { if err := rsAPI.GetCreatorIDForAlias(req.Context(), &creatorQueryReq, &creatorQueryRes); err != nil {
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.GetCreatorIDForAlias failed") util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.GetCreatorIDForAlias failed")
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }
@ -214,10 +214,39 @@ func RemoveLocalAlias(
} }
if creatorQueryRes.UserID != device.UserID { if creatorQueryRes.UserID != device.UserID {
// TODO: Still allow deletion if user is admin // Query the roomserver API to check if the alias exists locally.
return util.JSONResponse{ roomReq := &roomserverAPI.GetRoomIDForAliasRequest{
Code: http.StatusForbidden, Alias: alias,
JSON: jsonerror.Forbidden("You do not have permission to delete this alias"), }
roomRes := &roomserverAPI.GetRoomIDForAliasResponse{}
if err := rsAPI.GetRoomIDForAlias(req.Context(), roomReq, roomRes); err != nil {
util.GetLogger(req.Context()).WithError(err).Error("rsAPI.GetRoomIDForAlias failed")
return jsonerror.InternalServerError()
}
// Now request the power levels so that we can see if we have enough power to remove it.
queryEventsReq := roomserverAPI.QueryLatestEventsAndStateRequest{
RoomID: roomRes.RoomID,
StateToFetch: []gomatrixserverlib.StateKeyTuple{{
EventType: gomatrixserverlib.MRoomPowerLevels,
StateKey: "",
}},
}
var queryEventsRes roomserverAPI.QueryLatestEventsAndStateResponse
err := rsAPI.QueryLatestEventsAndState(req.Context(), &queryEventsReq, &queryEventsRes)
if err != nil || len(queryEventsRes.StateEvents) == 0 {
util.GetLogger(req.Context()).WithError(err).Error("could not query events from room")
return jsonerror.InternalServerError()
}
// NOTSPEC: Check if the user's power is greater than power required to change m.room.canonical_alias event.
// Despite being NOTSPEC, there seems to be a sytest for this?
power, _ := gomatrixserverlib.NewPowerLevelContentFromEvent(queryEventsRes.StateEvents[0].Event)
if power.UserLevel(device.UserID) < power.EventLevel(gomatrixserverlib.MRoomCanonicalAlias, true) {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("You do not have permission to delete this alias."),
}
} }
} }
@ -226,7 +255,7 @@ func RemoveLocalAlias(
UserID: device.UserID, UserID: device.UserID,
} }
var queryRes roomserverAPI.RemoveRoomAliasResponse var queryRes roomserverAPI.RemoveRoomAliasResponse
if err := aliasAPI.RemoveRoomAlias(req.Context(), &queryReq, &queryRes); err != nil { if err := rsAPI.RemoveRoomAlias(req.Context(), &queryReq, &queryRes); err != nil {
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.RemoveRoomAlias failed") util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.RemoveRoomAlias failed")
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }