mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-29 01:33:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

Check power levels when setting aliases

Browse source
This commit is contained in:
Neil Alexander 2021-07-21 14:16:14 +01:00
parent d0e70bad95
commit 590aedb67d
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
1 changed files with 31 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
clientapi/routing/directory.go
View file

@ -113,13 +113,12 @@ func DirectoryRoom(
} }
// SetLocalAlias implements PUT /directory/room/{roomAlias} // SetLocalAlias implements PUT /directory/room/{roomAlias}
// TODO: Check if the user has the power level to set an alias
func SetLocalAlias( func SetLocalAlias(
req *http.Request, req *http.Request,
device *api.Device, device *api.Device,
alias string, alias string,
cfg *config.ClientAPI, cfg *config.ClientAPI,
aliasAPI roomserverAPI.RoomserverInternalAPI, rsAPI roomserverAPI.RoomserverInternalAPI,
) util.JSONResponse { ) util.JSONResponse {
_, domain, err := gomatrixserverlib.SplitID('#', alias) _, domain, err := gomatrixserverlib.SplitID('#', alias)
if err != nil { if err != nil {
@ -166,13 +165,42 @@ func SetLocalAlias(
return *resErr return *resErr
} }
// Check if the user has the power to update the aliases.
stateTuple := gomatrixserverlib.StateKeyTuple{
EventType: gomatrixserverlib.MRoomPowerLevels,
StateKey: "",
}
stateReq := &roomserverAPI.QueryCurrentStateRequest{
RoomID: r.RoomID,
StateTuples: []gomatrixserverlib.StateKeyTuple{stateTuple},
}
stateRes := &roomserverAPI.QueryCurrentStateResponse{}
if err := rsAPI.QueryCurrentState(req.Context(), stateReq, stateRes); err != nil {
util.GetLogger(req.Context()).WithError(err).Error("rsAPI.QueryCurrentState failed")
return util.ErrorResponse(fmt.Errorf("rsAPI.QueryCurrentState: %w", err))
}
if plEvent, ok := stateRes.StateEvents[stateTuple]; ok {
pls, err := plEvent.PowerLevels()
if err != nil {
util.GetLogger(req.Context()).WithError(err).Error("plEvent.PowerLevels failed")
return util.ErrorResponse(fmt.Errorf("plEvent.PowerLevels: %w", err))
}
if pls.UserLevel(device.UserID) < pls.EventLevel(gomatrixserverlib.MRoomCanonicalAlias, true) {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("You do not have permission to set aliases."),
}
}
}
queryReq := roomserverAPI.SetRoomAliasRequest{ queryReq := roomserverAPI.SetRoomAliasRequest{
UserID: device.UserID, UserID: device.UserID,
RoomID: r.RoomID, RoomID: r.RoomID,
Alias: alias, Alias: alias,
} }
var queryRes roomserverAPI.SetRoomAliasResponse var queryRes roomserverAPI.SetRoomAliasResponse
if err := aliasAPI.SetRoomAlias(req.Context(), &queryReq, &queryRes); err != nil { if err := rsAPI.SetRoomAlias(req.Context(), &queryReq, &queryRes); err != nil {
util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.SetRoomAlias failed") util.GetLogger(req.Context()).WithError(err).Error("aliasAPI.SetRoomAlias failed")
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }