Get memberships only if the user is or has been in the room

2025-12-10 16:33:11 -06:00 · 2017-08-03 18:17:26 +01:00 · 2017-08-03 18:17:26 +01:00 · 723ef3d050
parent 36a48bdba8
commit 723ef3d050
2 changed files with 46 additions and 22 deletions
--- a/src/github.com/matrix-org/dendrite/clientapi/readers/memberships.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/readers/memberships.go
@ -17,8 +17,11 @@ package readers
 import (
 	"net/http"

+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 	"github.com/matrix-org/dendrite/clientapi/auth/storage/accounts"
 	"github.com/matrix-org/dendrite/clientapi/httputil"
+	"github.com/matrix-org/dendrite/clientapi/jsonerror"
+	"github.com/matrix-org/dendrite/common/config"
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
@ -26,34 +29,55 @@ import (

 // GetMemberships implements GET /rooms/{roomId}/members
 func GetMemberships(
-	req *http.Request, roomID string, accountDB *accounts.Database,
+	req *http.Request, device *authtypes.Device, roomID string,
+	accountDB *accounts.Database, cfg config.Dendrite,
 	queryAPI api.RoomserverQueryAPI,
 ) util.JSONResponse {
-	// TODO: If the user has been in the room before but isn't
-	// anymore, only send the members list as it was before they left.
-
-	memberships, err := accountDB.GetMembershipsByRoomID(roomID)
+	localpart, server, err := gomatrixserverlib.SplitID('@', device.UserID)
 	if err != nil {
 		return httputil.LogThenError(req, err)
 	}

-	eventIDs := []string{}
-	for _, membership := range memberships {
-		eventIDs = append(eventIDs, membership.EventID)
-	}
-
-	queryReq := api.QueryEventsByIDRequest{
-		EventIDs: eventIDs,
-	}
-	var queryRes api.QueryEventsByIDResponse
-	if err := queryAPI.QueryEventsByID(&queryReq, &queryRes); err != nil {
-		return httputil.LogThenError(req, err)
-	}
-
 	events := []gomatrixserverlib.ClientEvent{}
-	for _, event := range queryRes.Events {
-		ev := gomatrixserverlib.ToClientEvent(event, gomatrixserverlib.FormatAll)
-		events = append(events, ev)
+	if server == cfg.Matrix.ServerName {
+		// TODO: If the user has been in the room before but isn't
+		// anymore, only send the members list as it was before they left.
+		membership, err := accountDB.GetMembership(localpart, roomID)
+		if err != nil {
+			return httputil.LogThenError(req, err)
+		}
+
+		if membership == nil {
+			return util.JSONResponse{
+				Code: 403,
+				JSON: jsonerror.Forbidden("You aren't a member of the room and weren't previously a member of the room."),
+			}
+		}
+
+		memberships, err := accountDB.GetMembershipsByRoomID(roomID)
+		if err != nil {
+			return httputil.LogThenError(req, err)
+		}
+
+		eventIDs := []string{}
+		for _, membership := range memberships {
+			eventIDs = append(eventIDs, membership.EventID)
+		}
+
+		queryReq := api.QueryEventsByIDRequest{
+			EventIDs: eventIDs,
+		}
+		var queryRes api.QueryEventsByIDResponse
+		if err := queryAPI.QueryEventsByID(&queryReq, &queryRes); err != nil {
+			return httputil.LogThenError(req, err)
+		}
+
+		for _, event := range queryRes.Events {
+			ev := gomatrixserverlib.ToClientEvent(event, gomatrixserverlib.FormatAll)
+			events = append(events, ev)
+		}
+	} else {
+		// TODO: Get memberships from federation
 	}

 	return util.JSONResponse{
--- a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
@ -304,7 +304,7 @@ func Setup(
 	r0mux.Handle("/rooms/{roomID}/members",
 		common.MakeAuthAPI("rooms_members", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
 			vars := mux.Vars(req)
-			return readers.GetMemberships(req, vars["roomID"], accountDB, queryAPI)
+			return readers.GetMemberships(req, device, vars["roomID"], accountDB, cfg, queryAPI)
 		}),
 	)