diff --git a/src/github.com/matrix-org/dendrite/clientapi/readers/memberships.go b/src/github.com/matrix-org/dendrite/clientapi/readers/memberships.go index 9f06fd26c..7ab453699 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/readers/memberships.go +++ b/src/github.com/matrix-org/dendrite/clientapi/readers/memberships.go @@ -17,8 +17,11 @@ package readers import ( "net/http" + "github.com/matrix-org/dendrite/clientapi/auth/authtypes" "github.com/matrix-org/dendrite/clientapi/auth/storage/accounts" "github.com/matrix-org/dendrite/clientapi/httputil" + "github.com/matrix-org/dendrite/clientapi/jsonerror" + "github.com/matrix-org/dendrite/common/config" "github.com/matrix-org/dendrite/roomserver/api" "github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/util" @@ -26,34 +29,55 @@ import ( // GetMemberships implements GET /rooms/{roomId}/members func GetMemberships( - req *http.Request, roomID string, accountDB *accounts.Database, + req *http.Request, device *authtypes.Device, roomID string, + accountDB *accounts.Database, cfg config.Dendrite, queryAPI api.RoomserverQueryAPI, ) util.JSONResponse { - // TODO: If the user has been in the room before but isn't - // anymore, only send the members list as it was before they left. - - memberships, err := accountDB.GetMembershipsByRoomID(roomID) + localpart, server, err := gomatrixserverlib.SplitID('@', device.UserID) if err != nil { return httputil.LogThenError(req, err) } - eventIDs := []string{} - for _, membership := range memberships { - eventIDs = append(eventIDs, membership.EventID) - } - - queryReq := api.QueryEventsByIDRequest{ - EventIDs: eventIDs, - } - var queryRes api.QueryEventsByIDResponse - if err := queryAPI.QueryEventsByID(&queryReq, &queryRes); err != nil { - return httputil.LogThenError(req, err) - } - events := []gomatrixserverlib.ClientEvent{} - for _, event := range queryRes.Events { - ev := gomatrixserverlib.ToClientEvent(event, gomatrixserverlib.FormatAll) - events = append(events, ev) + if server == cfg.Matrix.ServerName { + // TODO: If the user has been in the room before but isn't + // anymore, only send the members list as it was before they left. + membership, err := accountDB.GetMembership(localpart, roomID) + if err != nil { + return httputil.LogThenError(req, err) + } + + if membership == nil { + return util.JSONResponse{ + Code: 403, + JSON: jsonerror.Forbidden("You aren't a member of the room and weren't previously a member of the room."), + } + } + + memberships, err := accountDB.GetMembershipsByRoomID(roomID) + if err != nil { + return httputil.LogThenError(req, err) + } + + eventIDs := []string{} + for _, membership := range memberships { + eventIDs = append(eventIDs, membership.EventID) + } + + queryReq := api.QueryEventsByIDRequest{ + EventIDs: eventIDs, + } + var queryRes api.QueryEventsByIDResponse + if err := queryAPI.QueryEventsByID(&queryReq, &queryRes); err != nil { + return httputil.LogThenError(req, err) + } + + for _, event := range queryRes.Events { + ev := gomatrixserverlib.ToClientEvent(event, gomatrixserverlib.FormatAll) + events = append(events, ev) + } + } else { + // TODO: Get memberships from federation } return util.JSONResponse{ diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go index 8ba1a7685..b2daed679 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go +++ b/src/github.com/matrix-org/dendrite/clientapi/routing/routing.go @@ -304,7 +304,7 @@ func Setup( r0mux.Handle("/rooms/{roomID}/members", common.MakeAuthAPI("rooms_members", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse { vars := mux.Vars(req) - return readers.GetMemberships(req, vars["roomID"], accountDB, queryAPI) + return readers.GetMemberships(req, device, vars["roomID"], accountDB, cfg, queryAPI) }), )