From bb2af96fca0974d4a8b90383c0afb2727e015521 Mon Sep 17 00:00:00 2001
From: Tak Wai Wong <64229756+tak-hntlabs@users.noreply.github.com>
Date: Tue, 14 Feb 2023 16:21:38 -0800
Subject: [PATCH] implement redact permission (#1491)

- implement redact authorization check on dendrite
- lower power levels for redaction on client because the permission is
enforced on the server
- added tests to verify that a user can redact his / her own messages,
but not others; moderators with the Redact permission can redact
messages of other people
---
 clientapi/routing/routing.go | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go
index 10c054b42..7e02b0451 100644
--- a/clientapi/routing/routing.go
+++ b/clientapi/routing/routing.go
@@ -646,6 +646,23 @@ func Setup(
 			if err != nil {
 				return util.ErrorResponse(err)
 			}
+			ev := roomserverAPI.GetEvent(req.Context(), rsAPI, vars["eventID"])
+			// user is always allowed to redact their own events.
+			isAllowed := ev.Sender() == device.UserID
+			if !isAllowed {
+				// if event is not from the sender, then check with the authz module.
+				isAllowed, _ = authorization.IsAllowed(authz.AuthorizationArgs{
+					RoomId:     vars["roomID"],
+					UserId:     device.UserID,
+					Permission: authz.PermissionRedact,
+				})
+			}
+			if !isAllowed {
+				return util.JSONResponse{
+					Code: http.StatusUnauthorized,
+					JSON: jsonerror.Forbidden("Unauthorised"),
+				}
+			}
 			return SendRedaction(req, device, vars["roomID"], vars["eventID"], cfg, rsAPI, nil, nil)
 		}),
 	).Methods(http.MethodPost, http.MethodOptions)
@@ -655,6 +672,23 @@ func Setup(
 			if err != nil {
 				return util.ErrorResponse(err)
 			}
+			ev := roomserverAPI.GetEvent(req.Context(), rsAPI, vars["eventID"])
+			// user is always allowed to redact their own events.
+			isAllowed := ev.Sender() == device.UserID
+			if !isAllowed {
+				// if event is not from the sender, then check with the authz module.
+				isAllowed, _ = authorization.IsAllowed(authz.AuthorizationArgs{
+					RoomId:     vars["roomID"],
+					UserId:     device.UserID,
+					Permission: authz.PermissionRedact,
+				})
+			}
+			if !isAllowed {
+				return util.JSONResponse{
+					Code: http.StatusUnauthorized,
+					JSON: jsonerror.Forbidden("Unauthorised"),
+				}
+			}
 			txnID := vars["txnId"]
 			return SendRedaction(req, device, vars["roomID"], vars["eventID"], cfg, rsAPI, &txnID, transactionsCache)
 		}),