From 64fc3b8ef2b86fd352a5079f2b32bca87089c9a2 Mon Sep 17 00:00:00 2001 From: Till Faelligen <2353100+S7evinK@users.noreply.github.com> Date: Tue, 25 Oct 2022 15:00:00 +0200 Subject: [PATCH] Return forbidden if not a member anymore (fix #2802) --- syncapi/routing/memberships.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/syncapi/routing/memberships.go b/syncapi/routing/memberships.go index b4e342251..c9acc5d2b 100644 --- a/syncapi/routing/memberships.go +++ b/syncapi/routing/memberships.go @@ -109,6 +109,12 @@ func GetMemberships( } if joinedOnly { + if !queryRes.IsInRoom { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("You aren't a member of the room and weren't previously a member of the room."), + } + } var res getJoinedMembersResponse res.Joined = make(map[string]joinedMember) for _, ev := range result {