Skip to content
Snippets Groups Projects
Commit 7009f56a authored by 🥺's avatar 🥺 :transgender_flag:
Browse files

fix user directory publishing access controls 


Signed-off-by: default avatarstrawberry <strawberry@puppygock.gay>
parent 2c0bfac4
No related branches found
No related tags found
1 merge request!526Nix stuff, target optimised static binary builds + rename `conduit_cache_capacity_modifier` to `cache_capacity_modifier`
Hide whitespace changes
Inline Side-by-side
src/api/client/directory.rs
+ 8
3
View file @ 7009f56a
...@@ -117,7 +117,12 @@ pub(crate) async fn set_room_visibility_route( ...@@ -117,7 +117,12 @@ pub(crate) async fn set_room_visibility_route(
return Err(Error::BadRequest(ErrorKind::NotFound, "Room not found")); return Err(Error::BadRequest(ErrorKind::NotFound, "Room not found"));
} }
user_can_publish_room(sender_user, &body.room_id)?; if !user_can_publish_room(sender_user, &body.room_id)? {
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"User is not allowed to publish this room",
));
}
match &body.visibility { match &body.visibility {
room::Visibility::Public => { room::Visibility::Public => {
...@@ -377,8 +382,8 @@ fn user_can_publish_room(user_id: &UserId, room_id: &RoomId) -> Result<bool> { ...@@ -377,8 +382,8 @@ fn user_can_publish_room(user_id: &UserId, room_id: &RoomId) -> Result<bool> {
Ok(event.sender == user_id) Ok(event.sender == user_id)
} else { } else {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Unauthorized, ErrorKind::forbidden(),
"You are not allowed to publish this room to the room directory", "User is not allowed to publish this room",
)); ));
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment