From a1bd348977357e55508fc5510d24c8bdc9115c67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20K=C3=B6sters?= <timo@koesters.xyz>
Date: Tue, 7 Mar 2023 17:58:55 +0100
Subject: [PATCH] fix: history visibility

---
 src/api/client_server/account.rs    |  2 +-
 src/api/client_server/membership.rs | 11 +++++------
 src/api/client_server/state.rs      |  6 +++---
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs
index 745925467..1d7480a2c 100644
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -129,7 +129,7 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
         auth_error: None,
     };
 
-    if !body.from_appservice {
+    if !body.from_appservice && !is_guest {
         if let Some(auth) = &body.auth {
             let (worked, uiaainfo) = services().uiaa.try_auth(
                 &UserId::parse_with_server_name("", services().globals.server_name())
diff --git a/src/api/client_server/membership.rs b/src/api/client_server/membership.rs
index 965c618d6..b9b1756e9 100644
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@@ -396,11 +396,10 @@ pub async fn get_member_events_route(
 ) -> Result<get_member_events::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    // TODO: check history visibility?
     if !services()
         .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
     {
         return Err(Error::BadRequest(
             ErrorKind::Forbidden,
@@ -434,12 +433,12 @@ pub async fn joined_members_route(
 
     if !services()
         .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
     {
         return Err(Error::BadRequest(
             ErrorKind::Forbidden,
-            "You aren't a member of the room.",
+            "You don't have permission to view this room.",
         ));
     }
 
diff --git a/src/api/client_server/state.rs b/src/api/client_server/state.rs
index e2abe480d..8e4ceaf90 100644
--- a/src/api/client_server/state.rs
+++ b/src/api/client_server/state.rs
@@ -81,7 +81,7 @@ pub async fn get_state_events_route(
 ) -> Result<get_state_events::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    if services()
+    if !services()
         .rooms
         .state_accessor
         .user_can_see_state_events(&sender_user, &body.room_id)?
@@ -114,7 +114,7 @@ pub async fn get_state_events_for_key_route(
 ) -> Result<get_state_events_for_key::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    if services()
+    if !services()
         .rooms
         .state_accessor
         .user_can_see_state_events(&sender_user, &body.room_id)?
@@ -150,7 +150,7 @@ pub async fn get_state_events_for_empty_key_route(
 ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    if services()
+    if !services()
         .rooms
         .state_accessor
         .user_can_see_state_events(&sender_user, &body.room_id)?
-- 
GitLab