fix: history visibility

a1bd3489 · Timo Kösters · 27f29ba6 · a1bd3489 · a1bd3489 · a1bd3489
Unverified Commit a1bd3489 authored 2 years ago by Timo Kösters
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -129,7 +129,7 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
        auth_error: None,
    };

-    if !body.from_appservice {
+    if !body.from_appservice && !is_guest {
        if let Some(auth) = &body.auth {
            let (worked, uiaainfo) = services().uiaa.try_auth(
                &UserId::parse_with_server_name("", services().globals.server_name())

--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@@ -396,11 +396,10 @@ pub async fn get_member_events_route(
 ) -> Result<get_member_events::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    // TODO: check history visibility?
    if !services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
    {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
@@ -434,12 +433,12 @@ pub async fn joined_members_route(

    if !services()
        .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
    {
        return Err(Error::BadRequest(
            ErrorKind::Forbidden,
-            "You aren't a member of the room.",
+            "You don't have permission to view this room.",
        ));
    }


--- a/src/api/client_server/state.rs
+++ b/src/api/client_server/state.rs
@@ -81,7 +81,7 @@ pub async fn get_state_events_route(
 ) -> Result<get_state_events::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    if services()
+    if !services()
        .rooms
        .state_accessor
        .user_can_see_state_events(&sender_user, &body.room_id)?
@@ -114,7 +114,7 @@ pub async fn get_state_events_for_key_route(
 ) -> Result<get_state_events_for_key::v3::Response> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    if services()
+    if !services()
        .rooms
        .state_accessor
        .user_can_see_state_events(&sender_user, &body.room_id)?
@@ -150,7 +150,7 @@ pub async fn get_state_events_for_empty_key_route(
 ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
    let sender_user = body.sender_user.as_ref().expect("user is authenticated");

-    if services()
+    if !services()
        .rooms
        .state_accessor
        .user_can_see_state_events(&sender_user, &body.room_id)?