Skip to content
Snippets Groups Projects
Commit ab822947 authored by Erik Johnston's avatar Erik Johnston
Browse files

Respect ban membership

parent d5174065
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 17 additions and 5 deletions
synapse/api/auth.py
+ 17
5
View file @ ab822947
...@@ -166,6 +166,7 @@ class Auth(object): ...@@ -166,6 +166,7 @@ class Auth(object):
target = auth_events.get(key) target = auth_events.get(key)
target_in_room = target and target.membership == Membership.JOIN target_in_room = target and target.membership == Membership.JOIN
target_banned = target and target.membership == Membership.BAN
key = (EventTypes.JoinRules, "", ) key = (EventTypes.JoinRules, "", )
join_rule_event = auth_events.get(key) join_rule_event = auth_events.get(key)
...@@ -194,6 +195,7 @@ class Auth(object): ...@@ -194,6 +195,7 @@ class Auth(object):
{ {
"caller_in_room": caller_in_room, "caller_in_room": caller_in_room,
"caller_invited": caller_invited, "caller_invited": caller_invited,
"target_banned": target_banned,
"target_in_room": target_in_room, "target_in_room": target_in_room,
"membership": membership, "membership": membership,
"join_rule": join_rule, "join_rule": join_rule,
...@@ -202,6 +204,11 @@ class Auth(object): ...@@ -202,6 +204,11 @@ class Auth(object):
} }
) )
if ban_level:
ban_level = int(ban_level)
else:
ban_level = 50 # FIXME (erikj): What should we do here?
if Membership.INVITE == membership: if Membership.INVITE == membership:
# TODO (erikj): We should probably handle this more intelligently # TODO (erikj): We should probably handle this more intelligently
# PRIVATE join rules. # PRIVATE join rules.
...@@ -212,6 +219,10 @@ class Auth(object): ...@@ -212,6 +219,10 @@ class Auth(object):
403, 403,
"%s not in room %s." % (event.user_id, event.room_id,) "%s not in room %s." % (event.user_id, event.room_id,)
) )
elif target_banned:
raise AuthError(
403, "%s is banned from the room" % (target_user_id,)
)
elif target_in_room: # the target is already in the room. elif target_in_room: # the target is already in the room.
raise AuthError(403, "%s is already in the room." % raise AuthError(403, "%s is already in the room." %
target_user_id) target_user_id)
...@@ -221,6 +232,8 @@ class Auth(object): ...@@ -221,6 +232,8 @@ class Auth(object):
# joined: It's a NOOP # joined: It's a NOOP
if event.user_id != target_user_id: if event.user_id != target_user_id:
raise AuthError(403, "Cannot force another user to join.") raise AuthError(403, "Cannot force another user to join.")
elif target_banned:
raise AuthError(403, "You are banned from this room")
elif join_rule == JoinRules.PUBLIC: elif join_rule == JoinRules.PUBLIC:
pass pass
elif join_rule == JoinRules.INVITE: elif join_rule == JoinRules.INVITE:
...@@ -238,6 +251,10 @@ class Auth(object): ...@@ -238,6 +251,10 @@ class Auth(object):
403, 403,
"%s not in room %s." % (target_user_id, event.room_id,) "%s not in room %s." % (target_user_id, event.room_id,)
) )
elif target_banned and user_level < ban_level:
raise AuthError(
403, "You cannot unban user &s." % (target_user_id,)
)
elif target_user_id != event.user_id: elif target_user_id != event.user_id:
if kick_level: if kick_level:
kick_level = int(kick_level) kick_level = int(kick_level)
...@@ -249,11 +266,6 @@ class Auth(object): ...@@ -249,11 +266,6 @@ class Auth(object):
403, "You cannot kick user %s." % target_user_id 403, "You cannot kick user %s." % target_user_id
) )
elif Membership.BAN == membership: elif Membership.BAN == membership:
if ban_level:
ban_level = int(ban_level)
else:
ban_level = 50 # FIXME (erikj): What should we do here?
if user_level < ban_level: if user_level < ban_level:
raise AuthError(403, "You don't have permission to ban") raise AuthError(403, "You don't have permission to ban")
else: else:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment