OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Only allow people in a room to look up room state.

pull/14/head
Erik Johnston 2014-11-11 17:55:32 +00:00
parent 997ed151db
commit 37900a92db
2 changed files with 12 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
synapse/handlers/message.py
View File

@ -147,49 +147,19 @@ class MessageHandler(BaseHandler):
@defer.inlineCallbacks @defer.inlineCallbacks
def get_room_data(self, user_id=None, room_id=None, def get_room_data(self, user_id=None, room_id=None,
event_type=None, state_key="", event_type=None, state_key=""):
public_room_rules=[],
private_room_rules=["join"]):
""" Get data from a room. """ Get data from a room.
Args: Args:
event : The room path event event : The room path event
public_room_rules : A list of membership states the user can be in,
in order to read this data IN A PUBLIC ROOM. An empty list means
'any state'.
private_room_rules : A list of membership states the user can be
in, in order to read this data IN A PRIVATE ROOM. An empty list
means 'any state'.
Returns: Returns:
The path data content. The path data content.
Raises: Raises:
SynapseError if something went wrong. SynapseError if something went wrong.
""" """
if event_type == RoomTopicEvent.TYPE: have_joined = yield self.auth.check_joined_room(room_id, user_id)
# anyone invited/joined can read the topic if not have_joined:
private_room_rules = ["invite", "join"] raise RoomError(403, "User not in room.")
# does this room exist
room = yield self.store.get_room(room_id)
if not room:
raise RoomError(403, "Room does not exist.")
# does this user exist in this room
member = yield self.store.get_room_member(
room_id=room_id,
user_id="" if not user_id else user_id)
member_state = member.membership if member else None
if room.is_public and public_room_rules:
# make sure the user meets public room rules
if member_state not in public_room_rules:
raise RoomError(403, "Member does not meet public room rules.")
elif not room.is_public and private_room_rules:
# make sure the user meets private room rules
if member_state not in private_room_rules:
raise RoomError(
403, "Member does not meet private room rules.")
data = yield self.state_handler.get_current_state( data = yield self.state_handler.get_current_state(
room_id, event_type, state_key room_id, event_type, state_key

16
tests/rest/test_rooms.py
View File

@ -230,9 +230,9 @@ class RoomPermissionsTestCase(RestTestCase):
"PUT", topic_path, topic_content) "PUT", topic_path, topic_content)
self.assertEquals(403, code, msg=str(response)) self.assertEquals(403, code, msg=str(response))
# get topic in created PRIVATE room and invited, expect 200 (or 404) # get topic in created PRIVATE room and invited, expect 403
(code, response) = yield self.mock_resource.trigger_get(topic_path) (code, response) = yield self.mock_resource.trigger_get(topic_path)
self.assertEquals(404, code, msg=str(response)) self.assertEquals(403, code, msg=str(response))
# set/get topic in created PRIVATE room and joined, expect 200 # set/get topic in created PRIVATE room and joined, expect 200
yield self.join(room=self.created_rmid, user=self.user_id) yield self.join(room=self.created_rmid, user=self.user_id)
@ -256,10 +256,10 @@ class RoomPermissionsTestCase(RestTestCase):
(code, response) = yield self.mock_resource.trigger_get(topic_path) (code, response) = yield self.mock_resource.trigger_get(topic_path)
self.assertEquals(403, code, msg=str(response)) self.assertEquals(403, code, msg=str(response))
# get topic in PUBLIC room, not joined, expect 200 (or 404) # get topic in PUBLIC room, not joined, expect 403
(code, response) = yield self.mock_resource.trigger_get( (code, response) = yield self.mock_resource.trigger_get(
"/rooms/%s/state/m.room.topic" % self.created_public_rmid) "/rooms/%s/state/m.room.topic" % self.created_public_rmid)
self.assertEquals(200, code, msg=str(response)) self.assertEquals(403, code, msg=str(response))
# set topic in PUBLIC room, not joined, expect 403 # set topic in PUBLIC room, not joined, expect 403
(code, response) = yield self.mock_resource.trigger( (code, response) = yield self.mock_resource.trigger(
@ -326,12 +326,12 @@ class RoomPermissionsTestCase(RestTestCase):
def test_membership_public_room_perms(self): def test_membership_public_room_perms(self):
room = self.created_public_rmid room = self.created_public_rmid
# get membership of self, get membership of other, public room + invite # get membership of self, get membership of other, public room + invite
# expect all 200s - public rooms, you can see who is in them. # expect 403
yield self.invite(room=room, src=self.rmcreator_id, yield self.invite(room=room, src=self.rmcreator_id,
targ=self.user_id) targ=self.user_id)
yield self._test_get_membership( yield self._test_get_membership(
members=[self.user_id, self.rmcreator_id], members=[self.user_id, self.rmcreator_id],
room=room, expect_code=200) room=room, expect_code=403)
# get membership of self, get membership of other, public room + joined # get membership of self, get membership of other, public room + joined
# expect all 200s # expect all 200s
@ -341,11 +341,11 @@ class RoomPermissionsTestCase(RestTestCase):
room=room, expect_code=200) room=room, expect_code=200)
# get membership of self, get membership of other, public room + left # get membership of self, get membership of other, public room + left
# expect all 200s - public rooms, you can always see who is in them. # expect 403.
yield self.leave(room=room, user=self.user_id) yield self.leave(room=room, user=self.user_id)
yield self._test_get_membership( yield self._test_get_membership(
members=[self.user_id, self.rmcreator_id], members=[self.user_id, self.rmcreator_id],
room=room, expect_code=200) room=room, expect_code=403)
@defer.inlineCallbacks @defer.inlineCallbacks
def test_invited_permissions(self): def test_invited_permissions(self):