fix: history visibility

This commit is contained in:
Timo Kösters 2023-03-07 17:58:55 +01:00
parent 27f29ba699
commit a1bd348977
No known key found for this signature in database
GPG key ID: 0B25E636FBA7E4CB
3 changed files with 9 additions and 10 deletions

View file

@ -129,7 +129,7 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
auth_error: None, auth_error: None,
}; };
if !body.from_appservice { if !body.from_appservice && !is_guest {
if let Some(auth) = &body.auth { if let Some(auth) = &body.auth {
let (worked, uiaainfo) = services().uiaa.try_auth( let (worked, uiaainfo) = services().uiaa.try_auth(
&UserId::parse_with_server_name("", services().globals.server_name()) &UserId::parse_with_server_name("", services().globals.server_name())

View file

@ -396,11 +396,10 @@ pub async fn get_member_events_route(
) -> Result<get_member_events::v3::Response> { ) -> Result<get_member_events::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
// TODO: check history visibility?
if !services() if !services()
.rooms .rooms
.state_cache .state_accessor
.is_joined(sender_user, &body.room_id)? .user_can_see_state_events(&sender_user, &body.room_id)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::Forbidden,
@ -434,12 +433,12 @@ pub async fn joined_members_route(
if !services() if !services()
.rooms .rooms
.state_cache .state_accessor
.is_joined(sender_user, &body.room_id)? .user_can_see_state_events(&sender_user, &body.room_id)?
{ {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::Forbidden,
"You aren't a member of the room.", "You don't have permission to view this room.",
)); ));
} }

View file

@ -81,7 +81,7 @@ pub async fn get_state_events_route(
) -> Result<get_state_events::v3::Response> { ) -> Result<get_state_events::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if services() if !services()
.rooms .rooms
.state_accessor .state_accessor
.user_can_see_state_events(&sender_user, &body.room_id)? .user_can_see_state_events(&sender_user, &body.room_id)?
@ -114,7 +114,7 @@ pub async fn get_state_events_for_key_route(
) -> Result<get_state_events_for_key::v3::Response> { ) -> Result<get_state_events_for_key::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if services() if !services()
.rooms .rooms
.state_accessor .state_accessor
.user_can_see_state_events(&sender_user, &body.room_id)? .user_can_see_state_events(&sender_user, &body.room_id)?
@ -150,7 +150,7 @@ pub async fn get_state_events_for_empty_key_route(
) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> { ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if services() if !services()
.rooms .rooms
.state_accessor .state_accessor
.user_can_see_state_events(&sender_user, &body.room_id)? .user_can_see_state_events(&sender_user, &body.room_id)?