mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/element-hq/dendrite.git synced 2025-09-16 14:12:24 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Room version 12 (#3623)
Some checks are pending
Dendrite / Sytest (SQLite Cgo) (push) Blocked by required conditions
Details
Dendrite / WASM build test (push) Waiting to run
Details
Dendrite / Linting (push) Waiting to run
Details
Dendrite / Unit tests (push) Waiting to run
Details
Dendrite / Build for Linux (push) Waiting to run
Details
Dendrite / Build for Windows (push) Waiting to run
Details
Dendrite / Initial tests passed (push) Blocked by required conditions
Details
Dendrite / Integration tests (push) Blocked by required conditions
Details
Dendrite / Upgrade tests (push) Blocked by required conditions
Details
Dendrite / Upgrade tests from HEAD-2 (push) Blocked by required conditions
Details
Dendrite / Sytest (PostgreSQL) (push) Blocked by required conditions
Details
Dendrite / Sytest (SQLite native) (push) Blocked by required conditions
Details
Dendrite / Complement (PostgreSQL) (push) Blocked by required conditions
Details
Dendrite / Complement (SQLite native) (push) Blocked by required conditions
Details
Dendrite / Complement (SQLite Cgo) (push) Blocked by required conditions
Details
Dendrite / Integration tests passed (push) Blocked by required conditions
Details
Dendrite / Update Docker images (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Kegan Dougal 2025-08-11 20:59:47 +01:00 committed by GitHub
parent a408b24d28
commit 4d93d921be
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 530 additions and 208 deletions
Download patch file Download diff file Expand all files Collapse all files

22
clientapi/routing/membership.go
View file

@ -11,6 +11,7 @@ import (
"crypto/ed25519"
"fmt"
"net/http"
"slices"
"time"
appserviceAPI "github.com/element-hq/dendrite/appservice/api"
@ -79,7 +80,8 @@ func SendBan(
if errRes != nil {
return *errRes
}
allowedToBan := pl.UserLevel(*senderID) >= pl.Ban
privileged := isPrivilegedCreator(req.Context(), rsAPI, roomID, *senderID)
allowedToBan := privileged || pl.UserLevel(*senderID) >= pl.Ban
if !allowedToBan {
return util.JSONResponse{
Code: http.StatusForbidden,
@ -118,6 +120,12 @@ func sendMembership(ctx context.Context, profileAPI userapi.ClientUserAPI, devic
false,
); err != nil {
util.GetLogger(ctx).WithError(err).Error("SendEvents failed")
if err.Error() == api.InputWasRejected {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: spec.Forbidden("the event was rejected"),
}
}
return util.JSONResponse{
Code: http.StatusInternalServerError,
JSON: spec.InternalServerError{},
@ -185,7 +193,8 @@ func SendKick(
if errRes != nil {
return *errRes
}
allowedToKick := pl.UserLevel(*senderID) >= pl.Kick || bodyUserID.String() == deviceUserID.String()
privileged := isPrivilegedCreator(req.Context(), rsAPI, roomID, *senderID)
allowedToKick := privileged || pl.UserLevel(*senderID) >= pl.Kick || bodyUserID.String() == deviceUserID.String()
if !allowedToKick {
return util.JSONResponse{
Code: http.StatusForbidden,
@ -680,3 +689,12 @@ func getPowerlevels(req *http.Request, rsAPI roomserverAPI.ClientRoomserverAPI,
}
return pl, nil
}
// Returns true if the room is a room which supports privileged creators and the sender is a creator, else false.
func isPrivilegedCreator(ctx context.Context, rsAPI roomserverAPI.ClientRoomserverAPI, roomID string, senderID spec.SenderID) bool {
createEvent := roomserverAPI.GetStateEvent(ctx, rsAPI, roomID, gomatrixserverlib.StateKeyTuple{
EventType: spec.MRoomCreate,
StateKey: "",
})
return gomatrixserverlib.MustGetRoomVersion(createEvent.Version()).PrivilegedCreators() && slices.Contains(gomatrixserverlib.CreatorsFromCreateEvent(createEvent), string(senderID))
}