synapse.api.auth.Auth cleanup: make permission-related methods use Requester instead of the UserID (#13024)

Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
2025-05-05 14:34:56 -04:00 · 2022-08-22 15:17:59 +02:00 · 2022-08-22 15:17:59 +02:00 · 3dd175b628
commit 3dd175b628
parent 94375f7a91
26 changed files with 202 additions and 207 deletions
--- a/synapse/rest/admin/media.py
+++ b/synapse/rest/admin/media.py
@ -54,7 +54,7 @@ class QuarantineMediaInRoom(RestServlet):
        self, request: SynapseRequest, room_id: str
    ) -> Tuple[int, JsonDict]:
        requester = await self.auth.get_user_by_req(request)
-        await assert_user_is_admin(self.auth, requester.user)
+        await assert_user_is_admin(self.auth, requester)

        logging.info("Quarantining room: %s", room_id)

@ -81,7 +81,7 @@ class QuarantineMediaByUser(RestServlet):
        self, request: SynapseRequest, user_id: str
    ) -> Tuple[int, JsonDict]:
        requester = await self.auth.get_user_by_req(request)
-        await assert_user_is_admin(self.auth, requester.user)
+        await assert_user_is_admin(self.auth, requester)

        logging.info("Quarantining media by user: %s", user_id)

@ -110,7 +110,7 @@ class QuarantineMediaByID(RestServlet):
        self, request: SynapseRequest, server_name: str, media_id: str
    ) -> Tuple[int, JsonDict]:
        requester = await self.auth.get_user_by_req(request)
-        await assert_user_is_admin(self.auth, requester.user)
+        await assert_user_is_admin(self.auth, requester)

        logging.info("Quarantining media by ID: %s/%s", server_name, media_id)