Fix auth to correctly handle initial creation of rooms

2025-05-02 22:14:55 -04:00 · 2014-11-18 15:36:36 +00:00 · 2014-11-18 15:36:36 +00:00 · 95614e5220
commit 95614e5220
parent ae9c2ab165
2 changed files with 58 additions and 27 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -21,7 +21,7 @@ from synapse.api.constants import Membership, JoinRules
 from synapse.api.errors import AuthError, StoreError, Codes, SynapseError
 from synapse.api.events.room import (
    RoomMemberEvent, RoomPowerLevelsEvent, RoomRedactionEvent,
-    RoomJoinRulesEvent, RoomCreateEvent,
+    RoomJoinRulesEvent, RoomCreateEvent, RoomAliasesEvent,
 )
 from synapse.util.logutils import log_function
 from syutil.base64util import encode_base64
@ -63,6 +63,10 @@ class Auth(object):
                    # FIXME
                    return True

+                # FIXME: Temp hack
+                if event.type == RoomAliasesEvent.TYPE:
+                    return True
+
                if event.type == RoomMemberEvent.TYPE:
                    allowed = self.is_membership_change_allowed(event)
                    if allowed:
@ -144,6 +148,17 @@ class Auth(object):

    @log_function
    def is_membership_change_allowed(self, event):
+        membership = event.content["membership"]
+
+        # Check if this is the room creator joining:
+        if len(event.prev_events) == 1 and Membership.JOIN == membership:
+            # Get room creation event:
+            key = (RoomCreateEvent.TYPE, "", )
+            create = event.old_state_events.get(key)
+            if event.prev_events[0][0] == create.event_id:
+                if create.content["creator"] == event.state_key:
+                    return True
+
        target_user_id = event.state_key

        # get info about the caller
@ -159,8 +174,6 @@ class Auth(object):

        target_in_room = target and target.membership == Membership.JOIN

-        membership = event.content["membership"]
-
        key = (RoomJoinRulesEvent.TYPE, "", )
        join_rule_event = event.old_state_events.get(key)
        if join_rule_event:
@ -255,6 +268,11 @@ class Auth(object):
            level = power_level_event.content.get("users", {}).get(user_id)
            if not level:
                level = power_level_event.content.get("users_default", 0)
+        else:
+            key = (RoomCreateEvent.TYPE, "", )
+            create_event = event.old_state_events.get(key)
+            if create_event.content["creator"] == user_id:
+                return 100

        return level