Filter events to only thsoe that the user is allowed to see

This commit is contained in:
Erik Johnston 2015-10-12 15:52:55 +01:00
parent f6fde343a1
commit ca53ad7425
2 changed files with 17 additions and 13 deletions

View File

@ -74,7 +74,7 @@ class SearchHandler(BaseHandler):
super(SearchHandler, self).__init__(hs) super(SearchHandler, self).__init__(hs)
@defer.inlineCallbacks @defer.inlineCallbacks
def _filter_events_for_client(self, user_id, room_id, events): def _filter_events_for_client(self, user_id, events):
event_id_to_state = yield self.store.get_state_for_events( event_id_to_state = yield self.store.get_state_for_events(
frozenset(e.event_id for e in events), frozenset(e.event_id for e in events),
types=( types=(
@ -139,16 +139,20 @@ class SearchHandler(BaseHandler):
# TODO(paul): work out why because I really don't think it should # TODO(paul): work out why because I really don't think it should
room_ids = set(r.room_id for r in rooms) room_ids = set(r.room_id for r in rooms)
res = yield self.store.search_msgs(room_ids, constraints) rank_map, event_map = yield self.store.search_msgs(room_ids, constraints)
allowed_events = yield self._filter_events_for_client(
user.to_string(), event_map.values()
)
time_now = self.clock.time_msec() time_now = self.clock.time_msec()
results = { results = {
r["result"].event_id: { e.event_id: {
"rank": r["rank"], "rank": rank_map[e.event_id],
"result": serialize_event(r["result"], time_now) "result": serialize_event(e, time_now)
} }
for r in res for e in allowed_events
} }
logger.info("returning: %r", results) logger.info("returning: %r", results)

View File

@ -70,11 +70,11 @@ class SearchStore(SQLBaseStore):
for ev in events for ev in events
} }
defer.returnValue([ defer.returnValue((
{ {
"rank": r["rank"], r["event_id"]: r["rank"]
"result": event_map[r["event_id"]] for r in results
} if r["event_id"] in event_map
for r in results },
if r["event_id"] in event_map event_map
]) ))