Merge pull request #614 from matrix-org/erikj/alias_delete

Allow alias creators to delete aliases
2025-05-02 18:14:49 -04:00 · 2016-03-04 09:02:33 +00:00 · 2016-03-04 09:02:33 +00:00 · dd463e246d
commit dd463e246d
parent fa6d6bbceb f9af8962f8
4 changed files with 51 additions and 10 deletions
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@ -17,9 +17,9 @@
 from twisted.internet import defer
 from ._base import BaseHandler

-from synapse.api.errors import SynapseError, Codes, CodeMessageException
+from synapse.api.errors import SynapseError, Codes, CodeMessageException, AuthError
 from synapse.api.constants import EventTypes
-from synapse.types import RoomAlias
+from synapse.types import RoomAlias, UserID

 import logging
 import string
@ -38,7 +38,7 @@ class DirectoryHandler(BaseHandler):
        )

    @defer.inlineCallbacks
-    def _create_association(self, room_alias, room_id, servers=None):
+    def _create_association(self, room_alias, room_id, servers=None, creator=None):
        # general association creation for both human users and app services

        for wchar in string.whitespace:
@ -60,7 +60,8 @@ class DirectoryHandler(BaseHandler):
        yield self.store.create_room_alias_association(
            room_alias,
            room_id,
-            servers
+            servers,
+            creator=creator,
        )

    @defer.inlineCallbacks
@ -77,7 +78,7 @@ class DirectoryHandler(BaseHandler):
                400, "This alias is reserved by an application service.",
                errcode=Codes.EXCLUSIVE
            )
-        yield self._create_association(room_alias, room_id, servers)
+        yield self._create_association(room_alias, room_id, servers, creator=user_id)

    @defer.inlineCallbacks
    def create_appservice_association(self, service, room_alias, room_id,
@ -95,7 +96,11 @@ class DirectoryHandler(BaseHandler):
    def delete_association(self, user_id, room_alias):
        # association deletion for human users

-        # TODO Check if server admin
+        can_delete = yield self._user_can_delete_alias(room_alias, user_id)
+        if not can_delete:
+            raise AuthError(
+                403, "You don't have permission to delete the alias.",
+            )

        can_delete = yield self.can_modify_alias(
            room_alias,
@ -261,3 +266,13 @@ class DirectoryHandler(BaseHandler):
                return
        # either no interested services, or no service with an exclusive lock
        defer.returnValue(True)
+
+    @defer.inlineCallbacks
+    def _user_can_delete_alias(self, alias, user_id):
+        creator = yield self.store.get_room_alias_creator(alias.to_string())
+
+        if creator and creator == user_id:
+            defer.returnValue(True)
+
+        is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))
+        defer.returnValue(is_admin)