Merge pull request #2475 from matrix-org/erikj/joined_members_auth

Fix bug where /joined_members didn't check user was in room
This commit is contained in:
Erik Johnston 2017-09-27 16:42:23 +01:00 committed by GitHub
commit 3a743f649c
2 changed files with 38 additions and 10 deletions

View File

@ -419,6 +419,37 @@ class MessageHandler(BaseHandler):
[serialize_event(c, now) for c in room_state.values()] [serialize_event(c, now) for c in room_state.values()]
) )
@defer.inlineCallbacks
def get_joined_members(self, user_id, room_id):
"""Get all the joined members in the room and their profile information.
If the user has left the room return the state events from when they left.
Args:
user_id(str): The user requesting state events.
room_id(str): The room ID to get all state events from.
Returns:
A dict of user_id to profile info
"""
membership, membership_event_id = yield self._check_in_room_or_world_readable(
room_id, user_id
)
if membership == Membership.JOIN:
users_with_profile = yield self.state.get_current_user_in_room(room_id)
else:
raise NotImplementedError(
"Getting joined members after leaving is not implemented"
)
defer.returnValue({
user_id: {
"avatar_url": profile.avatar_url,
"display_name": profile.display_name,
}
for user_id, profile in users_with_profile.iteritems()
})
@measure_func("_create_new_client_event") @measure_func("_create_new_client_event")
@defer.inlineCallbacks @defer.inlineCallbacks
def _create_new_client_event(self, builder, requester=None, prev_event_ids=None): def _create_new_client_event(self, builder, requester=None, prev_event_ids=None):

View File

@ -398,22 +398,19 @@ class JoinedRoomMemberListRestServlet(ClientV1RestServlet):
def __init__(self, hs): def __init__(self, hs):
super(JoinedRoomMemberListRestServlet, self).__init__(hs) super(JoinedRoomMemberListRestServlet, self).__init__(hs)
self.state = hs.get_state_handler() self.message_handler = hs.get_handlers().message_handler
@defer.inlineCallbacks @defer.inlineCallbacks
def on_GET(self, request, room_id): def on_GET(self, request, room_id):
yield self.auth.get_user_by_req(request) requester = yield self.auth.get_user_by_req(request)
user_id = requester.user.to_string()
users_with_profile = yield self.state.get_current_user_in_room(room_id) users_with_profile = yield self.message_handler.get_joined_members(
user_id, room_id,
)
defer.returnValue((200, { defer.returnValue((200, {
"joined": { "joined": users_with_profile,
user_id: {
"avatar_url": profile.avatar_url,
"display_name": profile.display_name,
}
for user_id, profile in users_with_profile.iteritems()
}
})) }))