Respect ban membership

2024-07-05 02:41:50 +00:00 · 2015-03-16 00:17:25 +00:00 · 2015-03-16 00:17:25 +00:00 · ab8229479b
commit ab8229479b
parent d5174065af
1 changed files with 17 additions and 5 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -166,6 +166,7 @@ class Auth(object):
        target = auth_events.get(key)

        target_in_room = target and target.membership == Membership.JOIN
+        target_banned = target and target.membership == Membership.BAN

        key = (EventTypes.JoinRules, "", )
        join_rule_event = auth_events.get(key)
@ -194,6 +195,7 @@ class Auth(object):
            {
                "caller_in_room": caller_in_room,
                "caller_invited": caller_invited,
+                "target_banned": target_banned,
                "target_in_room": target_in_room,
                "membership": membership,
                "join_rule": join_rule,
@ -202,6 +204,11 @@ class Auth(object):
            }
        )

+        if ban_level:
+            ban_level = int(ban_level)
+        else:
+            ban_level = 50  # FIXME (erikj): What should we do here?
+
        if Membership.INVITE == membership:
            # TODO (erikj): We should probably handle this more intelligently
            # PRIVATE join rules.
@ -212,6 +219,10 @@ class Auth(object):
                    403,
                    "%s not in room %s." % (event.user_id, event.room_id,)
                )
+            elif target_banned:
+                raise AuthError(
+                    403, "%s is banned from the room" % (target_user_id,)
+                )
            elif target_in_room:  # the target is already in the room.
                raise AuthError(403, "%s is already in the room." %
                                     target_user_id)
@ -221,6 +232,8 @@ class Auth(object):
            # joined: It's a NOOP
            if event.user_id != target_user_id:
                raise AuthError(403, "Cannot force another user to join.")
+            elif target_banned:
+                raise AuthError(403, "You are banned from this room")
            elif join_rule == JoinRules.PUBLIC:
                pass
            elif join_rule == JoinRules.INVITE:
@ -238,6 +251,10 @@ class Auth(object):
                    403,
                    "%s not in room %s." % (target_user_id, event.room_id,)
                )
+            elif target_banned and user_level < ban_level:
+                raise AuthError(
+                    403, "You cannot unban user &s." % (target_user_id,)
+                )
            elif target_user_id != event.user_id:
                if kick_level:
                    kick_level = int(kick_level)
@ -249,11 +266,6 @@ class Auth(object):
                        403, "You cannot kick user %s." % target_user_id
                    )
        elif Membership.BAN == membership:
-            if ban_level:
-                ban_level = int(ban_level)
-            else:
-                ban_level = 50  # FIXME (erikj): What should we do here?
-
            if user_level < ban_level:
                raise AuthError(403, "You don't have permission to ban")
        else: