mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Merge pull request #3474 from matrix-org/erikj/py3_auth
Fix up auth check
This commit is contained in:
commit
40252d13d1
0
changelog.d/3474.misc
Normal file
0
changelog.d/3474.misc
Normal file
@ -76,6 +76,7 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
|
||||
return
|
||||
|
||||
if event.type == EventTypes.Create:
|
||||
sender_domain = get_domain_from_id(event.sender)
|
||||
room_id_domain = get_domain_from_id(event.room_id)
|
||||
if room_id_domain != sender_domain:
|
||||
raise AuthError(
|
||||
@ -524,7 +525,11 @@ def _check_power_levels(event, auth_events):
|
||||
"to your own"
|
||||
)
|
||||
|
||||
if old_level > user_level or new_level > user_level:
|
||||
# Check if the old and new levels are greater than the user level
|
||||
# (if defined)
|
||||
old_level_too_big = old_level is not None and old_level > user_level
|
||||
new_level_too_big = new_level is not None and new_level > user_level
|
||||
if old_level_too_big or new_level_too_big:
|
||||
raise AuthError(
|
||||
403,
|
||||
"You don't have permission to add ops level greater "
|
||||
|
Loading…
Reference in New Issue
Block a user