From db02021aba223db4ed37972f6c676c8e64ddb49f Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 2 Sep 2014 10:52:49 +0100 Subject: [PATCH] Implement auth for kicking. --- synapse/api/auth.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index abd7d73b0..e9e3279b9 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -163,9 +163,16 @@ class Auth(object): if not caller_in_room: # trying to leave a room you aren't joined raise AuthError(403, "You are not in room %s." % event.room_id) elif target_user_id != event.user_id: - # trying to force another user to leave - raise AuthError(403, "Cannot force %s to leave." % - target_user_id) + user_level = yield self.store.get_power_level( + event.room_id, + event.user_id, + ) + _, kick_level = yield self.store.get_ops_levels(event.room_id) + + if user_level < kick_level: + raise AuthError( + 403, "You cannot kick user %s." % target_user_id + ) elif Membership.BAN == membership: user_level = yield self.store.get_power_level( event.room_id,