Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check if user is in room before being able to tag it #17839

Merged
merged 19 commits into from
Oct 30, 2024
Merged

Check if user is in room before being able to tag it #17839

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
9cdf5e2
create a function in room_member handler to check if a user is a memb…
lamoboos223 Oct 17, 2024
6e1d05f
added changelog
lamoboos223 Oct 17, 2024
a1bfcce
fixed changelog typo
lamoboos223 Oct 17, 2024
bbbe344
Update synapse/rest/client/tags.py
lamoboos223 Oct 24, 2024
f13dc0e
Update changelog.d/17839.bugfix
lamoboos223 Oct 24, 2024
cbf476d
reuse function get_local_current_membership_for_user_in_room instead …
lamoboos223 Oct 24, 2024
56a1e72
Update synapse/handlers/room_member.py
lamoboos223 Oct 25, 2024
c83c70f
Update synapse/handlers/room_member.py
lamoboos223 Oct 25, 2024
bcb026e
Update synapse/handlers/room_member.py
lamoboos223 Oct 25, 2024
58ca73c
rename check_user_membership to meaningful name
lamoboos223 Oct 25, 2024
61b0ace
added test cases for tags api
lamoboos223 Oct 27, 2024
b9190e9
removed unused instances
lamoboos223 Oct 27, 2024
b945409
Update tests/rest/client/test_tags.py
lamoboos223 Oct 29, 2024
4b01b38
refactoring test_tags.py
lamoboos223 Oct 29, 2024
fb08669
Update tests/rest/client/test_tags.py
lamoboos223 Oct 29, 2024
38ee114
removed unnecessary docstring
lamoboos223 Oct 30, 2024
abad0db
Merge branch 'develop' into develop
MadLittleMods Oct 30, 2024
bff600f
Add test for room that exists but no membership
MadLittleMods Oct 30, 2024
8f65022
Merge branch 'develop' into develop
MadLittleMods Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/17839.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Check if user has membership in a room before tagging it. Contributed by Lama Alosaimi.
lamoboos223 marked this conversation as resolved.
Show resolved Hide resolved
7 changes: 7 additions & 0 deletions synapse/handlers/room_member.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1190,6 +1190,13 @@
origin_server_ts=origin_server_ts,
)

async def check_user_membership(self, user_id: str, room_id: str) -> None:
lamoboos223 marked this conversation as resolved.
Show resolved Hide resolved
result: Optional[Tuple[Optional[str], Optional[str]]] = await self.store.get_local_current_membership_for_user_in_room(user_id=user_id, room_id=room_id)
lamoboos223 marked this conversation as resolved.
Show resolved Hide resolved

Check failure on line 1195 in synapse/handlers/room_member.py

View workflow job for this annotation

GitHub Actions / lint

Ruff (W293) 

synapse/handlers/room_member.py:1195:1: W293 Blank line contains whitespace
if result is None:
lamoboos223 marked this conversation as resolved.
Show resolved Hide resolved
raise AuthError(403, f"You are not a member of the room {room_id}")
lamoboos223 marked this conversation as resolved.
Show resolved Hide resolved


async def _should_perform_remote_join(
self,
user_id: str,
Expand Down
5 changes: 5 additions & 0 deletions synapse/rest/client/tags.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,18 @@ def __init__(self, hs: "HomeServer"):
super().__init__()
self.auth = hs.get_auth()
self.handler = hs.get_account_data_handler()
self.room_member_handler = hs.get_room_member_handler()

async def on_PUT(
self, request: SynapseRequest, user_id: str, room_id: str, tag: str
) -> Tuple[int, JsonDict]:
requester = await self.auth.get_user_by_req(request)
if user_id != requester.user.to_string():
raise AuthError(403, "Cannot add tags for other users.")
# Check if the user has any membership in the room and raise error if not.
# Although it's not harmful for users to tag random rooms, it's just superfluous
# data we don't need to track or allow.
await self.room_member_handler.check_user_membership(user_id=user_id, room_id=room_id)

body = parse_json_object_from_request(request)

Expand Down
Loading