def check_can_change_room_list(self, room_id, user): """Check if the user is allowed to edit the room's entry in the published room list. Args: room_id (str) user (UserID) """ is_admin = yield self.is_server_admin(user) if is_admin: defer.returnValue(True) user_id = user.to_string() yield self.check_joined_room(room_id, user_id) # We currently require the user is a "moderator" in the room. We do this # by checking if they would (theoretically) be able to change the # m.room.aliases events power_level_event = yield self.state.get_current_state( room_id, EventTypes.PowerLevels, "") auth_events = {} if power_level_event: auth_events[(EventTypes.PowerLevels, "")] = power_level_event send_level = event_auth.get_send_level(EventTypes.Aliases, "", auth_events) user_level = event_auth.get_user_power_level(user_id, auth_events) if user_level < send_level: raise AuthError( 403, "This server requires you to be a moderator in the room to" " edit its room list entry")
async def check_can_change_room_list(self, room_id: str, user: UserID) -> bool: """Determine whether the user is allowed to edit the room's entry in the published room list. Args: room_id user """ is_admin = await self.is_server_admin(user) if is_admin: return True user_id = user.to_string() await self.check_user_in_room(room_id, user_id) # We currently require the user is a "moderator" in the room. We do this # by checking if they would (theoretically) be able to change the # m.room.canonical_alias events power_level_event = await self.state.get_current_state( room_id, EventTypes.PowerLevels, "") auth_events = {} if power_level_event: auth_events[(EventTypes.PowerLevels, "")] = power_level_event send_level = event_auth.get_send_level(EventTypes.CanonicalAlias, "", power_level_event) user_level = event_auth.get_user_power_level(user_id, auth_events) return user_level >= send_level
async def _get_power_levels_and_sender_level( self, event: EventBase, context: EventContext) -> Tuple[dict, int]: prev_state_ids = await context.get_prev_state_ids() pl_event_id = prev_state_ids.get(POWER_KEY) if pl_event_id: # fastpath: if there's a power level event, that's all we need, and # not having a power level event is an extreme edge case auth_events = {POWER_KEY: await self.store.get_event(pl_event_id)} else: auth_events_ids = self._event_auth_handler.compute_auth_events( event, prev_state_ids, for_verification=False) auth_events_dict = await self.store.get_events(auth_events_ids) auth_events = {(e.type, e.state_key): e for e in auth_events_dict.values()} sender_level = get_user_power_level(event.sender, auth_events) pl_event = auth_events.get(POWER_KEY) return pl_event.content if pl_event else {}, sender_level
def _get_power_levels_and_sender_level(self, event, context): prev_state_ids = yield context.get_prev_state_ids() pl_event_id = prev_state_ids.get(POWER_KEY) if pl_event_id: # fastpath: if there's a power level event, that's all we need, and # not having a power level event is an extreme edge case pl_event = yield self.store.get_event(pl_event_id) auth_events = {POWER_KEY: pl_event} else: auth_events_ids = yield self.auth.compute_auth_events( event, prev_state_ids, for_verification=False ) auth_events = yield self.store.get_events(auth_events_ids) auth_events = {(e.type, e.state_key): e for e in auth_events.values()} sender_level = get_user_power_level(event.sender, auth_events) pl_event = auth_events.get(POWER_KEY) return pl_event.content if pl_event else {}, sender_level
def _get_power_levels_and_sender_level(self, event, context): pl_event_id = context.prev_state_ids.get(POWER_KEY) if pl_event_id: # fastpath: if there's a power level event, that's all we need, and # not having a power level event is an extreme edge case pl_event = yield self.store.get_event(pl_event_id) auth_events = {POWER_KEY: pl_event} else: auth_events_ids = yield self.auth.compute_auth_events( event, context.prev_state_ids, for_verification=False, ) auth_events = yield self.store.get_events(auth_events_ids) auth_events = { (e.type, e.state_key): e for e in auth_events.itervalues() } sender_level = get_user_power_level(event.sender, auth_events) pl_event = auth_events.get(POWER_KEY) defer.returnValue((pl_event.content if pl_event else {}, sender_level))
def check_can_change_room_list(self, room_id, user): """Check if the user is allowed to edit the room's entry in the published room list. Args: room_id (str) user (UserID) """ is_admin = yield self.is_server_admin(user) if is_admin: defer.returnValue(True) user_id = user.to_string() yield self.check_joined_room(room_id, user_id) # We currently require the user is a "moderator" in the room. We do this # by checking if they would (theoretically) be able to change the # m.room.aliases events power_level_event = yield self.state.get_current_state( room_id, EventTypes.PowerLevels, "" ) auth_events = {} if power_level_event: auth_events[(EventTypes.PowerLevels, "")] = power_level_event send_level = event_auth.get_send_level( EventTypes.Aliases, "", power_level_event, ) user_level = event_auth.get_user_power_level(user_id, auth_events) if user_level < send_level: raise AuthError( 403, "This server requires you to be a moderator in the room to" " edit its room list entry" )
async def on_GET(self, request: SynapseRequest, room_id: str, event_id: str) -> Tuple[int, JsonDict]: requester = await self.auth.get_user_by_req(request, allow_guest=True) include_unredacted_content = self.msc2815_enabled and (parse_string( request, "fi.mau.msc2815.include_unredacted_content", allowed_values=("true", "false"), ) == "true") if include_unredacted_content and not await self.auth.is_server_admin( requester.user): power_level_event = ( await self._storage_controllers.state.get_current_state_event( room_id, EventTypes.PowerLevels, "")) auth_events = {} if power_level_event: auth_events[(EventTypes.PowerLevels, "")] = power_level_event redact_level = event_auth.get_named_level(auth_events, "redact", 50) user_level = event_auth.get_user_power_level( requester.user.to_string(), auth_events) if user_level < redact_level: raise SynapseError( 403, "You don't have permission to view redacted events in this room.", errcode=Codes.FORBIDDEN, ) try: event = await self.event_handler.get_event( requester.user, room_id, event_id, show_redacted=include_unredacted_content, ) except AuthError: # This endpoint is supposed to return a 404 when the requester does # not have permission to access the event # https://matrix.org/docs/spec/client_server/r0.5.0#get-matrix-client-r0-rooms-roomid-event-eventid raise SynapseError(404, "Event not found.", errcode=Codes.NOT_FOUND) if event: if include_unredacted_content and await self._store.have_censored_event( event_id): raise UnredactedContentDeletedError(self.content_keep_ms) # Ensure there are bundled aggregations available. aggregations = await self._relations_handler.get_bundled_aggregations( [event], requester.user.to_string()) time_now = self.clock.time_msec() # per MSC2676, /rooms/{roomId}/event/{eventId}, should return the # *original* event, rather than the edited version event_dict = self._event_serializer.serialize_event( event, time_now, bundle_aggregations=aggregations, apply_edits=False) return 200, event_dict raise SynapseError(404, "Event not found.", errcode=Codes.NOT_FOUND)