magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow non-joined users to get aliases of world_readable rooms

Browse source 
`user_can_see_state_events` checks if user is joined,
or if room visibility is world_readable

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-03-24 20:35:21 -04:00 committed by June
parent 380b61184d
commit 0863bec098
3 changed files with 14 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/api/client_server/directory.rs
View file

@ -228,8 +228,13 @@ pub(crate) async fn get_public_rooms_filtered_helper(
.map(|c: RoomHistoryVisibilityEventContent| { .map(|c: RoomHistoryVisibilityEventContent| {
c.history_visibility == HistoryVisibility::WorldReadable c.history_visibility == HistoryVisibility::WorldReadable
}) })
.map_err(|_| Error::bad_database("Invalid room history visibility event in database.")) .map_err(|e| {
})?, error!(
"Invalid room history visibility event in database for room {}: {e}",
&room_id
);
Error::bad_database("Invalid room history visibility event in database.")
})})?,
guest_can_join: services() guest_can_join: services()
.rooms .rooms
.state_accessor .state_accessor

6
src/api/client_server/room.rs
View file

@ -563,12 +563,12 @@ pub async fn get_room_event_route(body: Ruma<get_room_event::v3::Request>) -> Re
/// ///
/// Lists all aliases of the room. /// Lists all aliases of the room.
/// ///
/// - Only users joined to the room are allowed to call this TODO: Allow any /// - Only users joined to the room are allowed to call this, or if
/// user to call it if `history_visibility` is world readable /// `history_visibility` is world readable in the room
pub async fn get_room_aliases_route(body: Ruma<aliases::v3::Request>) -> Result<aliases::v3::Response> { pub async fn get_room_aliases_route(body: Ruma<aliases::v3::Request>) -> Result<aliases::v3::Response> {
let sender_user = body.sender_user.as_ref().expect("user is authenticated"); let sender_user = body.sender_user.as_ref().expect("user is authenticated");
if !services().rooms.state_cache.is_joined(sender_user, &body.room_id)? { if !services().rooms.state_accessor.user_can_see_state_events(sender_user, &body.room_id)? {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::Forbidden, ErrorKind::Forbidden,
"You don't have permission to view this room.", "You don't have permission to view this room.",

5
src/service/rooms/state_accessor/mod.rs
View file

@ -194,7 +194,10 @@ impl Service {
|s| { |s| {
serde_json::from_str(s.content.get()) serde_json::from_str(s.content.get())
.map(|c: RoomHistoryVisibilityEventContent| c.history_visibility) .map(|c: RoomHistoryVisibilityEventContent| c.history_visibility)
.map_err(|_| Error::bad_database("Invalid history visibility event in database.")) .map_err(|e| {
error!("Invalid history visibility event in database for room {}: {e}", &room_id);
Error::bad_database("Invalid history visibility event in database.")
})
}, },
)?; )?;