aboutsummaryrefslogtreecommitdiff
path: root/clientapi
diff options
context:
space:
mode:
authorBtbN <btbn@btbn.de>2023-11-22 13:15:45 +0100
committerGitHub <noreply@github.com>2023-11-22 12:15:45 +0000
commitc4528b2de8c36657039c3d3f541017ee8964c4ac (patch)
tree0a20b1f7cbba823d96f7753f87aa91e80b8112f1 /clientapi
parentf25cce237e14af6041229c8248ded30d37b8cb51 (diff)
Allow users to kick themselves (#3157)
As per the spec: https://spec.matrix.org/v1.7/rooms/v10/#authorization-rules "If membership is leave" -> "If the sender matches state_key, allow if and only if that user’s current membership state is invite, join, or knock." I.e. a user can kick themselves. Bridges use this to make a user leave while giving a reason. Some recent change (likely https://github.com/matrix-org/dendrite/commit/8ea1a11105ea7e66aa459537bcbef0de606147cd but I'm not 100% sure) changed that behaviour, resulting in heisenbridge being unable to make users leave while giving a reason. This works fine on Synapse. Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org> Co-authored-by: kegsay <7190048+kegsay@users.noreply.github.com>
Diffstat (limited to 'clientapi')
-rw-r--r--clientapi/routing/membership.go17
1 files changed, 9 insertions, 8 deletions
diff --git a/clientapi/routing/membership.go b/clientapi/routing/membership.go
index 8b8cc47b..06683c47 100644
--- a/clientapi/routing/membership.go
+++ b/clientapi/routing/membership.go
@@ -181,11 +181,19 @@ func SendKick(
return *errRes
}
+ bodyUserID, err := spec.NewUserID(body.UserID, true)
+ if err != nil {
+ return util.JSONResponse{
+ Code: http.StatusBadRequest,
+ JSON: spec.BadJSON("body userID is invalid"),
+ }
+ }
+
pl, errRes := getPowerlevels(req, rsAPI, roomID)
if errRes != nil {
return *errRes
}
- allowedToKick := pl.UserLevel(*senderID) >= pl.Kick
+ allowedToKick := pl.UserLevel(*senderID) >= pl.Kick || bodyUserID.String() == deviceUserID.String()
if !allowedToKick {
return util.JSONResponse{
Code: http.StatusForbidden,
@@ -193,13 +201,6 @@ func SendKick(
}
}
- bodyUserID, err := spec.NewUserID(body.UserID, true)
- if err != nil {
- return util.JSONResponse{
- Code: http.StatusBadRequest,
- JSON: spec.BadJSON("body userID is invalid"),
- }
- }
var queryRes roomserverAPI.QueryMembershipForUserResponse
err = rsAPI.QueryMembershipForUser(req.Context(), &roomserverAPI.QueryMembershipForUserRequest{
RoomID: roomID,