aboutsummaryrefslogtreecommitdiff
path: root/clientapi/routing/redaction.go
diff options
context:
space:
mode:
Diffstat (limited to 'clientapi/routing/redaction.go')
-rw-r--r--clientapi/routing/redaction.go27
1 files changed, 21 insertions, 6 deletions
diff --git a/clientapi/routing/redaction.go b/clientapi/routing/redaction.go
index e94c7748..22474fc0 100644
--- a/clientapi/routing/redaction.go
+++ b/clientapi/routing/redaction.go
@@ -73,10 +73,25 @@ func SendRedaction(
}
}
+ fullUserID, userIDErr := spec.NewUserID(device.UserID, true)
+ if userIDErr != nil {
+ return util.JSONResponse{
+ Code: http.StatusForbidden,
+ JSON: spec.Forbidden("userID doesn't have power level to redact"),
+ }
+ }
+ senderID, queryErr := rsAPI.QuerySenderIDForUser(req.Context(), roomID, *fullUserID)
+ if queryErr != nil {
+ return util.JSONResponse{
+ Code: http.StatusForbidden,
+ JSON: spec.Forbidden("userID doesn't have power level to redact"),
+ }
+ }
+
// "Users may redact their own events, and any user with a power level greater than or equal
// to the redact power level of the room may redact events there"
// https://matrix.org/docs/spec/client_server/r0.6.1#put-matrix-client-r0-rooms-roomid-redact-eventid-txnid
- allowedToRedact := ev.SenderID() == device.UserID // TODO: Should replace device.UserID with device...PerRoomKey
+ allowedToRedact := ev.SenderID() == senderID // TODO: Should replace device.UserID with device...PerRoomKey
if !allowedToRedact {
plEvent := roomserverAPI.GetStateEvent(req.Context(), rsAPI, roomID, gomatrixserverlib.StateKeyTuple{
EventType: spec.MRoomPowerLevels,
@@ -97,7 +112,7 @@ func SendRedaction(
),
}
}
- allowedToRedact = pl.UserLevel(device.UserID) >= pl.Redact
+ allowedToRedact = pl.UserLevel(senderID) >= pl.Redact
}
if !allowedToRedact {
return util.JSONResponse{
@@ -114,10 +129,10 @@ func SendRedaction(
// create the new event and set all the fields we can
proto := gomatrixserverlib.ProtoEvent{
- Sender: device.UserID,
- RoomID: roomID,
- Type: spec.MRoomRedaction,
- Redacts: eventID,
+ SenderID: string(senderID),
+ RoomID: roomID,
+ Type: spec.MRoomRedaction,
+ Redacts: eventID,
}
err := proto.SetContent(r)
if err != nil {
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-25 18:35:44 +0000