lda/telodendria
lda/telodendria
1
1
Fork 1
forked from Telodendria/Telodendria
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ADD] Add basic privilege checking for RouteRoomAliases

Browse source 
For now, this checking is incomplete, and it probably will stay
that way until rooms are properly implemented.
This commit is contained in:
lda 2023-12-08 17:47:12 +01:00
parent e8b4ef135d
commit b71b90e7b0
2 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/user/admin/privileges.md
View file

@ -16,10 +16,10 @@ registration tokens.
configuration.
- **GRANT_PRIVILEGES:** Allows a user to modify his or her own
privileges or the privileges of other local users.
- **ALIAS:** Allows a user to modify room aliases created by other
users. By default, users can only manage their own room aliases, but
an administrator may wish to take over an alias or remove an offensive
alias.
- **ALIAS:** Allows a user to modify and see room aliases created by
other users. By default, users can only manage their own room aliases,
but an administrator may wish to take over an alias or remove an
offensive alias.
- **PROC_CONTROL:** Allows a user to get statistics on the running
process, as well as shutdown and resetart the Telodendria daemon
itself. Typically this will pair well with **CONFIG**, because there

19
src/Routes/RouteRoomAliases.c
View file

@ -50,14 +50,29 @@ ROUTE_IMPL(RouteRoomAliases, path, argp)
User *user = NULL;
/* TODO: Also check permissions. */
response = MatrixGetAccessToken(args->context, &token);
if (response)
{
goto finish;
}
user = UserAuthenticate(db, token);
/* TODO: Check if user is authorised. */
if (!user)
{
HttpResponseStatus(args->context, HTTP_UNAUTHORIZED);
response = MatrixErrorCreate(M_UNKNOWN_TOKEN, NULL);
goto finish;
}
/* TODO: Check whenever the user is in the room or if its world readable
* once this is implemented instead of just checking for the ALIAS
* privilege. */
if (!(UserGetPrivileges(user) & USER_ALIAS))
{
msg = "User is not allowed to get this room's aliases.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
ref = DbLock(db, 1, "aliases");
aliases = DbJson(ref);