forked from Telodendria/Telodendria
[ADD] Add basic privilege checking for RouteRoomAliases
For now, this checking is incomplete, and it probably will stay that way until rooms are properly implemented.
This commit is contained in:
parent
e8b4ef135d
commit
b71b90e7b0
2 changed files with 21 additions and 6 deletions
|
@ -16,10 +16,10 @@ registration tokens.
|
|||
configuration.
|
||||
- **GRANT_PRIVILEGES:** Allows a user to modify his or her own
|
||||
privileges or the privileges of other local users.
|
||||
- **ALIAS:** Allows a user to modify room aliases created by other
|
||||
users. By default, users can only manage their own room aliases, but
|
||||
an administrator may wish to take over an alias or remove an offensive
|
||||
alias.
|
||||
- **ALIAS:** Allows a user to modify and see room aliases created by
|
||||
other users. By default, users can only manage their own room aliases,
|
||||
but an administrator may wish to take over an alias or remove an
|
||||
offensive alias.
|
||||
- **PROC_CONTROL:** Allows a user to get statistics on the running
|
||||
process, as well as shutdown and resetart the Telodendria daemon
|
||||
itself. Typically this will pair well with **CONFIG**, because there
|
||||
|
|
|
@ -50,14 +50,29 @@ ROUTE_IMPL(RouteRoomAliases, path, argp)
|
|||
|
||||
User *user = NULL;
|
||||
|
||||
/* TODO: Also check permissions. */
|
||||
response = MatrixGetAccessToken(args->context, &token);
|
||||
if (response)
|
||||
{
|
||||
goto finish;
|
||||
}
|
||||
user = UserAuthenticate(db, token);
|
||||
/* TODO: Check if user is authorised. */
|
||||
if (!user)
|
||||
{
|
||||
HttpResponseStatus(args->context, HTTP_UNAUTHORIZED);
|
||||
response = MatrixErrorCreate(M_UNKNOWN_TOKEN, NULL);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
/* TODO: Check whenever the user is in the room or if its world readable
|
||||
* once this is implemented instead of just checking for the ALIAS
|
||||
* privilege. */
|
||||
if (!(UserGetPrivileges(user) & USER_ALIAS))
|
||||
{
|
||||
msg = "User is not allowed to get this room's aliases.";
|
||||
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
|
||||
response = MatrixErrorCreate(M_FORBIDDEN, msg);
|
||||
goto finish;
|
||||
}
|
||||
|
||||
ref = DbLock(db, 1, "aliases");
|
||||
aliases = DbJson(ref);
|
||||
|
|
Loading…
Reference in a new issue