From b71b90e7b0bb3464e5782b3804fefc371e006b8d Mon Sep 17 00:00:00 2001 From: lda Date: Fri, 8 Dec 2023 17:47:12 +0100 Subject: [PATCH] [ADD] Add basic privilege checking for RouteRoomAliases For now, this checking is incomplete, and it probably will stay that way until rooms are properly implemented. --- docs/user/admin/privileges.md | 8 ++++---- src/Routes/RouteRoomAliases.c | 19 +++++++++++++++++-- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/docs/user/admin/privileges.md b/docs/user/admin/privileges.md index 9a8da06..b62e8d9 100644 --- a/docs/user/admin/privileges.md +++ b/docs/user/admin/privileges.md @@ -16,10 +16,10 @@ registration tokens. configuration. - **GRANT_PRIVILEGES:** Allows a user to modify his or her own privileges or the privileges of other local users. -- **ALIAS:** Allows a user to modify room aliases created by other -users. By default, users can only manage their own room aliases, but -an administrator may wish to take over an alias or remove an offensive -alias. +- **ALIAS:** Allows a user to modify and see room aliases created by +other users. By default, users can only manage their own room aliases, +but an administrator may wish to take over an alias or remove an +offensive alias. - **PROC_CONTROL:** Allows a user to get statistics on the running process, as well as shutdown and resetart the Telodendria daemon itself. Typically this will pair well with **CONFIG**, because there diff --git a/src/Routes/RouteRoomAliases.c b/src/Routes/RouteRoomAliases.c index 6c25249..13dbe4b 100644 --- a/src/Routes/RouteRoomAliases.c +++ b/src/Routes/RouteRoomAliases.c @@ -50,14 +50,29 @@ ROUTE_IMPL(RouteRoomAliases, path, argp) User *user = NULL; - /* TODO: Also check permissions. */ response = MatrixGetAccessToken(args->context, &token); if (response) { goto finish; } user = UserAuthenticate(db, token); - /* TODO: Check if user is authorised. */ + if (!user) + { + HttpResponseStatus(args->context, HTTP_UNAUTHORIZED); + response = MatrixErrorCreate(M_UNKNOWN_TOKEN, NULL); + goto finish; + } + + /* TODO: Check whenever the user is in the room or if its world readable + * once this is implemented instead of just checking for the ALIAS + * privilege. */ + if (!(UserGetPrivileges(user) & USER_ALIAS)) + { + msg = "User is not allowed to get this room's aliases."; + HttpResponseStatus(args->context, HTTP_FORBIDDEN); + response = MatrixErrorCreate(M_FORBIDDEN, msg); + goto finish; + } ref = DbLock(db, 1, "aliases"); aliases = DbJson(ref);