[ADD] Add basic privilege checking for RouteRoomAliases

For now, this checking is incomplete, and it probably will stay
that way until rooms are properly implemented.
This commit is contained in:
lda 2023-12-08 17:47:12 +01:00
parent e8b4ef135d
commit b71b90e7b0
2 changed files with 21 additions and 6 deletions

View file

@ -16,10 +16,10 @@ registration tokens.
configuration. configuration.
- **GRANT_PRIVILEGES:** Allows a user to modify his or her own - **GRANT_PRIVILEGES:** Allows a user to modify his or her own
privileges or the privileges of other local users. privileges or the privileges of other local users.
- **ALIAS:** Allows a user to modify room aliases created by other - **ALIAS:** Allows a user to modify and see room aliases created by
users. By default, users can only manage their own room aliases, but other users. By default, users can only manage their own room aliases,
an administrator may wish to take over an alias or remove an offensive but an administrator may wish to take over an alias or remove an
alias. offensive alias.
- **PROC_CONTROL:** Allows a user to get statistics on the running - **PROC_CONTROL:** Allows a user to get statistics on the running
process, as well as shutdown and resetart the Telodendria daemon process, as well as shutdown and resetart the Telodendria daemon
itself. Typically this will pair well with **CONFIG**, because there itself. Typically this will pair well with **CONFIG**, because there

View file

@ -50,14 +50,29 @@ ROUTE_IMPL(RouteRoomAliases, path, argp)
User *user = NULL; User *user = NULL;
/* TODO: Also check permissions. */
response = MatrixGetAccessToken(args->context, &token); response = MatrixGetAccessToken(args->context, &token);
if (response) if (response)
{ {
goto finish; goto finish;
} }
user = UserAuthenticate(db, token); user = UserAuthenticate(db, token);
/* TODO: Check if user is authorised. */ if (!user)
{
HttpResponseStatus(args->context, HTTP_UNAUTHORIZED);
response = MatrixErrorCreate(M_UNKNOWN_TOKEN, NULL);
goto finish;
}
/* TODO: Check whenever the user is in the room or if its world readable
* once this is implemented instead of just checking for the ALIAS
* privilege. */
if (!(UserGetPrivileges(user) & USER_ALIAS))
{
msg = "User is not allowed to get this room's aliases.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
ref = DbLock(db, 1, "aliases"); ref = DbLock(db, 1, "aliases");
aliases = DbJson(ref); aliases = DbJson(ref);