From 7300103796e1b1fdeec2fc9c2de985c605e18f2d Mon Sep 17 00:00:00 2001 From: strawberry Date: Wed, 17 Apr 2024 02:54:59 -0400 Subject: [PATCH] check if user is allowed to invite for restricted room join Signed-off-by: strawberry --- src/api/client_server/membership.rs | 39 +++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/src/api/client_server/membership.rs b/src/api/client_server/membership.rs index 28dd797a..b609fa34 100644 --- a/src/api/client_server/membership.rs +++ b/src/api/client_server/membership.rs @@ -1024,7 +1024,10 @@ pub(crate) async fn join_room_by_id_helper( let restriction_rooms = match join_rules_event_content { Some(RoomJoinRulesEventContent { - join_rule: JoinRule::Restricted(restricted) | JoinRule::KnockRestricted(restricted), + join_rule: JoinRule::Restricted(restricted), + }) + | Some(RoomJoinRulesEventContent { + join_rule: JoinRule::KnockRestricted(restricted), }) => restricted .allow .into_iter() @@ -1036,22 +1039,36 @@ pub(crate) async fn join_room_by_id_helper( _ => Vec::new(), }; - let authorized_user = if restriction_rooms.iter().any(|restriction_room_id| { + let local_members = services() + .rooms + .state_cache + .room_members(room_id) + .filter_map(Result::ok) + .filter(|user| user.server_name() == services().globals.server_name()) + .collect::>(); + + let mut authorized_user: Option = None; + + if restriction_rooms.iter().any(|restriction_room_id| { services() .rooms .state_cache .is_joined(sender_user, restriction_room_id) .unwrap_or(false) }) { - services() - .rooms - .state_cache - .room_members(room_id) - .filter_map(Result::ok) - .find(|auth_user| auth_user.server_name() == services().globals.server_name()) - } else { - None - }; + for user in local_members { + if services() + .rooms + .state_accessor + .user_can_invite(room_id, &user, sender_user, &state_lock) + .await + .unwrap_or(false) + { + authorized_user = Some(user); + break; + } + } + } let event = RoomMemberEventContent { membership: MembershipState::Join,