check if user is allowed to invite for join_authorized_via_users_server in join_room_by_id_helper

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-04-03 16:30:25 -04:00 · 2024-04-03 16:30:25 -04:00 · ab0182ace4
commit ab0182ace4
parent b9e442b694
1 changed files with 8 additions and 3 deletions
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@ -945,14 +945,19 @@ pub(crate) async fn join_room_by_id_helper(
 							.map(|(u, _)| u.to_owned())
 					})
 					.or_else(|| {
-						// TODO: Check here if user is actually allowed to invite. Currently the auth
-						// check will just fail in this case.
 						services()
 							.rooms
 							.state_cache
 							.room_members(restriction_room_id)
 							.filter_map(Result::ok)
-							.find(|uid| uid.server_name() == services().globals.server_name())
+							.find(|uid| {
+								uid.server_name() == services().globals.server_name()
+									&& services()
+										.rooms
+										.state_accessor
+										.user_can_invite(uid, restriction_room_id)
+										.unwrap_or(false)
+							})
 					});
 				Some(authorized_user)
 			})