Deny redaction of events in a different room.
We already correctly filter out such redactions, but we should also deny them over the CS API.
This commit is contained in:
parent
72167fb394
commit
cf89266b98
|
@ -795,7 +795,6 @@ class EventCreationHandler(object):
|
||||||
get_prev_content=False,
|
get_prev_content=False,
|
||||||
allow_rejected=False,
|
allow_rejected=False,
|
||||||
allow_none=True,
|
allow_none=True,
|
||||||
check_room_id=event.room_id,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# we can make some additional checks now if we have the original event.
|
# we can make some additional checks now if we have the original event.
|
||||||
|
@ -803,6 +802,9 @@ class EventCreationHandler(object):
|
||||||
if original_event.type == EventTypes.Create:
|
if original_event.type == EventTypes.Create:
|
||||||
raise AuthError(403, "Redacting create events is not permitted")
|
raise AuthError(403, "Redacting create events is not permitted")
|
||||||
|
|
||||||
|
if original_event.room_id != event.room_id:
|
||||||
|
raise SynapseError(400, "Cannot redact event from a different room")
|
||||||
|
|
||||||
prev_state_ids = yield context.get_prev_state_ids(self.store)
|
prev_state_ids = yield context.get_prev_state_ids(self.store)
|
||||||
auth_events_ids = yield self.auth.compute_auth_events(
|
auth_events_ids = yield self.auth.compute_auth_events(
|
||||||
event, prev_state_ids, for_verification=True
|
event, prev_state_ids, for_verification=True
|
||||||
|
|
Loading…
Reference in New Issue