fix: history visibility

author: Timo Kösters <timo@koesters.xyz> 2023-03-07 17:58:55 +0100
committer: Timo Kösters <timo@koesters.xyz> 2023-03-13 10:39:19 +0100
commit: a1bd348977357e55508fc5510d24c8bdc9115c67 (patch)
tree: 03d9c2ad8db8517c9220fcf5ce21e3316904847b /src
parent: 27f29ba69911fc2de240bafe165024fc8ce5ea5e (diff)
download: conduit-a1bd348977357e55508fc5510d24c8bdc9115c67.zip
3 files changed, 9 insertions, 10 deletions
diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs
index 7459254..1d7480a 100644
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -129,7 +129,7 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
         auth_error: None,
     };
 
-    if !body.from_appservice {
+    if !body.from_appservice && !is_guest {
         if let Some(auth) = &body.auth {
             let (worked, uiaainfo) = services().uiaa.try_auth(
                 &UserId::parse_with_server_name("", services().globals.server_name())
diff --git a/src/api/client_server/membership.rs b/src/api/client_server/membership.rs
index 965c618..b9b1756 100644
--- a/src/api/client_server/membership.rs
+++ b/src/api/client_server/membership.rs
@@ -396,11 +396,10 @@ pub async fn get_member_events_route(
 ) -> Result<get_member_events::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    // TODO: check history visibility?
     if !services()
         .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
     {
         return Err(Error::BadRequest(
             ErrorKind::Forbidden,
@@ -434,12 +433,12 @@ pub async fn joined_members_route(
 
     if !services()
         .rooms
-        .state_cache
-        .is_joined(sender_user, &body.room_id)?
+        .state_accessor
+        .user_can_see_state_events(&sender_user, &body.room_id)?
     {
         return Err(Error::BadRequest(
             ErrorKind::Forbidden,
-            "You aren't a member of the room.",
+            "You don't have permission to view this room.",
         ));
     }
 
diff --git a/src/api/client_server/state.rs b/src/api/client_server/state.rs
index e2abe48..8e4ceaf 100644
--- a/src/api/client_server/state.rs
+++ b/src/api/client_server/state.rs
@@ -81,7 +81,7 @@ pub async fn get_state_events_route(
 ) -> Result<get_state_events::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    if services()
+    if !services()
         .rooms
         .state_accessor
         .user_can_see_state_events(&sender_user, &body.room_id)?
@@ -114,7 +114,7 @@ pub async fn get_state_events_for_key_route(
 ) -> Result<get_state_events_for_key::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    if services()
+    if !services()
         .rooms
         .state_accessor
         .user_can_see_state_events(&sender_user, &body.room_id)?
@@ -150,7 +150,7 @@ pub async fn get_state_events_for_empty_key_route(
 ) -> Result<RumaResponse<get_state_events_for_key::v3::Response>> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    if services()
+    if !services()
         .rooms
         .state_accessor
         .user_can_see_state_events(&sender_user, &body.room_id)?
author	Timo Kösters <timo@koesters.xyz>	2023-03-07 17:58:55 +0100
committer	Timo Kösters <timo@koesters.xyz>	2023-03-13 10:39:19 +0100
commit	a1bd348977357e55508fc5510d24c8bdc9115c67 (patch)
tree	03d9c2ad8db8517c9220fcf5ce21e3316904847b /src
parent	27f29ba69911fc2de240bafe165024fc8ce5ea5e (diff)
download	conduit-a1bd348977357e55508fc5510d24c8bdc9115c67.zip