FIXUP: Making get_event_context a bit more paranoid

Yoric · Yoric · commit 93f84e037349 · 2021-01-28T12:31:07.000+01:00
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
@@ -38,6 +38,7 @@
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersion
 from synapse.events import EventBase
 from synapse.events.utils import copy_power_levels_contents
+from synapse.rest.admin._base import assert_user_is_admin
 from synapse.storage.state import StateFilter
 from synapse.types import (
     JsonDict,
@@ -997,13 +998,14 @@ async def _generate_room_id(
 class RoomContextHandler:
     def __init__(self, hs: "HomeServer"):
         self.hs = hs
+        self.auth = hs.get_auth()
         self.store = hs.get_datastore()
         self.storage = hs.get_storage()
         self.state_store = self.storage.state
 
     async def get_event_context(
         self,
-        user: UserID,
+        requester: Requester,
         room_id: str,
         event_id: str,
         limit: int,
@@ -1014,7 +1016,7 @@ async def get_event_context(
         in a room.
 
         Args:
-            user
+            requester
             room_id
             event_id
             limit: The maximum number of events to return in total
@@ -1027,6 +1029,10 @@ async def get_event_context(
         Returns:
             dict, or None if the event isn't found
         """
+        user = requester.user
+        if use_admin_priviledge:
+            await assert_user_is_admin(self.auth, requester.user)
+
         before_limit = math.floor(limit / 2.0)
         after_limit = limit - before_limit
 
diff --git a/synapse/rest/admin/rooms.py b/synapse/rest/admin/rooms.py
@@ -600,7 +600,7 @@ async def on_GET(self, request, room_id, event_id):
             event_filter = None
 
         results = await self.room_context_handler.get_event_context(
-            requester.user,
+            requester,
             room_id,
             event_id,
             limit,
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
@@ -650,7 +650,7 @@ async def on_GET(self, request, room_id, event_id):
             event_filter = None
 
         results = await self.room_context_handler.get_event_context(
-            requester.user, room_id, event_id, limit, event_filter
+            requester, room_id, event_id, limit, event_filter
         )
 
         if not results:

Original file line number	Diff line number	Diff line change
`@@ -650,7 +650,7 @@ async def on_GET(self, request, room_id, event_id):`
`650`	`650`	`event_filter = None`
`651`	`651`
`652`	`652`	`results = await self.room_context_handler.get_event_context(`
`653`		`- requester.user, room_id, event_id, limit, event_filter`
	`653`	`+ requester, room_id, event_id, limit, event_filter`
`654`	`654`	`)`
`655`	`655`
`656`	`656`	`if not results:`