nodejs/hookshot
nodejs/hookshot
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-hookshot.git synced 2025-03-10 13:17:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix hookshot showing connections as editable when the user has no permission (#660)

Browse Source 
* Fix getConnectionsForRequest reporting canEdit=true if the user has the
default or greater PL

* changelog
This commit is contained in:
Will Hunt 2023-03-14 10:48:53 +00:00 committed by GitHub
parent 7575f93f67
commit d602c895f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/660.bugfix Normal file
View File

@ -0,0 +1 @@
Fix Hookshot presenting room connections as editable if the user has a default-or-greater power levels. This was only a presentation bug, power levels were and are proeprly checked at creation/edit time.

3
src/Widgets/BridgeWidgetApi.ts
View File

@ -115,7 +115,6 @@ export class BridgeWidgetApi {
// If we have a service filter.
.filter(c => typeof serviceFilter !== "string" || c?.service === serviceFilter) as GetConnectionsResponseItem[];
const userPl = powerlevel.content.users?.[req.userId] || powerlevel.defaultUserLevel;
for (const c of connections) {
const requiredPl = Math.max(powerlevel.content.events?.[c.type] || 0, powerlevel.defaultStateEventLevel);
c.canEdit = userPl >= requiredPl;
@ -126,7 +125,7 @@ export class BridgeWidgetApi {
return {
connections,
canEdit: userPl >= powerlevel.defaultUserLevel
canEdit: userPl >= powerlevel.defaultStateEventLevel,
};
}