From bbe7d37928194d411d99079055cdcec9dbdd4959 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 21 Feb 2022 16:38:53 +0000 Subject: [PATCH] Fix logic error on context history visibility (#2211) --- syncapi/routing/context.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/syncapi/routing/context.go b/syncapi/routing/context.go index 709f6291..ef7efa2b 100644 --- a/syncapi/routing/context.go +++ b/syncapi/routing/context.go @@ -64,7 +64,7 @@ func Context( ctx := req.Context() membershipRes := roomserver.QueryMembershipForUserResponse{} membershipReq := roomserver.QueryMembershipForUserRequest{UserID: device.UserID, RoomID: roomID} - if err := rsAPI.QueryMembershipForUser(ctx, &membershipReq, &membershipRes); err != nil { + if err = rsAPI.QueryMembershipForUser(ctx, &membershipReq, &membershipRes); err != nil { logrus.WithError(err).Error("unable to fo membership") return jsonerror.InternalServerError() } @@ -86,11 +86,12 @@ func Context( state, _ := syncDB.CurrentState(ctx, roomID, &stateFilter, nil) // verify the user is allowed to see the context for this room/event for _, x := range state { - hisVis, err := x.HistoryVisibility() + var hisVis string + hisVis, err = x.HistoryVisibility() if err != nil { continue } - allowed := hisVis != "world_readable" && membershipRes.Membership == "join" + allowed := hisVis == gomatrixserverlib.WorldReadable || membershipRes.Membership == gomatrixserverlib.Join if !allowed { return util.JSONResponse{ Code: http.StatusForbidden,