dandri/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity/ synced 2026-03-29 16:40:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(rooms): prevent removing admin room alias

Browse Source 
Only the server user can now remove the #admins alias, matching the
existing check for setting the alias. This prevents users from
accidentally breaking the admin room functionality.

fixes #1408
This commit is contained in:
Niklas Wojtkowiak
2026-02-24 11:19:41 -05:00
committed by Ellis Git
parent 22a47d1e59
commit 80c9bb4796
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/service/rooms/alias/mod.rs
View File

@@ -94,6 +94,12 @@ pub fn set_alias(
#[tracing::instrument(skip(self))]
pub async fn remove_alias(&self, alias: &RoomAliasId, user_id: &UserId) -> Result<()> {
if alias == self.services.globals.admin_alias
&& user_id != self.services.globals.server_user
{
return Err!(Request(Forbidden("Only the server user can remove this alias")));
}
if !self.user_can_remove_alias(alias, user_id).await? {
return Err!(Request(Forbidden("User is not permitted to remove this alias.")));
}