ember/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(rooms): prevent removing admin room alias

Browse source 
Only the server user can now remove the #admins alias, matching the
existing check for setting the alias. This prevents users from
accidentally breaking the admin room functionality.

fixes #1408
This commit is contained in:
Niklas Wojtkowiak 2026-02-24 11:19:41 -05:00 committed by Ellis Git
parent 22a47d1e59
commit 80c9bb4796
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/service/rooms/alias/mod.rs
View file

@ -94,6 +94,12 @@ impl Service {
#[tracing::instrument(skip(self))]
pub async fn remove_alias(&self, alias: &RoomAliasId, user_id: &UserId) -> Result<()> {
if alias == self.services.globals.admin_alias
&& user_id != self.services.globals.server_user
{
return Err!(Request(Forbidden("Only the server user can remove this alias")));
}
if !self.user_can_remove_alias(alias, user_id).await? {
return Err!(Request(Forbidden("User is not permitted to remove this alias.")));
}