diff --git a/src/jamidht/conversationrepository.cpp b/src/jamidht/conversationrepository.cpp index 283a560366909568acf4e88afe7ab5cbb2129204..fd1675765f1e35310ac7fdb855eae3d760bcafa7 100644 --- a/src/jamidht/conversationrepository.cpp +++ b/src/jamidht/conversationrepository.cpp @@ -1469,18 +1469,21 @@ ConversationRepository::Impl::checkValidProfileUpdate(const std::string& userDev if (userUri.empty()) return false; + // Check if profile is changed by an user with correct privilege auto valid = false; - { - std::lock_guard<std::mutex> lk(membersMtx_); - for (const auto& member : members_) { - if (member.uri == userUri) { - valid = member.role <= updateProfilePermLvl_; - break; - } - } + if (updateProfilePermLvl_ == MemberRole::ADMIN) { + std::string adminFile = fmt::format("admins/{}.crt", userUri); + auto adminCert = fileAtTree(adminFile, treeNew); + valid |= adminCert != nullptr; } + if (updateProfilePermLvl_ >= MemberRole::MEMBER) { + std::string memberFile = fmt::format("members/{}.crt", userUri); + auto memberCert = fileAtTree(memberFile, treeNew); + valid |= memberCert != nullptr; + } + if (!valid) { - JAMI_ERROR("Profile changed from unauthorized user: {}", userDevice); + JAMI_ERROR("Profile changed from unauthorized user: {} ({})", userDevice, userUri); return false; }