Inaccurate error message: "You don't have permission to ban" when banning or unbanning someone with same or higher PL.

[Gnuxie]

Description

POST /_matrix/client/v3/rooms/!NmyHBEdVXAZOzxAdBa%3Alocalhost%3A9999/ban: 403 Forbidden -- {"errcode":"M_FORBIDDEN","error":"You don't have permission to ban"}

When possessing the power level to ban, this error message is inaccurate and confusing to users with clients that pass through some error messages from Synapse to the user (e.g. Mjolnir/Draupnir and Nheko).

Steps to reproduce

• have a room with two moderators
• try to ban the other moderator by calling /_matrix/client/v3/rooms//ban
• you will receive a standard matrix error response with this text in the body.

Instead it should say something like:

"You don't have permission to ban this user" or "You don't have a high enough power level to ban this user".

Homeserver

localhost

Synapse Version

{"server_version":"1.90.0","python_version":"3.11.4"}

Installation Method

Docker (matrixdotorg/synapse)

Database

PostgreSQL

Workers

Single process

Platform

NA

Configuration

No response

Relevant log output

NA

Anything else that would be useful to know?

No response

[clokep]

The error comes from:

synapse/synapse/event_auth.py

Lines 672 to 677 in f9419e0

	if user_level < ban_level or user_level <= target_level:
	raise UnstableSpecAuthError(
	403,
	"You don't have permission to ban",
	errcode=Codes.INSUFFICIENT_POWER,
	)

Looks like it would be easy enough to split those conditionals if needed (or add the "this user" as you suggest).

[leviosacz]

Hey @clokep
Here is the PR: #16205
Could you please take a look and see if I missed something?
Thanks!

[DMRobertson]

(More generally, it seems like a spec deficiency if you can't distinguish between these error cases using the errcode alone.)