Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-08-03 19:44:14 -04:00
Code Issues Projects Releases Packages Wiki Activity

Allow ThirdPartyEventRules modules to manipulate public room state (#8292)

Browse source 
This PR allows `ThirdPartyEventRules` modules to view, manipulate and block changes to the state of whether a room is published in the public rooms directory.

While the idea of whether a room is in the public rooms list is not kept within an event in the room, `ThirdPartyEventRules` generally deal with controlling which modifications can happen to a room. Public rooms fits within that idea, even if its toggle state isn't controlled through a state event.
This commit is contained in:
Andrew Morgan 2020-10-05 14:57:46 +01:00 committed by GitHub
parent f31f8e6319
commit 0991a2da93
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 223 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

51
synapse/events/third_party_rules.py
View file

@ -12,10 +12,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from typing import Callable
from synapse.events import EventBase
from synapse.events.snapshot import EventContext
from synapse.types import Requester
from synapse.module_api import ModuleApi
from synapse.types import Requester, StateMap
class ThirdPartyEventRules:
@ -38,7 +40,7 @@ class ThirdPartyEventRules:
if module is not None:
self.third_party_rules = module(
config=config, http_client=hs.get_simple_http_client()
config=config, module_api=ModuleApi(hs, hs.get_auth_handler()),
)
async def check_event_allowed(
@ -106,6 +108,46 @@ class ThirdPartyEventRules:
if self.third_party_rules is None:
return True
state_events = await self._get_state_map_for_room(room_id)
ret = await self.third_party_rules.check_threepid_can_be_invited(
medium, address, state_events
)
return ret
async def check_visibility_can_be_modified(
self, room_id: str, new_visibility: str
) -> bool:
"""Check if a room is allowed to be published to, or removed from, the public room
list.
Args:
room_id: The ID of the room.
new_visibility: The new visibility state. Either "public" or "private".
Returns:
True if the room's visibility can be modified, False if not.
"""
if self.third_party_rules is None:
return True
check_func = getattr(self.third_party_rules, "check_visibility_can_be_modified")
if not check_func or not isinstance(check_func, Callable):
return True
state_events = await self._get_state_map_for_room(room_id)
return await check_func(room_id, state_events, new_visibility)
async def _get_state_map_for_room(self, room_id: str) -> StateMap[EventBase]:
"""Given a room ID, return the state events of that room.
Args:
room_id: The ID of the room.
Returns:
A dict mapping (event type, state key) to state event.
"""
state_ids = await self.store.get_filtered_current_state_ids(room_id)
room_state_events = await self.store.get_events(state_ids.values())
@ -113,7 +155,4 @@ class ThirdPartyEventRules:
for key, event_id in state_ids.items():
state_events[key] = room_state_events[event_id]
ret = await self.third_party_rules.check_threepid_can_be_invited(
medium, address, state_events
)
return ret
return state_events

10
synapse/handlers/directory.py
View file

@ -46,6 +46,7 @@ class DirectoryHandler(BaseHandler):
self.config = hs.config
self.enable_room_list_search = hs.config.enable_room_list_search
self.require_membership = hs.config.require_membership_for_aliases
self.third_party_event_rules = hs.get_third_party_event_rules()
self.federation = hs.get_federation_client()
hs.get_federation_registry().register_query_handler(
@ -454,6 +455,15 @@ class DirectoryHandler(BaseHandler):
# per alias creation rule?
raise SynapseError(403, "Not allowed to publish room")
# Check if publishing is blocked by a third party module
allowed_by_third_party_rules = await (
self.third_party_event_rules.check_visibility_can_be_modified(
room_id, visibility
)
)
if not allowed_by_third_party_rules:
raise SynapseError(403, "Not allowed to publish room")
await self.store.set_room_is_public(room_id, making_public)
async def edit_published_appservice_room_list(

9
synapse/handlers/room.py
View file

@ -681,6 +681,15 @@ class RoomCreationHandler(BaseHandler):
creator_id=user_id, is_public=is_public, room_version=room_version,
)
# Check whether this visibility value is blocked by a third party module
allowed_by_third_party_rules = await (
self.third_party_event_rules.check_visibility_can_be_modified(
room_id, visibility
)
)
if not allowed_by_third_party_rules:
raise SynapseError(403, "Room visibility value not allowed.")
directory_handler = self.hs.get_handlers().directory_handler
if room_alias:
await directory_handler.create_association(

67
synapse/module_api/__init__.py
View file

@ -14,13 +14,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from typing import TYPE_CHECKING
from twisted.internet import defer
from synapse.http.client import SimpleHttpClient
from synapse.http.site import SynapseRequest
from synapse.logging.context import make_deferred_yieldable, run_in_background
from synapse.types import UserID
if TYPE_CHECKING:
from synapse.server import HomeServer
"""
This package defines the 'stable' API which can be used by extension modules which
are loaded into Synapse.
@ -43,6 +48,27 @@ class ModuleApi:
self._auth = hs.get_auth()
self._auth_handler = auth_handler
# We expose these as properties below in order to attach a helpful docstring.
self._http_client = hs.get_simple_http_client() # type: SimpleHttpClient
self._public_room_list_manager = PublicRoomListManager(hs)
@property
def http_client(self):
"""Allows making outbound HTTP requests to remote resources.
An instance of synapse.http.client.SimpleHttpClient
"""
return self._http_client
@property
def public_room_list_manager(self):
"""Allows adding to, removing from and checking the status of rooms in the
public room list.
An instance of synapse.module_api.PublicRoomListManager
"""
return self._public_room_list_manager
def get_user_by_req(self, req, allow_guest=False):
"""Check the access_token provided for a request
@ -266,3 +292,44 @@ class ModuleApi:
await self._auth_handler.complete_sso_login(
registered_user_id, request, client_redirect_url,
)
class PublicRoomListManager:
"""Contains methods for adding to, removing from and querying whether a room
is in the public room list.
"""
def __init__(self, hs: "HomeServer"):
self._store = hs.get_datastore()
async def room_is_in_public_room_list(self, room_id: str) -> bool:
"""Checks whether a room is in the public room list.
Args:
room_id: The ID of the room.
Returns:
Whether the room is in the public room list. Returns False if the room does
not exist.
"""
room = await self._store.get_room(room_id)
if not room:
return False
return room.get("is_public", False)
async def add_room_to_public_room_list(self, room_id: str) -> None:
"""Publishes a room to the public room list.
Args:
room_id: The ID of the room.
"""
await self._store.set_room_is_public(room_id, True)
async def remove_room_from_public_room_list(self, room_id: str) -> None:
"""Removes a room from the public room list.
Args:
room_id: The ID of the room.
"""
await self._store.set_room_is_public(room_id, False)