From f41b74216140692fcbae68a11d44a0d041d4ae53 Mon Sep 17 00:00:00 2001
From: PeerD <github@spy.de>
Date: Mon, 13 Apr 2020 13:42:32 +0200
Subject: [PATCH] Check on room creation if the user is allowed to publish the
 room to the room directory. (#7260)

---
 changelog.d/7260.bugfix  | 1 +
 synapse/handlers/room.py | 7 +++++++
 2 files changed, 8 insertions(+)
 create mode 100644 changelog.d/7260.bugfix

diff --git a/changelog.d/7260.bugfix b/changelog.d/7260.bugfix
new file mode 100644
index 000000000..9e50b56f2
--- /dev/null
+++ b/changelog.d/7260.bugfix
@@ -0,0 +1 @@
+Fix room publish permissions not being checked on room creation.
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index df3e0cff6..3d10e4b2d 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -645,6 +645,13 @@ class RoomCreationHandler(BaseHandler):
                 check_membership=False,
             )
 
+        if is_public:
+            if not self.config.is_publishing_room_allowed(user_id, room_id, room_alias):
+                # Lets just return a generic message, as there may be all sorts of
+                # reasons why we said no. TODO: Allow configurable error messages
+                # per alias creation rule?
+                raise SynapseError(403, "Not allowed to publish room")
+
         preset_config = config.get(
             "preset",
             RoomCreationPreset.PRIVATE_CHAT