Matrix-Mirrors/forked-synapse
1
0
Fork 0
mirror of https://mau.dev/maunium/synapse.git synced 2024-10-01 01:36:05 -04:00
Code Issues Packages Projects Releases Wiki Activity

Incorporate review

Browse Source
This commit is contained in:
Brendan Abolivier 2019-07-03 17:32:52 +01:00
parent aeda7fde78
commit 6b83a1826c
No known key found for this signature in database
GPG Key ID: 1E015C145F1916CD
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
synapse/third_party_rules/access_rules.py
View File

@ -34,6 +34,12 @@ VALID_ACCESS_RULES = (
) )
# Rules to which we need to apply the power levels restrictions. # Rules to which we need to apply the power levels restrictions.
# These are all of the rules that don't forbid users to join based on a server blacklist
# (except for the rules targetting direct chats, because both users should be able to be
# room admins in a direct chat created with the "trusted_private_chat" preset).
# The current restrictions forbid users that would be forbidden from joining under more
# restrictive rules from being given a non-default PL, and the default PL from being set
# to a non-0 value.
RULES_WITH_RESTRICTED_POWER_LEVELS = ( RULES_WITH_RESTRICTED_POWER_LEVELS = (
ACCESS_RULE_UNRESTRICTED, ACCESS_RULE_UNRESTRICTED,
) )
@ -84,15 +90,12 @@ class RoomAccessRules(object):
default rule to the initial state. default rule to the initial state.
""" """
is_direct = config.get("is_direct") is_direct = config.get("is_direct")
rules_in_initial_state = False rule = None
rule = ""
# If there's a rules event in the initial state, check if it complies with the # If there's a rules event in the initial state, check if it complies with the
# spec for im.vector.room.access_rules and deny the request if not. # spec for im.vector.room.access_rules and deny the request if not.
for event in config.get("initial_state", []): for event in config.get("initial_state", []):
if event["type"] == ACCESS_RULES_TYPE: if event["type"] == ACCESS_RULES_TYPE:
rules_in_initial_state = True
rule = event["content"].get("rule") rule = event["content"].get("rule")
# Make sure the event has a valid content. # Make sure the event has a valid content.
@ -112,7 +115,7 @@ class RoomAccessRules(object):
# If there's no rules event in the initial state, create one with the default # If there's no rules event in the initial state, create one with the default
# setting. # setting.
if not rules_in_initial_state: if not rule:
if is_direct: if is_direct:
default_rule = ACCESS_RULE_DIRECT default_rule = ACCESS_RULE_DIRECT
else: else:
@ -363,9 +366,10 @@ class RoomAccessRules(object):
return True return True
def _is_power_level_content_allowed(self, content, access_rule): def _is_power_level_content_allowed(self, content, access_rule):
"""Denies a power level events that sets 'users_default' to a non-0 value, and """Check if a given power levels event is permitted under the given access rule.
sets the PL of a user that'd be blacklisted in restricted mode to a non-default It shouldn't be allowed if it either changes the default PL to a non-0 value or
value. gives a non-0 PL to a user that would have been forbidden from joining the room
under a more restrictive access rule.
Args: Args:
content (dict[]): The content of the m.room.power_levels event to check. content (dict[]): The content of the m.room.power_levels event to check.