mirror of
https://github.com/matrix-org/mjolnir.git
synced 2024-07-05 11:02:27 +00:00
rename test->getAccess
This commit is contained in:
parent
951ee15ae8
commit
1ce45a98ed
|
@ -374,7 +374,7 @@ export class ProtectedRooms {
|
||||||
}
|
}
|
||||||
|
|
||||||
// We don't want to ban people based on server ACL as this would flood the room with bans.
|
// We don't want to ban people based on server ACL as this would flood the room with bans.
|
||||||
const memberAccess = this.accessControlUnit.testUserWithoutServer(member.userId);
|
const memberAccess = this.accessControlUnit.getAccessForUser(member.userId, "IGNORE_SERVER");
|
||||||
if (memberAccess.outcome === Access.Banned) {
|
if (memberAccess.outcome === Access.Banned) {
|
||||||
const reason = memberAccess.rule ? memberAccess.rule.reason : '<no reason supplied>';
|
const reason = memberAccess.rule ? memberAccess.rule.reason : '<no reason supplied>';
|
||||||
// We specifically use sendNotice to avoid having to escape HTML
|
// We specifically use sendNotice to avoid having to escape HTML
|
||||||
|
|
|
@ -239,35 +239,31 @@ export default class AccessControlUnit {
|
||||||
* @param domain The server name to test.
|
* @param domain The server name to test.
|
||||||
* @returns A description of the access that the server has.
|
* @returns A description of the access that the server has.
|
||||||
*/
|
*/
|
||||||
public testServer(domain: string): EntityAccess {
|
public getAccessForServer(domain: string): EntityAccess {
|
||||||
return this.testEntity(domain, this.serverAllows, this.serverBans);
|
return this.getAccessForEntity(domain, this.serverAllows, this.serverBans);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test whether the user is allowed by the ACL unit.
|
* Get the level of access the user has for the ACL unit.
|
||||||
* Does not test the domain of the user id.
|
|
||||||
* @param mxid The user id to test.
|
* @param mxid The user id to test.
|
||||||
|
* @param policy Whether to check the server part of the user id against server rules.
|
||||||
* @returns A description of the access that the user has.
|
* @returns A description of the access that the user has.
|
||||||
*/
|
*/
|
||||||
public testUserWithoutServer(mxid: string): EntityAccess {
|
public getAccessForUser(mxid: string, policy: "CHECK_SERVER" | "IGNORE_SERVER"): EntityAccess {
|
||||||
return this.testEntity(mxid, this.userAllows, this.userBans);
|
const userAccess = this.getAccessForEntity(mxid, this.userAllows, this.userBans);
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Test whether the user is allowed by the ACL unit. Does take the user's server into consideration.
|
|
||||||
* @param mxid The user id to test.
|
|
||||||
* @returns A description of the access that the user or their server has.
|
|
||||||
*/
|
|
||||||
public testUser(mxid: UserID): EntityAccess {
|
|
||||||
const userAccess = this.testUserWithoutServer(mxid.toString());
|
|
||||||
if (userAccess.outcome === Access.Allowed) {
|
if (userAccess.outcome === Access.Allowed) {
|
||||||
return this.testServer(mxid.domain);
|
if (policy === "IGNORE_SERVER") {
|
||||||
|
return userAccess;
|
||||||
|
} else {
|
||||||
|
const userId = new UserID(mxid);
|
||||||
|
return this.getAccessForServer(userId.domain);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
return userAccess;
|
return userAccess;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private testEntity(entity: string, allowCache: ListRuleCache, bannedCache: ListRuleCache): EntityAccess {
|
private getAccessForEntity(entity: string, allowCache: ListRuleCache, bannedCache: ListRuleCache): EntityAccess {
|
||||||
// Check if the entity is explicitly allowed.
|
// Check if the entity is explicitly allowed.
|
||||||
// We have to infer that a rule exists for '*' if the allowCache is empty, otherwise you brick the ACL.
|
// We have to infer that a rule exists for '*' if the allowCache is empty, otherwise you brick the ACL.
|
||||||
const allowRule = allowCache.test(entity);
|
const allowRule = allowCache.test(entity);
|
||||||
|
@ -298,7 +294,7 @@ export default class AccessControlUnit {
|
||||||
for (const rule of allowedServers) {
|
for (const rule of allowedServers) {
|
||||||
acl.allowServer(rule.entity);
|
acl.allowServer(rule.entity);
|
||||||
}
|
}
|
||||||
if (this.testServer(serverName).outcome === Access.NotAllowed) {
|
if (this.getAccessForServer(serverName).outcome === Access.NotAllowed) {
|
||||||
acl.allowServer(serverName);
|
acl.allowServer(serverName);
|
||||||
LogService.warn('AccessControlUnit', `The server ${serverName} we are operating from was not on the allowed when constructing the server ACL, so it will be injected it into the server acl. Please check the ACL lists.`)
|
LogService.warn('AccessControlUnit', `The server ${serverName} we are operating from was not on the allowed when constructing the server ACL, so it will be injected it into the server acl. Please check the ACL lists.`)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user