Add config option to allow appservices to use batch send with a real user

2025-05-04 21:14:56 -04:00 · 2021-10-26 16:30:47 +03:00 · 2021-10-26 16:30:47 +03:00 · 088977f676
commit 088977f676
parent 5b8575b463
4 changed files with 27 additions and 9 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -244,7 +244,7 @@ class Auth:
            raise MissingClientTokenError()

    async def validate_appservice_can_control_user_id(
-        self, app_service: ApplicationService, user_id: str
+        self, app_service: ApplicationService, user_id: str, also_allow_user: Optional[str] = None
    ):
        """Validates that the app service is allowed to control
        the given user.
@ -252,6 +252,7 @@ class Auth:
        Args:
            app_service: The app service that controls the user
            user_id: The author MXID that the app service is controlling
+            also_allow_user: An additional user ID that the appservice can temporarily control

        Raises:
            AuthError: If the application service is not allowed to control the user
@ -263,7 +264,7 @@ class Auth:
        if app_service.sender == user_id:
            pass
        # Check to make sure the app service is allowed to control the user
-        elif not app_service.is_interested_in_user(user_id):
+        elif not app_service.is_interested_in_user(user_id) and user_id != also_allow_user:
            raise AuthError(
                403,
                "Application service cannot masquerade as this user (%s)." % user_id,