Add third party rules hook into create room

This commit is contained in:
Erik Johnston 2019-06-17 15:48:57 +01:00
parent 6840ebeef8
commit 187d2837a9
2 changed files with 48 additions and 4 deletions

View File

@ -17,8 +17,8 @@ from twisted.internet import defer
class ThirdPartyEventRules(object): class ThirdPartyEventRules(object):
"""Allows server admins to provide a Python module implementing an extra set of rules """Allows server admins to provide a Python module implementing an extra
to apply when processing events. set of rules to apply when processing events.
This is designed to help admins of closed federations with enforcing custom This is designed to help admins of closed federations with enforcing custom
behaviours. behaviours.
@ -46,7 +46,7 @@ class ThirdPartyEventRules(object):
context (synapse.events.snapshot.EventContext): The context of the event. context (synapse.events.snapshot.EventContext): The context of the event.
Returns: Returns:
defer.Deferred(bool), True if the event should be allowed, False if not. defer.Deferred[bool]: True if the event should be allowed, False if not.
""" """
if self.third_party_rules is None: if self.third_party_rules is None:
defer.returnValue(True) defer.returnValue(True)
@ -60,3 +60,24 @@ class ThirdPartyEventRules(object):
ret = yield self.third_party_rules.check_event_allowed(event, state_events) ret = yield self.third_party_rules.check_event_allowed(event, state_events)
defer.returnValue(ret) defer.returnValue(ret)
@defer.inlineCallbacks
def on_create_room(self, requester, config, is_requester_admin):
"""Intercept requests to create room to allow, deny or update the
request config.
Args:
requester (Requester)
config (dict): The creation config from the client.
is_requester_admin (bool): If the requester is an admin
Returns:
defer.Deferred
"""
if self.third_party_rules is None:
return
yield self.third_party_rules.on_create_room(
requester, config, is_requester_admin
)

View File

@ -75,6 +75,10 @@ class RoomCreationHandler(BaseHandler):
# linearizer to stop two upgrades happening at once # linearizer to stop two upgrades happening at once
self._upgrade_linearizer = Linearizer("room_upgrade_linearizer") self._upgrade_linearizer = Linearizer("room_upgrade_linearizer")
self._server_notices_mxid = hs.config.server_notices_mxid
self.third_party_event_rules = hs.get_third_party_event_rules()
@defer.inlineCallbacks @defer.inlineCallbacks
def upgrade_room(self, requester, old_room_id, new_version): def upgrade_room(self, requester, old_room_id, new_version):
"""Replace a room with a new room with a different version """Replace a room with a new room with a different version
@ -470,7 +474,26 @@ class RoomCreationHandler(BaseHandler):
yield self.auth.check_auth_blocking(user_id) yield self.auth.check_auth_blocking(user_id)
if not self.spam_checker.user_may_create_room(user_id): if (self._server_notices_mxid is not None and
requester.user.to_string() == self._server_notices_mxid):
# allow the server notices mxid to create rooms
is_requester_admin = True
else:
is_requester_admin = yield self.auth.is_server_admin(
requester.user,
)
# Check whether the third party rules allows/changes the room create
# request.
yield self.third_party_event_rules.on_create_room(
requester,
config,
is_requester_admin=is_requester_admin,
)
if not is_requester_admin and not self.spam_checker.user_may_create_room(
user_id,
):
raise SynapseError(403, "You are not permitted to create rooms") raise SynapseError(403, "You are not permitted to create rooms")
if ratelimit: if ratelimit: