diff --git a/synapse/rulecheck/__init__.py b/synapse/rulecheck/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/synapse/rulecheck/__init__.py
diff --git a/synapse/rulecheck/domain_rule_checker.py b/synapse/rulecheck/domain_rule_checker.py
new file mode 100644
index 0000000000..256cca2ed1
--- /dev/null
+++ b/synapse/rulecheck/domain_rule_checker.py
@@ -0,0 +1,78 @@
+# -*- coding: utf-8 -*-
+# Copyright 2018 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import logging
+
+from synapse.config._base import ConfigError
+
+logger = logging.getLogger(__name__)
+
+"""
+DomainRuleChecker
+
+Takes a config in the format:
+
+spam_checker:
+ module: "rulecheck.DomainRuleChecker"
+ config:
+ domain_mapping:
+ "inviter_domain": [ "invitee_domain_permitted", "other_invitee_domain_permitted" ]
+ "other_inviter_domain": [ "invitee_domain_permitted" ]
+ default: False
+ }
+
+Don't forget to consider if you can invite users from your own domain.
+"""
+class DomainRuleChecker(object):
+
+ def __init__(self, config):
+ self.domain_mapping = config["domain_mapping"] or {}
+ self.default = config["default"]
+
+ def check_event_for_spam(self, event):
+ return False
+
+ def user_may_invite(self, inviter_userid, invitee_userid, room_id):
+ inviter_domain = self._get_domain_from_id(inviter_userid)
+ invitee_domain = self._get_domain_from_id(invitee_userid)
+
+ valid_targets = self.domain_mapping.get(inviter_domain)
+ if not valid_targets:
+ return self.default
+
+ return invitee_domain in valid_targets
+
+ def user_may_create_room(self, userid):
+ return True
+
+ def user_may_create_room_alias(self, userid, room_alias):
+ return True
+
+ def user_may_publish_room(self, userid, room_id):
+ return True
+
+ @staticmethod
+ def parse_config(config):
+ if "default" in config:
+ return config
+ else:
+ raise ConfigError("No default set for spam_config DomainRuleChecker")
+
+ @staticmethod
+ def _get_domain_from_id(string):
+ idx = string.find(":")
+ if idx == -1:
+ raise Exception("Invalid ID: %r" % (string,))
+ return string[idx + 1:]
diff --git a/tests/rulecheck/__init__.py b/tests/rulecheck/__init__.py
new file mode 100644
index 0000000000..a354d38ca8
--- /dev/null
+++ b/tests/rulecheck/__init__.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# Copyright 2018 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
diff --git a/tests/rulecheck/test_domainrulecheck.py b/tests/rulecheck/test_domainrulecheck.py
new file mode 100644
index 0000000000..141c8e4445
--- /dev/null
+++ b/tests/rulecheck/test_domainrulecheck.py
@@ -0,0 +1,96 @@
+# -*- coding: utf-8 -*-
+# Copyright 2018 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from tests import unittest
+
+from synapse.config._base import ConfigError
+from synapse.rulecheck.domain_rule_checker import DomainRuleChecker
+
+
+class DomainRuleCheckerTestCase(unittest.TestCase):
+
+ def test_allowed(self):
+ config = {
+ "default": False,
+ "domain_mapping": {
+ "source_one": [ "target_one", "target_two" ],
+ "source_two": [ "target_two" ]
+ }
+ }
+ check = DomainRuleChecker(config)
+ self.assertTrue(check.user_may_invite("test:source_one","test:target_one", "room"))
+ self.assertTrue(check.user_may_invite("test:source_one","test:target_two", "room"))
+ self.assertTrue(check.user_may_invite("test:source_two","test:target_two", "room"))
+
+
+ def test_disallowed(self):
+ config = {
+ "default": True,
+ "domain_mapping": {
+ "source_one": [ "target_one", "target_two" ],
+ "source_two": [ "target_two" ]
+ }
+ }
+ check = DomainRuleChecker(config)
+ self.assertFalse(check.user_may_invite("test:source_one","test:target_three", "room"))
+ self.assertFalse(check.user_may_invite("test:source_two","test:target_three", "room"))
+ self.assertFalse(check.user_may_invite("test:source_two","test:target_one", "room"))
+
+
+ def test_default_allow(self):
+ config = {
+ "default": True,
+ "domain_mapping": {
+ "source_one": [ "target_one", "target_two" ],
+ "source_two": [ "target_two" ]
+ }
+ }
+ check = DomainRuleChecker(config)
+ self.assertTrue(check.user_may_invite("test:source_three","test:target_one", "room"))
+
+ def test_default_deny(self):
+ config = {
+ "default": False,
+ "domain_mapping": {
+ "source_one": [ "target_one", "target_two" ],
+ "source_two": [ "target_two" ]
+ }
+ }
+ check = DomainRuleChecker(config)
+ self.assertFalse(check.user_may_invite("test:source_three","test:target_one", "room"))
+
+
+ def test_config_parse(self):
+ config = {
+ "default": False,
+ "domain_mapping": {
+ "source_one": [ "target_one", "target_two" ],
+ "source_two": [ "target_two" ]
+ }
+ }
+ self.assertEquals(config, DomainRuleChecker.parse_config(config))
+
+
+ def test_config_parse_failure(self):
+ config = {
+ "domain_mapping": {
+ "source_one": [ "target_one", "target_two" ],
+ "source_two": [ "target_two" ]
+ }
+ }
+ self.assertRaises(ConfigError, DomainRuleChecker.parse_config, config)
+
+
|
