From 4adc33d520744afb6dc922cab34c6a6f81b977e6 Mon Sep 17 00:00:00 2001 From: clokep Date: Fri, 17 Nov 2023 13:44:41 +0000 Subject: deploy: c4f5522189687c1e739d63246b5a6668d89b2d5f --- .../usage/configuration/config_documentation.html | 155 +++++++++++++++------ 1 file changed, 116 insertions(+), 39 deletions(-) (limited to 'latest/usage/configuration/config_documentation.html') diff --git a/latest/usage/configuration/config_documentation.html b/latest/usage/configuration/config_documentation.html index 1753dca599..93a8d5b5eb 100644 --- a/latest/usage/configuration/config_documentation.html +++ b/latest/usage/configuration/config_documentation.html @@ -76,7 +76,7 @@ @@ -326,6 +326,10 @@ This option replaces the previous top-level 'use_presence' option.

presence:
   enabled: false
+

enabled can also be set to a special value of "untracked" which ignores updates +received via clients and federation, while still accepting updates from the +module API.

+

The "untracked" option was added in Synapse 1.96.0.

require_auth_for_profile_requests

Whether to require authentication to retrieve profile data (avatars, display names) of other @@ -3439,53 +3443,126 @@ users by always returning an empty list for all queries. Defaults to true.

alias_creation_rules

-

The alias_creation_rules option controls who is allowed to create aliases -on this server.

-

The format of this option is a list of rules that contain globs that -match against user_id, room_id and the new alias (fully qualified with -server name). The action in the first rule that matches is taken, -which can currently either be "allow" or "deny".

-

Missing user_id/room_id/alias fields default to "*".

-

If no rules match the request is denied. An empty list means no one -can create aliases.

-

Options for the rules include:

+

The alias_creation_rules option allows server admins to prevent unwanted +alias creation on this server.

+

This setting is an optional list of 0 or more rules. By default, no list is +provided, meaning that all alias creations are permitted.

+

Otherwise, requests to create aliases are matched against each rule in order. +The first rule that matches decides if the request is allowed or denied. If no +rule matches, the request is denied. In particular, this means that configuring +an empty list of rules will deny every alias creation request.

+

Each rule is a YAML object containing four fields, each of which is an optional string:

-

Example configuration:

-
alias_creation_rules:
-  - user_id: "bad_user"
-    alias: "spammy_alias"
-    room_id: "*"
+
Each of the glob patterns is optional, defaulting to * ("match anything").
+Note that the patterns match against fully qualified IDs, e.g. against 
+@alice:example.com, #room:example.com and !abcdefghijk:example.com instead
+of alice, room and abcedgghijk.

+
Example configuration:

+
# No rule list specified. All alias creations are allowed.
+# This is the default behaviour.
+alias_creation_rules:
+

+
# A list of one rule which allows everything.
+# This has the same effect as the previous example.
+alias_creation_rules:
+  - "action": "allow"
+

+
# An empty list of rules. All alias creations are denied.
+alias_creation_rules: []
+

+
# A list of one rule which denies everything.
+# This has the same effect as the previous example.
+alias_creation_rules:
+  - "action": "deny"
+

+
# Prevent a specific user from creating aliases.
+# Allow other users to create any alias
+alias_creation_rules:
+  - user_id: "@bad_user:example.com"
+    action: deny
+    
+  - action: allow
+

+
# Prevent aliases being created which point to a specific room.
+alias_creation_rules:
+  - room_id: "!forbiddenRoom:example.com"
     action: deny
+
+  - action: allow
 

 

 
room_list_publication_rules

-
The room_list_publication_rules option controls who can publish and
-which rooms can be published in the public room list.

+
The room_list_publication_rules option allows server admins to prevent
+unwanted entries from being published in the public room list.

 
The format of this option is the same as that for
-alias_creation_rules.

-
If the room has one or more aliases associated with it, only one of
-the aliases needs to match the alias rule. If there are no aliases
-then only rules with alias: * match.

-
If no rules match the request is denied. An empty list means no one
-can publish rooms.

-
Options for the rules include:

+alias_creation_rules: an optional list of 0 or more
+rules. By default, no list is provided, meaning that all rooms may be
+published to the room list.

+
Otherwise, requests to publish a room are matched against each rule in order.
+The first rule that matches decides if the request is allowed or denied. If no
+rule matches, the request is denied. In particular, this means that configuring
+an empty list of rules will deny every alias creation request.

+
Each rule is a YAML object containing four fields, each of which is an optional string:

 
    
-
  • user_id: Matches against the creator of the alias. Defaults to "*".
    • 
-
  • alias: Matches against any current local or canonical aliases associated with the room. Defaults to "*".
    • 
-
  • room_id: Matches against the room ID being published. Defaults to "*".
    • 
-
  • action: Whether to "allow" or "deny" the request if the rule matches. Defaults to allow.
    • 
+
  • user_id: a glob pattern that matches against the user publishing the room.
    • 
+
  • alias: a glob pattern that matches against one of published room's aliases.
+
      
+
    • If the room has no aliases, the alias match fails unless alias is unspecified or *.
      • 
+
    • If the room has exactly one alias, the alias match succeeds if the alias pattern matches that alias.
      • 
+
    • If the room has two or more aliases, the alias match succeeds if the pattern matches at least one of the aliases.
      • 
 
    
-
    Example configuration:
    
-
    room_list_publication_rules:
-  - user_id: "*"
-    alias: "*"
-    room_id: "*"
-    action: allow
+
    • 
+
  • room_id: a glob pattern that matches against the room ID of the room being published.
    • 
+
  • action: either allow or deny. What to do with the request if the rule matches. Defaults to allow.
    • 
+

+
Each of the glob patterns is optional, defaulting to * ("match anything").
+Note that the patterns match against fully qualified IDs, e.g. against
+@alice:example.com, #room:example.com and !abcdefghijk:example.com instead
+of alice, room and abcedgghijk.

+
Example configuration:

+
# No rule list specified. Anyone may publish any room to the public list.
+# This is the default behaviour.
+room_list_publication_rules:
+

+
# A list of one rule which allows everything.
+# This has the same effect as the previous example.
+room_list_publication_rules:
+  - "action": "allow"
+

+
# An empty list of rules. No-one may publish to the room list.
+room_list_publication_rules: []
+

+
# A list of one rule which denies everything.
+# This has the same effect as the previous example.
+room_list_publication_rules:
+  - "action": "deny"
+

+
# Prevent a specific user from publishing rooms.
+# Allow other users to publish anything.
+room_list_publication_rules:
+  - user_id: "@bad_user:example.com"
+    action: deny
+    
+  - action: allow
+

+
# Prevent publication of a specific room.
+room_list_publication_rules:
+  - room_id: "!forbiddenRoom:example.com"
+    action: deny
+
+  - action: allow
+

+
# Prevent publication of rooms with at least one alias containing the word "potato".
+room_list_publication_rules:
+  - alias: "#*potato*:example.com"
+    action: deny
+
+  - action: allow
 

 

 
default_power_level_content_override

-- 
cgit 1.5.1