From e6a7f8964f6f6f87493a6f81002d2149e177d639 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Thu, 26 Sep 2019 11:12:21 +0100 Subject: Allow membership events which membership isn't join or invite in restricted rooms --- synapse/third_party_rules/access_rules.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'synapse/third_party_rules/access_rules.py') diff --git a/synapse/third_party_rules/access_rules.py b/synapse/third_party_rules/access_rules.py index 55b59fba8d..bd79de845f 100644 --- a/synapse/third_party_rules/access_rules.py +++ b/synapse/third_party_rules/access_rules.py @@ -17,7 +17,7 @@ import email.utils from twisted.internet import defer -from synapse.api.constants import EventTypes, JoinRules, RoomCreationPreset +from synapse.api.constants import EventTypes, JoinRules, Membership, RoomCreationPreset from synapse.api.errors import SynapseError from synapse.config._base import ConfigError from synapse.types import get_domain_from_id @@ -336,6 +336,14 @@ class RoomAccessRules(object): # called before check_event_allowed. if event.type == EventTypes.ThirdPartyInvite: return True + + # We only need to process "join" and "invite" memberships, in order to be backward + # compatible, e.g. if a user from a blacklisted server joined a restricted room + # before the rules started being enforced on the server, that user must be able to + # leave it. + if event.membership not in [Membership.JOIN, Membership.INVITE]: + return True + invitee_domain = get_domain_from_id(event.state_key) return invitee_domain not in self.domains_forbidden_when_restricted -- cgit 1.5.1