diff options
| author | Erik Johnston <erik@matrix.org> | 2019-03-18 15:44:37 +0000 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2019-03-18 15:51:00 +0000 |
| commit | feae38757603828839670a918f50938a4a4eb2a6 (patch) | |
| tree | 7ff26a2f42517c65b62a223e2f53ee86cc7dcd96 | |
| parent | Run black on tests/rulecheck/test_domainrulecheck.py (diff) | |
| download | synapse-feae38757603828839670a918f50938a4a4eb2a6.tar.xz | |
Don't spam check actions by admins
| -rw-r--r-- | synapse/handlers/room.py | 25 | ||||
| -rw-r--r-- | synapse/handlers/room_member.py | 30 |
2 files changed, 43 insertions, 12 deletions
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py index 2d42a41134..581cff9526 100644 --- a/synapse/handlers/room.py +++ b/synapse/handlers/room.py @@ -81,6 +81,8 @@ class RoomCreationHandler(BaseHandler): # linearizer to stop two upgrades happening at once self._upgrade_linearizer = Linearizer("room_upgrade_linearizer") + self._server_notices_mxid = hs.config.server_notices_mxid + @defer.inlineCallbacks def upgrade_room(self, requester, old_room_id, new_version): """Replace a room with a new room with a different version @@ -254,7 +256,17 @@ class RoomCreationHandler(BaseHandler): """ user_id = requester.user.to_string() - if not self.spam_checker.user_may_create_room( + if (self._server_notices_mxid is not None and + requester.user.to_string() == self._server_notices_mxid): + # allow the server notices mxid to create rooms + is_requester_admin = True + + else: + is_requester_admin = yield self.auth.is_server_admin( + requester.user, + ) + + if not is_requester_admin and not self.spam_checker.user_may_create_room( user_id, invite_list=[], cloning=True, @@ -481,7 +493,16 @@ class RoomCreationHandler(BaseHandler): invite_list = config.get("invite", []) - if not self.spam_checker.user_may_create_room( + if (self._server_notices_mxid is not None and + requester.user.to_string() == self._server_notices_mxid): + # allow the server notices mxid to create rooms + is_requester_admin = True + else: + is_requester_admin = yield self.auth.is_server_admin( + requester.user, + ) + + if not is_requester_admin and not self.spam_checker.user_may_create_room( user_id, invite_list=invite_list, cloning=False, diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index cc673e940a..dcf30327cd 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -487,18 +487,28 @@ class RoomMemberHandler(object): # so don't really fit into the general auth process. raise AuthError(403, "Guest access not allowed") - inviter = yield self._get_inviter(target.to_string(), room_id) - # We assume that if the spam checker allowed the user to create - # a room then they're allowed to join it. - if not new_room and not self.spam_checker.user_may_join_room( - target.to_string(), room_id, - is_invited=inviter is not None, - new_room=new_room, - ): - raise SynapseError( - 403, "Not allowed to join this room", + if (self._server_notices_mxid is not None and + requester.user.to_string() == self._server_notices_mxid): + # allow the server notices mxid to join rooms + is_requester_admin = True + + else: + is_requester_admin = yield self.auth.is_server_admin( + requester.user, ) + inviter = yield self._get_inviter(target.to_string(), room_id) + if not is_requester_admin: + # We assume that if the spam checker allowed the user to create + # a room then they're allowed to join it. + if not new_room and not self.spam_checker.user_may_join_room( + target.to_string(), room_id, + is_invited=inviter is not None, + ): + raise SynapseError( + 403, "Not allowed to join this room", + ) + if not is_host_in_room: if inviter and not self.hs.is_mine(inviter): remote_room_hosts.append(inviter.domain) |