diff options
author | Brendan Abolivier <babolivier@matrix.org> | 2019-06-17 19:21:58 +0100 |
---|---|---|
committer | Brendan Abolivier <babolivier@matrix.org> | 2019-06-17 20:24:22 +0100 |
commit | 073dd7778e0f9fdfdfcce53ef4c9d8a96cffeb63 (patch) | |
tree | 7179a4c139aa8ae78b842211a4ee61fdf1929c15 | |
parent | Improve doc (diff) | |
download | synapse-073dd7778e0f9fdfdfcce53ef4c9d8a96cffeb63.tar.xz |
Implement rules change
-rw-r--r-- | synapse/tchap/event_rules.py | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/synapse/tchap/event_rules.py b/synapse/tchap/event_rules.py index 7a2bec8072..18d6d3bd6f 100644 --- a/synapse/tchap/event_rules.py +++ b/synapse/tchap/event_rules.py @@ -105,7 +105,10 @@ class TchapEventRules(object): defer.returnValue(True) def check_event_allowed(self, event, state_events): - # TODO: add rules for sending the access rules event + # Special-case the access rules event. + if event.type == ACCESS_RULES_TYPE: + return self._on_rules_change(event, state_events) + rule = self._get_rule_from_state(state_events) if rule == ACCESS_RULE_RESTRICTED: @@ -121,6 +124,42 @@ class TchapEventRules(object): return ret + def _on_rules_change(self, event, state_events): + new_rule = event.content.get("rule") + + # Check for invalid values. + if ( + new_rule != ACCESS_RULE_DIRECT + and new_rule != ACCESS_RULE_RESTRICTED + and new_rule != ACCESS_RULE_UNRESTRICTED + ): + return False + + # Make sure we don't apply "direct" if the room has more than two members. + if new_rule == ACCESS_RULE_DIRECT: + member_events_count = 0 + for key, event in state_events.items(): + if key[0] == EventTypes.Member: + member_events_count += 1 + + if member_events_count > 2: + return False + + prev_rules_event = state_events.get((ACCESS_RULES_TYPE, "")) + + # Now that we know the new rule doesn't break the "direct" case, we can allow any + # new rule in rooms that had none before. + if prev_rules_event is None: + return True + + prev_rule = prev_rules_event.content.get("rule") + + # Currently, we can only go from "restricted" to "unrestricted". + if prev_rule == ACCESS_RULE_RESTRICTED and new_rule == ACCESS_RULE_UNRESTRICTED: + return True + + return False + def _apply_restricted(self, event): # "restricted" currently means that users can only invite users if their server is # included in a limited list of domains. |