Check on room creation if the user is allowed to publish the room to the room directory. (#7260)

author: PeerD <github@spy.de> 2020-04-13 13:42:32 +0200
committer: GitHub <noreply@github.com> 2020-04-13 07:42:32 -0400
commit: f41b74216140692fcbae68a11d44a0d041d4ae53 (patch)
tree: 24d2a7a2aadd579216cdf699ec6a1a296e456d88
parent: typos (diff)
download: synapse-f41b74216140692fcbae68a11d44a0d041d4ae53.tar.xz
2 files changed, 8 insertions, 0 deletions
diff --git a/changelog.d/7260.bugfix b/changelog.d/7260.bugfix
new file mode 100644
index 0000000000..9e50b56f23
--- /dev/null
+++ b/changelog.d/7260.bugfix
@@ -0,0 +1 @@
+Fix room publish permissions not being checked on room creation.
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index df3e0cff67..3d10e4b2d9 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -645,6 +645,13 @@ class RoomCreationHandler(BaseHandler):
                 check_membership=False,
             )
 
+        if is_public:
+            if not self.config.is_publishing_room_allowed(user_id, room_id, room_alias):
+                # Lets just return a generic message, as there may be all sorts of
+                # reasons why we said no. TODO: Allow configurable error messages
+                # per alias creation rule?
+                raise SynapseError(403, "Not allowed to publish room")
+
         preset_config = config.get(
             "preset",
             RoomCreationPreset.PRIVATE_CHAT
author	PeerD <github@spy.de>	2020-04-13 13:42:32 +0200
committer	GitHub <noreply@github.com>	2020-04-13 07:42:32 -0400
commit	f41b74216140692fcbae68a11d44a0d041d4ae53 (patch)
tree	24d2a7a2aadd579216cdf699ec6a1a296e456d88
parent	typos (diff)
download	synapse-f41b74216140692fcbae68a11d44a0d041d4ae53.tar.xz