diff options
author | Erik Johnston <erik@matrix.org> | 2015-10-02 10:41:14 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2015-10-02 10:41:14 +0100 |
commit | a38d36ccd0cb6b19a0d4b9a591ce990f736bdabc (patch) | |
tree | 4458974456c631386c7acd699b15a9f51779f0b2 /synapse/api/auth.py | |
parent | Merge pull request #283 from matrix-org/erikj/atomic_join_federation (diff) | |
parent | Merge branch 'develop' of github.com:matrix-org/synapse into erikj/unfederatable (diff) | |
download | synapse-a38d36ccd0cb6b19a0d4b9a591ce990f736bdabc.tar.xz |
Merge pull request #279 from matrix-org/erikj/unfederatable
Add flag which disables federation of the room
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r-- | synapse/api/auth.py | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 847ff60671..e3b8c3099a 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -20,7 +20,7 @@ from twisted.internet import defer from synapse.api.constants import EventTypes, Membership, JoinRules from synapse.api.errors import AuthError, Codes, SynapseError from synapse.util.logutils import log_function -from synapse.types import UserID, EventID +from synapse.types import RoomID, UserID, EventID import logging import pymacaroons @@ -80,6 +80,15 @@ class Auth(object): "Room %r does not exist" % (event.room_id,) ) + creating_domain = RoomID.from_string(event.room_id).domain + originating_domain = UserID.from_string(event.sender).domain + if creating_domain != originating_domain: + if not self.can_federate(event, auth_events): + raise AuthError( + 403, + "This room has been marked as unfederatable." + ) + # FIXME: Temp hack if event.type == EventTypes.Aliases: return True @@ -219,6 +228,11 @@ class Auth(object): user_id, room_id, repr(member) )) + def can_federate(self, event, auth_events): + creation_event = auth_events.get((EventTypes.Create, "")) + + return creation_event.content.get("m.federate", True) is True + @log_function def is_membership_change_allowed(self, event, auth_events): membership = event.content["membership"] @@ -234,6 +248,15 @@ class Auth(object): target_user_id = event.state_key + creating_domain = RoomID.from_string(event.room_id).domain + target_domain = UserID.from_string(target_user_id).domain + if creating_domain != target_domain: + if not self.can_federate(event, auth_events): + raise AuthError( + 403, + "This room has been marked as unfederatable." + ) + # get info about the caller key = (EventTypes.Member, event.user_id, ) caller = auth_events.get(key) |