summary refs log tree commit diff
path: root/synapse/event_auth.py
diff options
context:
space:
mode:
authorTravis Ralston <travisr@matrix.org>2022-05-17 04:41:39 -0600
committerGitHub <noreply@github.com>2022-05-17 10:41:39 +0000
commit942c30b16b86cb05d2109b13bc2c1dc9ac2fea70 (patch)
tree97e56aa03d4cef7b05e8c5adc5f41f2af0d9ebfe /synapse/event_auth.py
parentRemove code which updates `application_services_state.last_txn` (#12680) (diff)
downloadsynapse-942c30b16b86cb05d2109b13bc2c1dc9ac2fea70.tar.xz
Add a new room version for MSC3787's knock+restricted join rule (#12623)
Diffstat (limited to 'synapse/event_auth.py')
-rw-r--r--synapse/event_auth.py21


1 files changed, 17 insertions, 4 deletions
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index 621a3efccc..4c0b587a76 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -414,7 +414,12 @@ def _is_membership_change_allowed(
             raise AuthError(403, "You are banned from this room")
         elif join_rule == JoinRules.PUBLIC:
             pass
-        elif room_version.msc3083_join_rules and join_rule == JoinRules.RESTRICTED:
+        elif (
+            room_version.msc3083_join_rules and join_rule == JoinRules.RESTRICTED
+        ) or (
+            room_version.msc3787_knock_restricted_join_rule
+            and join_rule == JoinRules.KNOCK_RESTRICTED
+        ):
             # This is the same as public, but the event must contain a reference
             # to the server who authorised the join. If the event does not contain
             # the proper content it is rejected.
@@ -440,8 +445,13 @@ def _is_membership_change_allowed(
                 if authorising_user_level < invite_level:
                     raise AuthError(403, "Join event authorised by invalid server.")
 
-        elif join_rule == JoinRules.INVITE or (
-            room_version.msc2403_knocking and join_rule == JoinRules.KNOCK
+        elif (
+            join_rule == JoinRules.INVITE
+            or (room_version.msc2403_knocking and join_rule == JoinRules.KNOCK)
+            or (
+                room_version.msc3787_knock_restricted_join_rule
+                and join_rule == JoinRules.KNOCK_RESTRICTED
+            )
         ):
             if not caller_in_room and not caller_invited:
                 raise AuthError(403, "You are not invited to this room.")
@@ -462,7 +472,10 @@ def _is_membership_change_allowed(
         if user_level < ban_level or user_level <= target_level:
             raise AuthError(403, "You don't have permission to ban")
     elif room_version.msc2403_knocking and Membership.KNOCK == membership:
-        if join_rule != JoinRules.KNOCK:
+        if join_rule != JoinRules.KNOCK and (
+            not room_version.msc3787_knock_restricted_join_rule
+            or join_rule != JoinRules.KNOCK_RESTRICTED
+        ):
             raise AuthError(403, "You don't have permission to knock")
         elif target_user_id != event.user_id:
             raise AuthError(403, "You cannot knock for other users")

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-07 15:35:08 +0000