spam check room publishing

2 files changed, 26 insertions, 0 deletions

diff --git a/synapse/events/spamcheck.py b/synapse/events/spamcheck.py
index 7cb3468df4..595b1760f8 100644
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@@ -85,6 +85,7 @@ class SpamChecker(object):
 
         Args:
             userid (string): The sender's user ID
+            room_alias (string): The alias to be created
 
         Returns:
             bool: True if the user may create a room alias, otherwise False
@@ -93,3 +94,20 @@ class SpamChecker(object):
             return True
 
         return self.spam_checker.user_may_create_room_alias(userid, room_alias)
+
+    def user_may_publish_room(self, userid, room_id):
+        """Checks if a given user may publish a room to the directory
+
+        If this method returns false, the publish request will be rejected.
+
+        Args:
+            userid (string): The sender's user ID
+            room_id (string): The ID of the room that would be published
+
+        Returns:
+            bool: True if the user may publish the room, otherwise False
+        """
+        if self.spam_checker is None:
+            return True
+
+        return self.spam_checker.user_may_publish_room(userid, room_id)
diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py
index ed18bb20bb..a0464ae5c0 100644
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@@ -334,6 +334,14 @@ class DirectoryHandler(BaseHandler):
         room_id (str)
         visibility (str): "public" or "private"
         """
+        if not self.spam_checker.user_may_publish_room(
+            requester.user.to_string(), room_id
+        ):
+            raise AuthError(
+                403,
+                "This user is not permitted to publish rooms to the room list"
+            )
+
         if requester.is_guest:
             raise AuthError(403, "Guests cannot edit the published room list")