diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 2473a2b2bb..0e8973e823 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -17,9 +17,10 @@
from twisted.internet import defer
-from synapse.api.constants import Membership
+from synapse.api.constants import Membership, JoinRules
from synapse.api.errors import AuthError, StoreError, Codes
from synapse.api.events.room import RoomMemberEvent
+from synapse.util.logutils import log_function
import logging
@@ -47,13 +48,22 @@ class Auth(object):
if event.type == RoomMemberEvent.TYPE:
allowed = yield self.is_membership_change_allowed(event)
defer.returnValue(allowed)
+ return
+
+ self._check_joined_room(
+ member=snapshot.membership_state,
+ user_id=snapshot.user_id,
+ room_id=snapshot.room_id,
+ )
+
+ if hasattr(event, "state_key"):
+ # TODO (erikj): This really only should be called for *new*
+ # state
+ yield self._can_add_state(event)
else:
- self._check_joined_room(
- member=snapshot.membership_state,
- user_id=snapshot.user_id,
- room_id=snapshot.room_id,
- )
- defer.returnValue(True)
+ yield self._can_send_event(event)
+
+ defer.returnValue(True)
else:
raise AuthError(500, "Unknown event: %s" % event)
except AuthError as e:
@@ -111,7 +121,14 @@ class Auth(object):
membership = event.content["membership"]
+ join_rule = yield self.store.get_room_join_rule(event.room_id)
+ if not join_rule:
+ join_rule = JoinRules.INVITE
+
if Membership.INVITE == membership:
+ # TODO (erikj): We should probably handle this more intelligently
+ # PRIVATE join rules.
+
# Invites are valid iff caller is in the room and target isn't.
if not caller_in_room: # caller isn't joined
raise AuthError(403, "You are not in room %s." % event.room_id)
@@ -124,18 +141,42 @@ class Auth(object):
# joined: It's a NOOP
if event.user_id != target_user_id:
raise AuthError(403, "Cannot force another user to join.")
- elif room.is_public:
- pass # anyone can join public rooms.
- elif (not caller or caller.membership not in
- [Membership.INVITE, Membership.JOIN]):
- raise AuthError(403, "You are not invited to this room.")
+ elif join_rule == JoinRules.PUBLIC or room.is_public:
+ pass
+ elif join_rule == JoinRules.INVITE:
+ if (
+ not caller or caller.membership not in
+ [Membership.INVITE, Membership.JOIN]
+ ):
+ raise AuthError(403, "You are not invited to this room.")
+ else:
+ # TODO (erikj): may_join list
+ # TODO (erikj): private rooms
+ raise AuthError(403, "You are not allowed to join this room")
elif Membership.LEAVE == membership:
+ # TODO (erikj): Implement kicks.
+
if not caller_in_room: # trying to leave a room you aren't joined
raise AuthError(403, "You are not in room %s." % event.room_id)
elif target_user_id != event.user_id:
# trying to force another user to leave
raise AuthError(403, "Cannot force %s to leave." %
target_user_id)
+ elif Membership.BAN == membership:
+ user_level = yield self.store.get_power_level(
+ event.room_id,
+ event.user_id,
+ )
+
+ ban_level, _ = yield self.store.get_ops_levels(event.room_id)
+
+ if ban_level:
+ ban_level = int(ban_level)
+ else:
+ ban_level = 5 # FIXME (erikj): What should we do here?
+
+ if ban_level < user_level:
+ raise AuthError(403, "You don't have permission to ban")
else:
raise AuthError(500, "Unknown membership %s" % membership)
@@ -176,3 +217,53 @@ class Auth(object):
except StoreError:
raise AuthError(403, "Unrecognised access token.",
errcode=Codes.UNKNOWN_TOKEN)
+
+ @defer.inlineCallbacks
+ @log_function
+ def _can_send_event(self, event):
+ send_level = yield self.store.get_send_event_level(event.room_id)
+
+ if send_level:
+ send_level = int(send_level)
+ else:
+ send_level = 0
+
+ user_level = yield self.store.get_power_level(
+ event.room_id,
+ event.user_id,
+ )
+
+ if user_level:
+ user_level = int(user_level)
+ else:
+ user_level = 0
+
+ if user_level < send_level:
+ raise AuthError(
+ 403, "You don't have permission to post to the room"
+ )
+
+ defer.returnValue(True)
+
+ @defer.inlineCallbacks
+ def _can_add_state(self, event):
+ add_level = yield self.store.get_add_state_level(event.room_id)
+
+ if not add_level:
+ defer.returnValue(True)
+
+ add_level = int(add_level)
+
+ user_level = yield self.store.get_power_level(
+ event.room_id,
+ event.user_id,
+ )
+
+ user_level = int(user_level)
+
+ if user_level < add_level:
+ raise AuthError(
+ 403, "You don't have permission to add state to the room"
+ )
+
+ defer.returnValue(True)
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index f69f2445a2..668ffa07ca 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -23,7 +23,8 @@ class Membership(object):
JOIN = u"join"
KNOCK = u"knock"
LEAVE = u"leave"
- LIST = (INVITE, JOIN, KNOCK, LEAVE)
+ BAN = u"ban"
+ LIST = (INVITE, JOIN, KNOCK, LEAVE, BAN)
class Feedback(object):
@@ -42,3 +43,10 @@ class PresenceState(object):
UNAVAILABLE = u"unavailable"
ONLINE = u"online"
FREE_FOR_CHAT = u"free_for_chat"
+
+
+class JoinRules(object):
+ PUBLIC = u"public"
+ KNOCK = u"knock"
+ INVITE = u"invite"
+ PRIVATE = u"private"
diff --git a/synapse/api/events/__init__.py b/synapse/api/events/__init__.py
index f9653e0b2a..bf8d288acc 100644
--- a/synapse/api/events/__init__.py
+++ b/synapse/api/events/__init__.py
@@ -152,3 +152,10 @@ class SynapseEvent(JsonEncodedObject):
msg = self._check_json(entry, template[key][0])
if msg:
return msg
+
+
+class SynapseStateEvent(SynapseEvent):
+ def __init__(self, **kwargs):
+ if "state_key" not in kwargs:
+ kwargs["state_key"] = ""
+ super(SynapseStateEvent, self).__init__(**kwargs)
diff --git a/synapse/api/events/factory.py b/synapse/api/events/factory.py
index c2cdcddf41..159728b2d2 100644
--- a/synapse/api/events/factory.py
+++ b/synapse/api/events/factory.py
@@ -16,6 +16,8 @@
from synapse.api.events.room import (
RoomTopicEvent, MessageEvent, RoomMemberEvent, FeedbackEvent,
InviteJoinEvent, RoomConfigEvent, RoomNameEvent, GenericEvent,
+ RoomPowerLevelsEvent, RoomJoinRulesEvent, RoomOpsPowerLevelsEvent,
+ RoomCreateEvent, RoomAddStateLevelEvent, RoomSendEventLevelEvent
)
from synapse.util.stringutils import random_string
@@ -30,7 +32,13 @@ class EventFactory(object):
RoomMemberEvent,
FeedbackEvent,
InviteJoinEvent,
- RoomConfigEvent
+ RoomConfigEvent,
+ RoomPowerLevelsEvent,
+ RoomJoinRulesEvent,
+ RoomCreateEvent,
+ RoomAddStateLevelEvent,
+ RoomSendEventLevelEvent,
+ RoomOpsPowerLevelsEvent,
]
def __init__(self, hs):
diff --git a/synapse/api/events/room.py b/synapse/api/events/room.py
index 9faad57ac0..f6d3c59a9a 100644
--- a/synapse/api/events/room.py
+++ b/synapse/api/events/room.py
@@ -15,7 +15,7 @@
from synapse.api.constants import Feedback, Membership
from synapse.api.errors import SynapseError
-from . import SynapseEvent
+from . import SynapseEvent, SynapseStateEvent
class GenericEvent(SynapseEvent):
@@ -132,3 +132,45 @@ class RoomConfigEvent(SynapseEvent):
def get_content_template(self):
return {}
+
+
+class RoomCreateEvent(SynapseStateEvent):
+ TYPE = "m.room.create"
+
+ def get_content_template(self):
+ return {}
+
+
+class RoomJoinRulesEvent(SynapseStateEvent):
+ TYPE = "m.room.join_rules"
+
+ def get_content_template(self):
+ return {}
+
+
+class RoomPowerLevelsEvent(SynapseStateEvent):
+ TYPE = "m.room.power_levels"
+
+ def get_content_template(self):
+ return {}
+
+
+class RoomAddStateLevelEvent(SynapseStateEvent):
+ TYPE = "m.room.add_state_level"
+
+ def get_content_template(self):
+ return {}
+
+
+class RoomSendEventLevelEvent(SynapseStateEvent):
+ TYPE = "m.room.send_event_level"
+
+ def get_content_template(self):
+ return {}
+
+
+class RoomOpsPowerLevelsEvent(SynapseStateEvent):
+ TYPE = "m.room.ops_levels"
+
+ def get_content_template(self):
+ return {}
|
