summary refs log tree commit diff
path: root/synapse/handlers/message.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/handlers/message.py')
-rw-r--r--synapse/handlers/message.py18
1 files changed, 5 insertions, 13 deletions
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index 345a3e0ecd..587fbfbe86 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -255,7 +255,7 @@ class EventCreationHandler(object):
 
     @defer.inlineCallbacks
     def create_event(self, requester, event_dict, token_id=None, txn_id=None,
-                     prev_events_and_hashes=None):
+                     prev_events_and_hashes=None, require_consent=True):
         """
         Given a dict from a client, create a new event.
 
@@ -276,6 +276,9 @@ class EventCreationHandler(object):
                 where *hashes* is a map from algorithm to hash.
 
                 If None, they will be requested from the database.
+
+            require_consent (bool): Whether to check if the requester has
+                consented to privacy policy.
         Raises:
             ResourceLimitError if server is blocked to some resource being
             exceeded
@@ -317,7 +320,7 @@ class EventCreationHandler(object):
                     )
 
         is_exempt = yield self._is_exempt_from_privacy_policy(builder, requester)
-        if not is_exempt:
+        if require_consent and not is_exempt:
             yield self.assert_accepted_privacy_policy(requester)
 
         if token_id is not None:
@@ -388,17 +391,6 @@ class EventCreationHandler(object):
         if self._block_events_without_consent_error is None:
             return
 
-        # exempt AS users from needing consent
-        if requester.app_service is not None:
-            return
-
-        # Check if the user has accepted the privacy policy. We only do this if
-        # the requester has an associated access_token_id, which indicates that
-        # this action came from a user request rather than an automatice server
-        # or admin action.
-        if requester.access_token_id is None:
-            return
-
         user_id = requester.user.to_string()
 
         # exempt the system notices user