From 0c6500a08bbaac34b7630d66339c03dc076b2dbe Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Thu, 1 Aug 2019 10:19:04 +0200
Subject: Explain rationale

---
 synapse/third_party_rules/access_rules.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/synapse/third_party_rules/access_rules.py b/synapse/third_party_rules/access_rules.py
index 56527d6365..1a295ea7ce 100644
--- a/synapse/third_party_rules/access_rules.py
+++ b/synapse/third_party_rules/access_rules.py
@@ -438,6 +438,10 @@ class RoomAccessRules(object):
         """Check whether a join rule change is allowed. A join rule change is always
         allowed unless the new join rule is "public" and the current access rule isn't
         "restricted".
+        The rationale is that external users (those whose server would be denied access
+        to rooms enforcing the "restricted" access rule) should always rely on non-
+        external users for access to rooms, therefore they shouldn't be able to access
+        rooms that don't require an invite to be joined.
 
         Note that we currently rely on the default access rule being "restricted": during
         room creation, the m.room.join_rules event will be sent *before* the
-- 
cgit 1.4.1