Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix up auth rules #1591

Merged
merged 7 commits into from
Aug 31, 2018
Merged

Fix up auth rules #1591

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
0b7b3bf
Reindent auth rules section
erikjohnston Aug 29, 2018
86b5486
Add missing clauses to and fix authorization rules
erikjohnston Aug 29, 2018
6c8a45c
Full stops
erikjohnston Aug 31, 2018
f3aea32
Be consistent with 'If..., reject'
erikjohnston Aug 31, 2018
f4706c8
Require creator field
erikjohnston Aug 31, 2018
59f86ec
Reindent as RST requires sublists to be three spaces
erikjohnston Aug 31, 2018
d63184e
Fixup
erikjohnston Aug 31, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 84 additions & 58 deletions specification/server_server_api.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -356,103 +356,129 @@ the state of the room.

The rules are as follows:

1. If type is ``m.room.create``, allow if and only if it has no
previous events - *i.e.* it is the first event in the room.
1. If type is ``m.room.create``:

2. If type is ``m.room.member``:
a. If it has any previous events, reject.
b. If the domain of the ``room_id`` does not match the domain of the
``sender``, reject.
c. If ``content.room_version`` is present and is not a recognised version,
reject.
d. If ``content`` has no ``creator`` field, reject.
e. Otherwise, allow.

a. If ``membership`` is ``join``:
#. If event does not have a ``m.room.create`` in its ``auth_events``, reject.

i. If the only previous event is an ``m.room.create``
and the ``state_key`` is the creator, allow.
#. If type is ``m.room.aliases``:

#. If the ``sender`` does not match ``state_key``, reject.
a. If event has no ``state_key``, reject.
b. If sender's domain doesn't matches ``state_key``, reject.
c. Otherwise, allow.

#. If the user's current membership state is ``invite`` or ``join``,
allow.
#. If type is ``m.room.member``:

#. If the ``join_rule`` is ``public``, allow.
a. If no ``state_key`` key or ``membership`` key in ``content``, reject.

#. Otherwise, reject.
#. If ``membership`` is ``join``:

b. If ``membership`` is ``invite``:
i. If the only previous event is an ``m.room.create``
and the ``state_key`` is the creator, allow.

i. If the ``sender``'s current membership state is not ``join``, reject.
#. If the ``sender`` does not match ``state_key``, reject.

#. If *target user*'s current membership state is ``join`` or ``ban``,
reject.
#. If the ``sender`` is banned, reject.

#. If the ``sender``'s power level is greater than or equal to the *invite
level*, allow.
#. If the ``join_rule`` is ``invite`` then allow if membership state
is ``invite`` or ``join``.

#. Otherwise, reject.
#. If the ``join_rule`` is ``public``, allow.

c. If ``membership`` is ``leave``:
#. Otherwise, reject.

i. If the ``sender`` matches ``state_key``, allow if and only if that user's
current membership state is ``invite`` or ``join``.
#. If ``membership`` is ``invite``:

#. If the ``sender``'s current membership state is not ``join``, reject.
i. If the ``sender``'s current membership state is not ``join``, reject.

#. If the *target user*'s current membership state is ``ban``, and the
``sender``'s power level is less than the *ban level*, reject.
#. If *target user*'s current membership state is ``join`` or ``ban``,
reject.

#. If the ``sender``'s power level is greater than or equal to the *kick
level*, and the *target user*'s power level is less than the
``sender``'s power level, allow.
#. If the ``sender``'s power level is greater than or equal to the *invite
level*, allow.

#. Otherwise, reject.
#. Otherwise, reject.

d. If ``membership`` is ``ban``:
#. If ``membership`` is ``leave``:

i. If the ``sender``'s current membership state is not ``join``, reject.
i. If the ``sender`` matches ``state_key``, allow if and only if that user's
current membership state is ``invite`` or ``join``.

#. If the ``sender``'s power level is greater than or equal to the *ban
level*, and the *target user*'s power level is less than the
``sender``'s power level, allow.
#. If the ``sender``'s current membership state is not ``join``, reject.

#. Otherwise, reject.
#. If the *target user*'s current membership state is ``ban``, and the
``sender``'s power level is less than the *ban level*, reject.

e. Otherwise, the membership is unknown. Reject.
#. If the ``sender``'s power level is greater than or equal to the *kick
level*, and the *target user*'s power level is less than the
``sender``'s power level, allow.

3. If the ``sender``'s current membership state is not ``join``, reject.
#. Otherwise, reject.

4. If the event type's *required power level* is greater than the ``sender``'s power
#. If ``membership`` is ``ban``:

i. If the ``sender``'s current membership state is not ``join``, reject.

#. If the ``sender``'s power level is greater than or equal to the *ban
level*, and the *target user*'s power level is less than the
``sender``'s power level, allow.

#. Otherwise, reject.

#. Otherwise, the membership is unknown. Reject.

#. If the ``sender``'s current membership state is not ``join``, reject.

#. If the event type's *required power level* is greater than the ``sender``'s power
level, reject.

5. If type is ``m.room.power_levels``:
#. If the event has a ``state_key`` that starts with an ``@`` and does not match
the ``sender``, reject.

#. If type is ``m.room.power_levels``:

a. If ``users`` key in ``content`` is not a dictionary with keys that are
valid user IDs with values that are integers (or a string that is an
integer), reject.

a. If there is no previous ``m.room.power_levels`` event in the room, allow.
#. If there is no previous ``m.room.power_levels`` event in the room, allow.

b. For each of the keys ``users_default``, ``events_default``,
``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as
each entry being changed under the ``events`` or ``users`` keys:
#. For each of the keys ``users_default``, ``events_default``,
``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as
each entry being changed under the ``events`` or ``users`` keys:

i. If the current value is higher than the ``sender``'s current power level,
reject.
i. If the current value is higher than the ``sender``'s current power level,
reject.

#. If the new value is higher than the ``sender``'s current power level,
reject.
#. If the new value is higher than the ``sender``'s current power level,
reject.

c. For each entry being changed under the ``users`` key, other than the
``sender``'s own entry:
#. For each entry being changed under the ``users`` key, other than the
``sender``'s own entry:

i. If the current value is equal to the ``sender``'s current power level,
reject.
i. If the current value is equal to the ``sender``'s current power level,
reject.

d. Otherwise, allow.
#. Otherwise, allow.

6. If type is ``m.room.redaction``:
#. If type is ``m.room.redaction``:

a. If the ``sender``'s power level is greater than or equal to the *redact
level*, allow.
a. If the ``sender``'s power level is greater than or equal to the *redact
level*, allow.

#. If the ``sender`` of the event being redacted is the same as the
``sender`` of the ``m.room.redaction``, allow.
#. If the domain of the ``event_id`` of the event being redacted is the same
as the domain of the ``event_id`` of the ``m.room.redaction``, allow.

#. Otherwise, reject.
#. Otherwise, reject.

7. Otherwise, allow.
#. Otherwise, allow.

.. NOTE::

Expand Down