Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add spec for MSC2449: Require users to have visibility on an event when submitting reports #1517

Merged
merged 11 commits into from
Aug 15, 2023
Merged

Add spec for MSC2449: Require users to have visibility on an event when submitting reports #1517

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
d134ec5
Add MSC2249 support
Half-Shot May 9, 2023
b5b4cdb
changelog
Half-Shot May 9, 2023
aaac53a
Add a line on verification
Half-Shot May 9, 2023
8f4d9c9
Changes based on review feedback
Half-Shot May 23, 2023
6189837
Apply suggestions from code review
anoadragon453 Aug 4, 2023
8776d9b
move tags field to the bottom of report_content.yaml
anoadragon453 Aug 4, 2023
2fb7ce8
fix duplicated content
anoadragon453 Aug 4, 2023
0fccbac
Merge branch 'main' of github.com:matrix-org/matrix-spec into hs/repo…
anoadragon453 Aug 4, 2023
7cc6d6e
fix up the 404 response schema
anoadragon453 Aug 4, 2023
78c9a5d
remove erroneous schema reference
anoadragon453 Aug 4, 2023
8958f8a
1.7 -> 1.8
Half-Shot Aug 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelogs/client_server/newsfragments/1517.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Event reporters must be able to view the event in order to report it. [MSC2249](https://github.com/matrix-org/matrix-spec-proposals/pull/2249).
Half-Shot marked this conversation as resolved.
Show resolved Hide resolved
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
3 changes: 3 additions & 0 deletions content/client-server-api/modules/report_content.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,6 @@ Servers are free to handle the reported content however they desire.
This may be a dedicated room to alert server administrators to the
reported content or some other mechanism for notifying the appropriate
people.

The server MUST verify that the user has permission to view the event
before accepting a report.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again, this feels looser than what the MSC stated, which is that the reporter must currently be joined to the room that the reported event is in. Perhaps:

Suggested change
The server MUST verify that the user has permission to view the event
before accepting a report.
The server MUST verify that the user reporting the event is currently
joined to the room the event is in before accepting a report.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

further, a changed-in annotation:

Suggested change
The server MUST verify that the user has permission to view the event
before accepting a report.
{{< changed-in v="1.7" >}} The server MUST verify that the user
reporting the event is currently joined to the room the event is
in before accepting a report.

17 changes: 14 additions & 3 deletions data/api/client-server/report_content.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,14 @@ securityDefinitions:
paths:
"/rooms/{roomId}/report/{eventId}":
turt2live marked this conversation as resolved.
Show resolved Hide resolved
post:
summary: Reports an event as inappropriate.
summary: Reports an event as inappropriate. You must have permission to
retrieve this event e.g. by being a member in the room for this event.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels a bit hand-wavy. The requirements laid out by MSC2249 are that you must be currently joined to the room that the reported event is in.

description: |-
Reports an event as inappropriate to the server, which may then notify
the appropriate people.
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
operationId: reportContent
tags:
- Reporting content
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
parameters:
- in: path
type: string
Expand Down Expand Up @@ -74,5 +77,13 @@ paths:
type: object
examples:
application/json: {}
tags:
- Reporting content
404:
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
description: |-
The event was not found or you do not have permission to read this event.
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
examples:
application/json: {
"errcode": "M_NOT_FOUND",
"error": "The event was not found or you do not have permission to read this event."
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
}
schema:
$ref: "../client-server/definitions/errors/error.yaml"