Rework room freeze and implement unfreezing the room #100
Conversation
|
Failing CI is blocked on #99 |
so every user gets a PL of 100? this seems a curious choice. |
It seems like the only way to let someone name themselves as the new admin of the room (in the process of unfreezing it) |
yeah fair enough. It just feels a bit surprising that anyone can now come in and take over the room. But maybe that is the intention? |
Yep exactly (see https://github.com/matrix-org/matrix-dinsic/issues/703 which states "any existing member can take the administration of the room") |
…artyEventRules` module (#10316) Because modules might send extra state events when processing an event (e.g. matrix-org/synapse-dinsic#100), and in some cases these extra events might get dropped if we don't recalculate the initial event's auth.
Otherwise we end up poisoning the event cache since we're getting a reference when assigning (and so we're modifying the same content that's in the cache for that event).
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
A feature we currently have in the
RoomAccessRulesmodule is the ability to "freeze" room when the last admin has left it (#59). Freezing the room means changing the room's rules in a way that prevents anyone from sending messages in the room except for leaving or taking over and unfreezing the room.The current solution for freezing a room doesn't allow the room to be unfrozen. This is because the Matrix spec explicitly forbids a user to change their own power level, or someone else's, to a higher value than their current one. As per https://spec.matrix.org/unstable/rooms/v1/#authorization-rules:
This means that from a Matrix perspective the room is effectively broken, because even if the power level event allows anyone to send a new
m.room.power_levelsevent, whoever sends it won't be able to change its content. This means unfreezing can't work.This means the room freezing feature needs to be changed in the following way:
io.element.room.frozen, is defined. Its content is{"frozen": [...]}, withfrozena boolean indicating whether the room is frozen, defaulting tofalse.user_defaultkey to 100 (rather than sending a brand new event with every permission up'd to 100), and removing any user whose PL isn't specifically set to 100 in theusersobject (in order to not prevent them from being able to unfreeze and take over the roomio.element.room.frozen'sfrozenkey in the room's state, setting it totrueRoomAccessRulesmodule forbids new events (except for leaving or unfreezing the room - see below for how the latter is defined) iffrozenistruefrozenistruein the room's state:Adminin the room list - settinguser_defaultto 100 will have the side-effect of showing every user as admin in the room list, and I think clients should hide that to avoid any confusion around the current state of the room.Additionally, freezing the room would set its join rules to
invite.This would then allow unfreezing a room by sending a new power level events that:
user_defaultkey back to 0Here's how this PR implements it:
RoomAccessRulesmodule sends aio.element.room.frozenevent; this in turns triggers a power levels update to be sentio.element.room.frozenevent manually, the module updates the power levels event accordinglyFuture work (out of scope for this PR) include:
ThirdPartyEventRulesinterface to the new generic modules system first, since we'd then need to run two modules with this interface for synapse-dinsic)