Make AccessRules use the public rooms directory instead of checking a room's join rules on rule change #63
Conversation
anoadragon453
force-pushed
the
anoa/access_rules_public_rooms
branch
2 times, most recently
from
5107fd4
to
47b604e
Compare
| @@ -76,8 +76,7 @@ def __init__(self, hs): | |||
| public_room_manager=PublicRoomsManager(hs), | |||
| ) | |||
|
|
|||
| @defer.inlineCallbacks | |||
| def check_event_allowed(self, event, context): | |||
| async def check_event_allowed(self, event, context): | |||
There was a problem hiding this comment.
We needed to async this method to eventually call the check on whether a room is public. Luckily this method is already awaited on everywhere!
anoadragon453
force-pushed
the
anoa/access_rules_public_rooms
branch
2 times, most recently
from
8aca853
to
07d1dae
Compare
|
Thanks @babolivier. I've made the requested changes - the rest need to be made on the mainline PR as it deals with code coming from there. Otherwise we just need to make a decision with @giomfo about the logic change discussion here: #63 (comment) Even if we decide to change it back, doing so is trivial :) |
|
It was brought up that reverting the join_rules change in |
Suggested in matrix-org/synapse-dinsic#63
… room's join rules on rule change
anoadragon453
force-pushed
the
anoa/access_rules_public_rooms
branch
from
93f1b02
to
c949c30
Compare
|
I've rebased this PR on top of the latest mainline changes. |
anoadragon453
force-pushed
the
anoa/access_rules_public_rooms
branch
from
c949c30
to
507d3a2
Compare
anoadragon453
force-pushed
the
anoa/access_rules_public_rooms
branch
from
507d3a2
to
19eb148
Compare
Currently it isn't possible to change the join rules of a room to FWIW I'm strongly opposed to this change as it would be a security regression. The point of the public room directory is to advertise rooms, and it isn't in any shape of form an authorisation feature (which is precisely what the join rules are). If we dropped the checks on join rules in favour of checking the visibility of the room in the public room directory, nothing could prevent e.g. someone making up their own directory, outside of Matrix, which would list rooms that any blacklisted server can join without an invite (which isn't possible currently but would be made possible by this PR). |
|
@babolivier I understood your point of view, I will check again with DINUM if they are aware of this point that you named "security regression". I consider the sanity check on Let's have a talk about this ;) Note: I agree if the PR is merged, the following spec must be updated: |
|
I got an interesting suggestion from DINUM: This means an update about the "unrestricted" preset: |
Correct method paths in tests.module_api.test_api
anoadragon453
force-pushed
the
anoa/access_rules_public_rooms
branch
from
afbe238
to
e952eab
Compare
…ricted w invite Also do some public rooms directory -> public room list wording fixes.
There was a problem hiding this comment.
SGTM (I checked mainly the new logic about the room access)
I let @babolivier review too
…oa/freeze_rooms * 'dinsic' of github.com:matrix-org/synapse-dinsic: Only assert valid next_link params when provided (#65) Don't push if an user account has expired (#58) Swap method calls in RoomAccessTestCase.test_change_rules (#64) Make all rooms noisy by default (#60) Make AccessRules use the public rooms directory instead of checking a room's join rules on rule change (#63) Override the power levels defaults, enforce mod requirement for invites, admin requirements for unknown state events (#61) RoomAccessRules cleanup (#62) Add a config option for validating 'next_link' parameters against a domain whitelist (#8275)
Requires matrix-org/synapse#8292 over on mainline, which we plan to cherry-pick for now.
This PR makes use of the new public room directory features added to
ThirdPartyEventRulesby the above PR, by:When reviewing this PR, it's recommend to skip the first commit, as it's simply the port of the above PR.