-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Allow guest users access to messages in rooms they have joined #587
Changes from 2 commits
b71ca2b
05aee12
6c5b147
5be3944
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -53,9 +53,15 @@ def __init__(self, hs): | |
self.event_builder_factory = hs.get_event_builder_factory() | ||
|
||
@defer.inlineCallbacks | ||
def _filter_events_for_clients(self, user_tuples, events, event_id_to_state): | ||
def filter_events_for_clients(self, user_tuples, events, event_id_to_state): | ||
""" Returns dict of user_id -> list of events that user is allowed to | ||
see. | ||
|
||
:param (str, bool) user_tuples: (user id, is_peeking) for each | ||
user to be checked. is_peeking should be true if: | ||
* the user is not currently a member of the room, and: | ||
* the user has not been a member of the room since the given | ||
events | ||
""" | ||
forgotten = yield defer.gatherResults([ | ||
self.store.who_forgot_in_room( | ||
|
@@ -72,18 +78,20 @@ def _filter_events_for_clients(self, user_tuples, events, event_id_to_state): | |
def allowed(event, user_id, is_peeking): | ||
state = event_id_to_state[event.event_id] | ||
|
||
# get the room_visibility at the time of the event. | ||
visibility_event = state.get((EventTypes.RoomHistoryVisibility, ""), None) | ||
if visibility_event: | ||
visibility = visibility_event.content.get("history_visibility", "shared") | ||
else: | ||
visibility = "shared" | ||
|
||
# if it was world_readable, it's easy: everyone can read it | ||
if visibility == "world_readable": | ||
return True | ||
|
||
if is_peeking: | ||
return False | ||
|
||
# get the user's membership at the time of the event. (or rather, | ||
# just *after* the event. Which means that people can see their | ||
# own join events, but not (currently) their own leave events.) | ||
membership_event = state.get((EventTypes.Member, user_id), None) | ||
if membership_event: | ||
if membership_event.event_id in event_id_forgotten: | ||
|
@@ -93,20 +101,32 @@ def allowed(event, user_id, is_peeking): | |
else: | ||
membership = None | ||
|
||
# if the user was a member of the room at the time of the event, | ||
# they can see it. | ||
if membership == Membership.JOIN: | ||
return True | ||
|
||
if event.type == EventTypes.RoomHistoryVisibility: | ||
return not is_peeking | ||
# XXX why are m.room.history_visibility events special? | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I've talked with Erik, and we believe the reason for this is that it allows clients to actually see that history visibility changes happened, partially because they can't see the event which opens up history visibility itself. I contend that this is bad, partially because it leaks membership information about otherwise restricted rooms. I'm fairly convinced that what we want to do is either:
|
||
# return True | ||
pass | ||
|
||
if visibility == "shared": | ||
return True | ||
elif visibility == "joined": | ||
return membership == Membership.JOIN | ||
# user can also see the event if he has become a member since | ||
# the event | ||
# | ||
# XXX: if the user has subsequently joined and then left again, | ||
# ideally we would share history up to the point they left. But | ||
# we don't know when they left. | ||
return not is_peeking | ||
elif visibility == "invited": | ||
# user can also see the event if he was *invited* at the time | ||
# of the event. | ||
return membership == Membership.INVITE | ||
|
||
return True | ||
# presumably visibility is "joined"; we weren't a member at the | ||
# time of the event, so we're done. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think the server is supposed to assume that the room is "shared" if it doesn't understand the value of history_visibility. https://matrix.org/speculator/spec/HEAD/client_server.html#id31 |
||
return False | ||
|
||
defer.returnValue({ | ||
user_id: [ | ||
|
@@ -119,7 +139,17 @@ def allowed(event, user_id, is_peeking): | |
|
||
@defer.inlineCallbacks | ||
def _filter_events_for_client(self, user_id, events, is_peeking=False): | ||
# Assumes that user has at some point joined the room if not is_guest. | ||
""" | ||
Check which events a user is allowed to see | ||
|
||
:param str user_id: user id to be checked | ||
:param [synapse.events.EventBase] events: list of events to be checked | ||
:param bool is_peeking should be True if: | ||
* the user is not currently a member of the room, and: | ||
* the user has not been a member of the room since the given | ||
events | ||
:rtype [synapse.events.EventBase] | ||
""" | ||
types = ( | ||
(EventTypes.RoomHistoryVisibility, ""), | ||
(EventTypes.Member, user_id), | ||
|
@@ -128,7 +158,7 @@ def _filter_events_for_client(self, user_id, events, is_peeking=False): | |
frozenset(e.event_id for e in events), | ||
types=types | ||
) | ||
res = yield self._filter_events_for_clients( | ||
res = yield self.filter_events_for_clients( | ||
[(user_id, is_peeking)], events, event_id_to_state | ||
) | ||
defer.returnValue(res.get(user_id, [])) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Param style is wrong here; should be:
Args:
argname (type): Description
(and below)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so. At least, that is not the convention we agreed last time it was discussed, which was https://www.jetbrains.com/pycharm/help/type-hinting-in-pycharm.html#legacy.