Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Allow a user who could join a restricted room to see it in spaces summary. #9922

Merged
merged 18 commits into from
May 20, 2021
Merged
Show file tree
Hide file tree
Changes from 12 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/9922.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Experimental support to allow a user who could join a restricted room to view it in the spaces summary.
2 changes: 1 addition & 1 deletion synapse/federation/transport/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -1428,7 +1428,7 @@ async def on_POST(
)

return 200, await self.handler.federation_space_summary(
room_id, suggested_only, max_rooms_per_space, exclude_rooms
origin, room_id, suggested_only, max_rooms_per_space, exclude_rooms
)


Expand Down
81 changes: 61 additions & 20 deletions synapse/handlers/event_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from typing import TYPE_CHECKING, Optional
from typing import TYPE_CHECKING, Collection, Optional

from synapse.api.constants import EventTypes, JoinRules, Membership
from synapse.api.errors import AuthError
Expand Down Expand Up @@ -59,32 +59,55 @@ async def check_restricted_join_rules(
):
return

# Get the spaces which allow access to this room, if applicable.
allowed_spaces = await self.get_spaces_that_allow_join(state_ids, room_version)
if allowed_spaces is None:
return
clokep marked this conversation as resolved.
Show resolved Hide resolved

# The user was not in any of the required spaces.
if not await self.is_user_in_rooms(allowed_spaces, user_id):
raise AuthError(
403,
"You do not belong to any of the required spaces to join this room.",
)

async def get_spaces_that_allow_join(
self, state_ids: StateMap[str], room_version: RoomVersion
) -> Optional[Collection[str]]:
"""
Generate a list of spaces which allow access to a room.

Args:
state_ids: The state of the room as it currently is.
room_version: The room version of the room to query.

Returns:
None if room access via spaces doesn't apply for this room.

Otherwise, a collection of spaces (if any) which provide membership
to the room.
"""
# This only applies to room versions which support the new join rule.
if not room_version.msc3083_join_rules:
return
return None

# If there's no join rule, then it defaults to invite (so this doesn't apply).
join_rules_event_id = state_ids.get((EventTypes.JoinRules, ""), None)
if not join_rules_event_id:
return
return None

# If the join rule is not restricted, this doesn't apply.
join_rules_event = await self._store.get_event(join_rules_event_id)
if join_rules_event.content.get("join_rule") != JoinRules.MSC3083_RESTRICTED:
return
return None
clokep marked this conversation as resolved.
Show resolved Hide resolved

# If allowed is of the wrong form, then only allow invited users.
allowed_spaces = join_rules_event.content.get("allow", [])
if not isinstance(allowed_spaces, list):
allowed_spaces = ()

# Get the list of joined rooms and see if there's an overlap.
if allowed_spaces:
joined_rooms = await self._store.get_rooms_for_user(user_id)
else:
joined_rooms = ()
return ()

# Pull out the other room IDs, invalid data gets filtered.
result = []
for space in allowed_spaces:
if not isinstance(space, dict):
continue
Expand All @@ -93,13 +116,31 @@ async def check_restricted_join_rules(
if not isinstance(space_id, str):
continue

# The user was joined to one of the spaces specified, they can join
# this room!
if space_id in joined_rooms:
return
result.append(space_id)

# The user was not in any of the required spaces.
raise AuthError(
403,
"You do not belong to any of the required spaces to join this room.",
)
return result

async def is_user_in_rooms(self, room_ids: Collection[str], user_id: str) -> bool:
"""
Check whether a user is a member of any of the provided rooms.

Args:
room_ids: The rooms to check for membership.
user_id: The user to check.

Returns:
True if the user is in any of the rooms, false otherwise.
"""
if not room_ids:
return False

# Get the list of joined rooms and see if there's an overlap.
joined_rooms = await self._store.get_rooms_for_user(user_id)

# Check each room and see if the user is in it.
for room_id in room_ids:
if room_id in joined_rooms:
return True

# The user was not in any of the rooms.
return False
Loading