Allow a user who could join a restricted room to see it in spaces summary.

changelog.d/9922.feature

@@ -0,0 +1 @@
+Experimental support to allow a user who could join a restricted room to view it in the spaces summary.

synapse/federation/transport/server.py

@@ -1428,7 +1428,7 @@ async def on_POST(
             )
 
         return 200, await self.handler.federation_space_summary(
-            room_id, suggested_only, max_rooms_per_space, exclude_rooms
+            origin, room_id, suggested_only, max_rooms_per_space, exclude_rooms
         )
 
 

synapse/handlers/event_auth.py

@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING, Collection, Optional
 
 from synapse.api.constants import EventTypes, JoinRules, Membership
 from synapse.api.errors import AuthError
@@ -59,32 +59,55 @@ async def check_restricted_join_rules(
         ):
             return
 
+        # Get the spaces which allow access to this room, if applicable.
+        allowed_spaces = await self.get_spaces_that_allow_join(state_ids, room_version)
+        if allowed_spaces is None:
+            return
+
+        # The user was not in any of the required spaces.
+        if not await self.is_user_in_rooms(allowed_spaces, user_id):
+            raise AuthError(
+                403,
+                "You do not belong to any of the required spaces to join this room.",
+            )
+
+    async def get_spaces_that_allow_join(
+        self, state_ids: StateMap[str], room_version: RoomVersion
+    ) -> Optional[Collection[str]]:
+        """
+        Generate a list of spaces which allow access to a room.
+
+        Args:
+            state_ids: The state of the room as it currently is.
+            room_version: The room version of the room to query.
+
+        Returns:
+            None if room access via spaces doesn't apply for this room.
+
+            Otherwise, a collection of spaces (if any) which provide membership
+            to the room.
+        """
         # This only applies to room versions which support the new join rule.
         if not room_version.msc3083_join_rules:
-            return
+            return None
 
         # If there's no join rule, then it defaults to invite (so this doesn't apply).
         join_rules_event_id = state_ids.get((EventTypes.JoinRules, ""), None)
         if not join_rules_event_id:
-            return
+            return None
 
         # If the join rule is not restricted, this doesn't apply.
         join_rules_event = await self._store.get_event(join_rules_event_id)
         if join_rules_event.content.get("join_rule") != JoinRules.MSC3083_RESTRICTED:
-            return
+            return None
 
         # If allowed is of the wrong form, then only allow invited users.
         allowed_spaces = join_rules_event.content.get("allow", [])
         if not isinstance(allowed_spaces, list):
-            allowed_spaces = ()
-
-        # Get the list of joined rooms and see if there's an overlap.
-        if allowed_spaces:
-            joined_rooms = await self._store.get_rooms_for_user(user_id)
-        else:
-            joined_rooms = ()
+            return ()
 
         # Pull out the other room IDs, invalid data gets filtered.
+        result = []
         for space in allowed_spaces:
             if not isinstance(space, dict):
                 continue
@@ -93,13 +116,31 @@ async def check_restricted_join_rules(
             if not isinstance(space_id, str):
                 continue
 
-            # The user was joined to one of the spaces specified, they can join
-            # this room!
-            if space_id in joined_rooms:
-                return
+            result.append(space_id)
 
-        # The user was not in any of the required spaces.
-        raise AuthError(
-            403,
-            "You do not belong to any of the required spaces to join this room.",
-        )
+        return result
+
+    async def is_user_in_rooms(self, room_ids: Collection[str], user_id: str) -> bool:
+        """
+        Check whether a user is a member of any of the provided rooms.
+
+        Args:
+            room_ids: The rooms to check for membership.
+            user_id: The user to check.
+
+        Returns:
+            True if the user is in any of the rooms, false otherwise.
+        """
+        if not room_ids:
+            return False
+
+        # Get the list of joined rooms and see if there's an overlap.
+        joined_rooms = await self._store.get_rooms_for_user(user_id)
+
+        # Check each room and see if the user is in it.
+        for room_id in room_ids:
+            if room_id in joined_rooms:
+                return True
+
+        # The user was not in any of the rooms.
+        return False