Rework alias and public room list rules docs (#16541)
parent
ffbe9b7666
commit
6ec98810e3
|
@ -0,0 +1 @@
|
||||||
|
Correctly describe the meaning of unspecified rule lists in the [`alias_creation_rules`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#alias_creation_rules) and [`room_list_publication_rules`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#room_list_publication_rules) config options and improve their descriptions more generally.
|
|
@ -3797,62 +3797,160 @@ enable_room_list_search: false
|
||||||
---
|
---
|
||||||
### `alias_creation_rules`
|
### `alias_creation_rules`
|
||||||
|
|
||||||
The `alias_creation_rules` option controls who is allowed to create aliases
|
The `alias_creation_rules` option allows server admins to prevent unwanted
|
||||||
on this server.
|
alias creation on this server.
|
||||||
|
|
||||||
The format of this option is a list of rules that contain globs that
|
This setting is an optional list of 0 or more rules. By default, no list is
|
||||||
match against user_id, room_id and the new alias (fully qualified with
|
provided, meaning that all alias creations are permitted.
|
||||||
server name). The action in the first rule that matches is taken,
|
|
||||||
which can currently either be "allow" or "deny".
|
|
||||||
|
|
||||||
Missing user_id/room_id/alias fields default to "*".
|
Otherwise, requests to create aliases are matched against each rule in order.
|
||||||
|
The first rule that matches decides if the request is allowed or denied. If no
|
||||||
|
rule matches, the request is denied. In particular, this means that configuring
|
||||||
|
an empty list of rules will deny every alias creation request.
|
||||||
|
|
||||||
If no rules match the request is denied. An empty list means no one
|
Each rule is a YAML object containing four fields, each of which is an optional string:
|
||||||
can create aliases.
|
|
||||||
|
|
||||||
Options for the rules include:
|
* `user_id`: a glob pattern that matches against the creator of the alias.
|
||||||
* `user_id`: Matches against the creator of the alias. Defaults to "*".
|
* `alias`: a glob pattern that matches against the alias being created.
|
||||||
* `alias`: Matches against the alias being created. Defaults to "*".
|
* `room_id`: a glob pattern that matches against the room ID the alias is being pointed at.
|
||||||
* `room_id`: Matches against the room ID the alias is being pointed at. Defaults to "*"
|
* `action`: either `allow` or `deny`. What to do with the request if the rule matches. Defaults to `allow`.
|
||||||
* `action`: Whether to "allow" or "deny" the request if the rule matches. Defaults to allow.
|
|
||||||
|
Each of the glob patterns is optional, defaulting to `*` ("match anything").
|
||||||
|
Note that the patterns match against fully qualified IDs, e.g. against
|
||||||
|
`@alice:example.com`, `#room:example.com` and `!abcdefghijk:example.com` instead
|
||||||
|
of `alice`, `room` and `abcedgghijk`.
|
||||||
|
|
||||||
Example configuration:
|
Example configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
# No rule list specified. All alias creations are allowed.
|
||||||
|
# This is the default behaviour.
|
||||||
alias_creation_rules:
|
alias_creation_rules:
|
||||||
- user_id: "bad_user"
|
|
||||||
alias: "spammy_alias"
|
|
||||||
room_id: "*"
|
|
||||||
action: deny
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# A list of one rule which allows everything.
|
||||||
|
# This has the same effect as the previous example.
|
||||||
|
alias_creation_rules:
|
||||||
|
- "action": "allow"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# An empty list of rules. All alias creations are denied.
|
||||||
|
alias_creation_rules: []
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# A list of one rule which denies everything.
|
||||||
|
# This has the same effect as the previous example.
|
||||||
|
alias_creation_rules:
|
||||||
|
- "action": "deny"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Prevent a specific user from creating aliases.
|
||||||
|
# Allow other users to create any alias
|
||||||
|
alias_creation_rules:
|
||||||
|
- user_id: "@bad_user:example.com"
|
||||||
|
action: deny
|
||||||
|
|
||||||
|
- action: allow
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Prevent aliases being created which point to a specific room.
|
||||||
|
alias_creation_rules:
|
||||||
|
- room_id: "!forbiddenRoom:example.com"
|
||||||
|
action: deny
|
||||||
|
|
||||||
|
- action: allow
|
||||||
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
### `room_list_publication_rules`
|
### `room_list_publication_rules`
|
||||||
|
|
||||||
The `room_list_publication_rules` option controls who can publish and
|
The `room_list_publication_rules` option allows server admins to prevent
|
||||||
which rooms can be published in the public room list.
|
unwanted entries from being published in the public room list.
|
||||||
|
|
||||||
The format of this option is the same as that for
|
The format of this option is the same as that for
|
||||||
`alias_creation_rules`.
|
[`alias_creation_rules`](#alias_creation_rules): an optional list of 0 or more
|
||||||
|
rules. By default, no list is provided, meaning that all rooms may be
|
||||||
|
published to the room list.
|
||||||
|
|
||||||
If the room has one or more aliases associated with it, only one of
|
Otherwise, requests to publish a room are matched against each rule in order.
|
||||||
the aliases needs to match the alias rule. If there are no aliases
|
The first rule that matches decides if the request is allowed or denied. If no
|
||||||
then only rules with `alias: *` match.
|
rule matches, the request is denied. In particular, this means that configuring
|
||||||
|
an empty list of rules will deny every alias creation request.
|
||||||
|
|
||||||
If no rules match the request is denied. An empty list means no one
|
Each rule is a YAML object containing four fields, each of which is an optional string:
|
||||||
can publish rooms.
|
|
||||||
|
* `user_id`: a glob pattern that matches against the user publishing the room.
|
||||||
|
* `alias`: a glob pattern that matches against one of published room's aliases.
|
||||||
|
- If the room has no aliases, the alias match fails unless `alias` is unspecified or `*`.
|
||||||
|
- If the room has exactly one alias, the alias match succeeds if the `alias` pattern matches that alias.
|
||||||
|
- If the room has two or more aliases, the alias match succeeds if the pattern matches at least one of the aliases.
|
||||||
|
* `room_id`: a glob pattern that matches against the room ID of the room being published.
|
||||||
|
* `action`: either `allow` or `deny`. What to do with the request if the rule matches. Defaults to `allow`.
|
||||||
|
|
||||||
|
Each of the glob patterns is optional, defaulting to `*` ("match anything").
|
||||||
|
Note that the patterns match against fully qualified IDs, e.g. against
|
||||||
|
`@alice:example.com`, `#room:example.com` and `!abcdefghijk:example.com` instead
|
||||||
|
of `alice`, `room` and `abcedgghijk`.
|
||||||
|
|
||||||
Options for the rules include:
|
|
||||||
* `user_id`: Matches against the creator of the alias. Defaults to "*".
|
|
||||||
* `alias`: Matches against any current local or canonical aliases associated with the room. Defaults to "*".
|
|
||||||
* `room_id`: Matches against the room ID being published. Defaults to "*".
|
|
||||||
* `action`: Whether to "allow" or "deny" the request if the rule matches. Defaults to allow.
|
|
||||||
|
|
||||||
Example configuration:
|
Example configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
# No rule list specified. Anyone may publish any room to the public list.
|
||||||
|
# This is the default behaviour.
|
||||||
room_list_publication_rules:
|
room_list_publication_rules:
|
||||||
- user_id: "*"
|
```
|
||||||
alias: "*"
|
|
||||||
room_id: "*"
|
```yaml
|
||||||
action: allow
|
# A list of one rule which allows everything.
|
||||||
|
# This has the same effect as the previous example.
|
||||||
|
room_list_publication_rules:
|
||||||
|
- "action": "allow"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# An empty list of rules. No-one may publish to the room list.
|
||||||
|
room_list_publication_rules: []
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# A list of one rule which denies everything.
|
||||||
|
# This has the same effect as the previous example.
|
||||||
|
room_list_publication_rules:
|
||||||
|
- "action": "deny"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Prevent a specific user from publishing rooms.
|
||||||
|
# Allow other users to publish anything.
|
||||||
|
room_list_publication_rules:
|
||||||
|
- user_id: "@bad_user:example.com"
|
||||||
|
action: deny
|
||||||
|
|
||||||
|
- action: allow
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Prevent publication of a specific room.
|
||||||
|
room_list_publication_rules:
|
||||||
|
- room_id: "!forbiddenRoom:example.com"
|
||||||
|
action: deny
|
||||||
|
|
||||||
|
- action: allow
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# Prevent publication of rooms with at least one alias containing the word "potato".
|
||||||
|
room_list_publication_rules:
|
||||||
|
- alias: "#*potato*:example.com"
|
||||||
|
action: deny
|
||||||
|
|
||||||
|
- action: allow
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
Loading…
Reference in New Issue