Merge pull request #5479 from matrix-org/erikj/add_create_room_hook_develop
Add third party rules hook into create roompull/5488/head
commit
8353ddd951
|
@ -0,0 +1 @@
|
||||||
|
Allow server admins to define implementations of extra rules for allowing or denying incoming events.
|
|
@ -17,8 +17,8 @@ from twisted.internet import defer
|
||||||
|
|
||||||
|
|
||||||
class ThirdPartyEventRules(object):
|
class ThirdPartyEventRules(object):
|
||||||
"""Allows server admins to provide a Python module implementing an extra set of rules
|
"""Allows server admins to provide a Python module implementing an extra
|
||||||
to apply when processing events.
|
set of rules to apply when processing events.
|
||||||
|
|
||||||
This is designed to help admins of closed federations with enforcing custom
|
This is designed to help admins of closed federations with enforcing custom
|
||||||
behaviours.
|
behaviours.
|
||||||
|
@ -46,7 +46,7 @@ class ThirdPartyEventRules(object):
|
||||||
context (synapse.events.snapshot.EventContext): The context of the event.
|
context (synapse.events.snapshot.EventContext): The context of the event.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
defer.Deferred(bool), True if the event should be allowed, False if not.
|
defer.Deferred[bool]: True if the event should be allowed, False if not.
|
||||||
"""
|
"""
|
||||||
if self.third_party_rules is None:
|
if self.third_party_rules is None:
|
||||||
defer.returnValue(True)
|
defer.returnValue(True)
|
||||||
|
@ -60,3 +60,24 @@ class ThirdPartyEventRules(object):
|
||||||
|
|
||||||
ret = yield self.third_party_rules.check_event_allowed(event, state_events)
|
ret = yield self.third_party_rules.check_event_allowed(event, state_events)
|
||||||
defer.returnValue(ret)
|
defer.returnValue(ret)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def on_create_room(self, requester, config, is_requester_admin):
|
||||||
|
"""Intercept requests to create room to allow, deny or update the
|
||||||
|
request config.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
requester (Requester)
|
||||||
|
config (dict): The creation config from the client.
|
||||||
|
is_requester_admin (bool): If the requester is an admin
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
defer.Deferred
|
||||||
|
"""
|
||||||
|
|
||||||
|
if self.third_party_rules is None:
|
||||||
|
return
|
||||||
|
|
||||||
|
yield self.third_party_rules.on_create_room(
|
||||||
|
requester, config, is_requester_admin
|
||||||
|
)
|
||||||
|
|
|
@ -75,6 +75,10 @@ class RoomCreationHandler(BaseHandler):
|
||||||
# linearizer to stop two upgrades happening at once
|
# linearizer to stop two upgrades happening at once
|
||||||
self._upgrade_linearizer = Linearizer("room_upgrade_linearizer")
|
self._upgrade_linearizer = Linearizer("room_upgrade_linearizer")
|
||||||
|
|
||||||
|
self._server_notices_mxid = hs.config.server_notices_mxid
|
||||||
|
|
||||||
|
self.third_party_event_rules = hs.get_third_party_event_rules()
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def upgrade_room(self, requester, old_room_id, new_version):
|
def upgrade_room(self, requester, old_room_id, new_version):
|
||||||
"""Replace a room with a new room with a different version
|
"""Replace a room with a new room with a different version
|
||||||
|
@ -470,7 +474,26 @@ class RoomCreationHandler(BaseHandler):
|
||||||
|
|
||||||
yield self.auth.check_auth_blocking(user_id)
|
yield self.auth.check_auth_blocking(user_id)
|
||||||
|
|
||||||
if not self.spam_checker.user_may_create_room(user_id):
|
if (self._server_notices_mxid is not None and
|
||||||
|
requester.user.to_string() == self._server_notices_mxid):
|
||||||
|
# allow the server notices mxid to create rooms
|
||||||
|
is_requester_admin = True
|
||||||
|
else:
|
||||||
|
is_requester_admin = yield self.auth.is_server_admin(
|
||||||
|
requester.user,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Check whether the third party rules allows/changes the room create
|
||||||
|
# request.
|
||||||
|
yield self.third_party_event_rules.on_create_room(
|
||||||
|
requester,
|
||||||
|
config,
|
||||||
|
is_requester_admin=is_requester_admin,
|
||||||
|
)
|
||||||
|
|
||||||
|
if not is_requester_admin and not self.spam_checker.user_may_create_room(
|
||||||
|
user_id,
|
||||||
|
):
|
||||||
raise SynapseError(403, "You are not permitted to create rooms")
|
raise SynapseError(403, "You are not permitted to create rooms")
|
||||||
|
|
||||||
if ratelimit:
|
if ratelimit:
|
||||||
|
|
Loading…
Reference in New Issue