mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-18 17:10:43 +03:00
Generic "are users in domain X allowed to invite users in domain Y" logic
This commit is contained in:
parent
c3ec84dbcd
commit
488ed3e444
4 changed files with 188 additions and 0 deletions
0
synapse/rulecheck/__init__.py
Normal file
0
synapse/rulecheck/__init__.py
Normal file
78
synapse/rulecheck/domain_rule_checker.py
Normal file
78
synapse/rulecheck/domain_rule_checker.py
Normal file
|
@ -0,0 +1,78 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Copyright 2018 New Vector Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import logging
|
||||
|
||||
from synapse.config._base import ConfigError
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
"""
|
||||
DomainRuleChecker
|
||||
|
||||
Takes a config in the format:
|
||||
|
||||
spam_checker:
|
||||
module: "rulecheck.DomainRuleChecker"
|
||||
config:
|
||||
domain_mapping:
|
||||
"inviter_domain": [ "invitee_domain_permitted", "other_invitee_domain_permitted" ]
|
||||
"other_inviter_domain": [ "invitee_domain_permitted" ]
|
||||
default: False
|
||||
}
|
||||
|
||||
Don't forget to consider if you can invite users from your own domain.
|
||||
"""
|
||||
class DomainRuleChecker(object):
|
||||
|
||||
def __init__(self, config):
|
||||
self.domain_mapping = config["domain_mapping"] or {}
|
||||
self.default = config["default"]
|
||||
|
||||
def check_event_for_spam(self, event):
|
||||
return False
|
||||
|
||||
def user_may_invite(self, inviter_userid, invitee_userid, room_id):
|
||||
inviter_domain = self._get_domain_from_id(inviter_userid)
|
||||
invitee_domain = self._get_domain_from_id(invitee_userid)
|
||||
|
||||
valid_targets = self.domain_mapping.get(inviter_domain)
|
||||
if not valid_targets:
|
||||
return self.default
|
||||
|
||||
return invitee_domain in valid_targets
|
||||
|
||||
def user_may_create_room(self, userid):
|
||||
return True
|
||||
|
||||
def user_may_create_room_alias(self, userid, room_alias):
|
||||
return True
|
||||
|
||||
def user_may_publish_room(self, userid, room_id):
|
||||
return True
|
||||
|
||||
@staticmethod
|
||||
def parse_config(config):
|
||||
if "default" in config:
|
||||
return config
|
||||
else:
|
||||
raise ConfigError("No default set for spam_config DomainRuleChecker")
|
||||
|
||||
@staticmethod
|
||||
def _get_domain_from_id(string):
|
||||
idx = string.find(":")
|
||||
if idx == -1:
|
||||
raise Exception("Invalid ID: %r" % (string,))
|
||||
return string[idx + 1:]
|
14
tests/rulecheck/__init__.py
Normal file
14
tests/rulecheck/__init__.py
Normal file
|
@ -0,0 +1,14 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Copyright 2018 New Vector Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
96
tests/rulecheck/test_domainrulecheck.py
Normal file
96
tests/rulecheck/test_domainrulecheck.py
Normal file
|
@ -0,0 +1,96 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Copyright 2018 New Vector Ltd
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
from tests import unittest
|
||||
|
||||
from synapse.config._base import ConfigError
|
||||
from synapse.rulecheck.domain_rule_checker import DomainRuleChecker
|
||||
|
||||
|
||||
class DomainRuleCheckerTestCase(unittest.TestCase):
|
||||
|
||||
def test_allowed(self):
|
||||
config = {
|
||||
"default": False,
|
||||
"domain_mapping": {
|
||||
"source_one": [ "target_one", "target_two" ],
|
||||
"source_two": [ "target_two" ]
|
||||
}
|
||||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertTrue(check.user_may_invite("test:source_one","test:target_one", "room"))
|
||||
self.assertTrue(check.user_may_invite("test:source_one","test:target_two", "room"))
|
||||
self.assertTrue(check.user_may_invite("test:source_two","test:target_two", "room"))
|
||||
|
||||
|
||||
def test_disallowed(self):
|
||||
config = {
|
||||
"default": True,
|
||||
"domain_mapping": {
|
||||
"source_one": [ "target_one", "target_two" ],
|
||||
"source_two": [ "target_two" ]
|
||||
}
|
||||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertFalse(check.user_may_invite("test:source_one","test:target_three", "room"))
|
||||
self.assertFalse(check.user_may_invite("test:source_two","test:target_three", "room"))
|
||||
self.assertFalse(check.user_may_invite("test:source_two","test:target_one", "room"))
|
||||
|
||||
|
||||
def test_default_allow(self):
|
||||
config = {
|
||||
"default": True,
|
||||
"domain_mapping": {
|
||||
"source_one": [ "target_one", "target_two" ],
|
||||
"source_two": [ "target_two" ]
|
||||
}
|
||||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertTrue(check.user_may_invite("test:source_three","test:target_one", "room"))
|
||||
|
||||
def test_default_deny(self):
|
||||
config = {
|
||||
"default": False,
|
||||
"domain_mapping": {
|
||||
"source_one": [ "target_one", "target_two" ],
|
||||
"source_two": [ "target_two" ]
|
||||
}
|
||||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertFalse(check.user_may_invite("test:source_three","test:target_one", "room"))
|
||||
|
||||
|
||||
def test_config_parse(self):
|
||||
config = {
|
||||
"default": False,
|
||||
"domain_mapping": {
|
||||
"source_one": [ "target_one", "target_two" ],
|
||||
"source_two": [ "target_two" ]
|
||||
}
|
||||
}
|
||||
self.assertEquals(config, DomainRuleChecker.parse_config(config))
|
||||
|
||||
|
||||
def test_config_parse_failure(self):
|
||||
config = {
|
||||
"domain_mapping": {
|
||||
"source_one": [ "target_one", "target_two" ],
|
||||
"source_two": [ "target_two" ]
|
||||
}
|
||||
}
|
||||
self.assertRaises(ConfigError, DomainRuleChecker.parse_config, config)
|
||||
|
||||
|
Loading…
Reference in a new issue