mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-22 12:44:30 +03:00
Add rules to DomainRuleChecker
This commit is contained in:
parent
feae387576
commit
68a9d1fc34
2 changed files with 44 additions and 11 deletions
|
@ -34,7 +34,17 @@ class DomainRuleChecker(object):
|
||||||
"inviter_domain": [ "invitee_domain_permitted", "other_domain_permitted" ]
|
"inviter_domain": [ "invitee_domain_permitted", "other_domain_permitted" ]
|
||||||
"other_inviter_domain": [ "invitee_domain_permitted" ]
|
"other_inviter_domain": [ "invitee_domain_permitted" ]
|
||||||
default: False
|
default: False
|
||||||
}
|
|
||||||
|
# Only let local users join rooms if they were explicitly invited.
|
||||||
|
can_only_join_rooms_with_invite: false
|
||||||
|
|
||||||
|
# Only let local users create rooms if they are inviting only one
|
||||||
|
# other user, and that user matches the rules above.
|
||||||
|
can_only_create_one_to_one_rooms: false
|
||||||
|
|
||||||
|
# Only let local users invite during room creation, regardless of the
|
||||||
|
# domain mapping rules above.
|
||||||
|
can_only_invite_during_room_creation: false
|
||||||
|
|
||||||
Don't forget to consider if you can invite users from your own domain.
|
Don't forget to consider if you can invite users from your own domain.
|
||||||
"""
|
"""
|
||||||
|
@ -43,6 +53,16 @@ class DomainRuleChecker(object):
|
||||||
self.domain_mapping = config["domain_mapping"] or {}
|
self.domain_mapping = config["domain_mapping"] or {}
|
||||||
self.default = config["default"]
|
self.default = config["default"]
|
||||||
|
|
||||||
|
self.can_only_join_rooms_with_invite = config.get(
|
||||||
|
"can_only_join_rooms_with_invite", False,
|
||||||
|
)
|
||||||
|
self.can_only_create_one_to_one_rooms = config.get(
|
||||||
|
"can_only_create_one_to_one_rooms", False,
|
||||||
|
)
|
||||||
|
self.can_only_invite_during_room_creation = config.get(
|
||||||
|
"can_only_invite_during_room_creation", False,
|
||||||
|
)
|
||||||
|
|
||||||
def check_event_for_spam(self, event):
|
def check_event_for_spam(self, event):
|
||||||
"""Implements synapse.events.SpamChecker.check_event_for_spam
|
"""Implements synapse.events.SpamChecker.check_event_for_spam
|
||||||
"""
|
"""
|
||||||
|
@ -52,6 +72,9 @@ class DomainRuleChecker(object):
|
||||||
new_room):
|
new_room):
|
||||||
"""Implements synapse.events.SpamChecker.user_may_invite
|
"""Implements synapse.events.SpamChecker.user_may_invite
|
||||||
"""
|
"""
|
||||||
|
if self.can_only_invite_during_room_creation and not new_room:
|
||||||
|
return False
|
||||||
|
|
||||||
inviter_domain = self._get_domain_from_id(inviter_userid)
|
inviter_domain = self._get_domain_from_id(inviter_userid)
|
||||||
invitee_domain = self._get_domain_from_id(invitee_userid)
|
invitee_domain = self._get_domain_from_id(invitee_userid)
|
||||||
|
|
||||||
|
@ -63,6 +86,13 @@ class DomainRuleChecker(object):
|
||||||
def user_may_create_room(self, userid, invite_list, cloning):
|
def user_may_create_room(self, userid, invite_list, cloning):
|
||||||
"""Implements synapse.events.SpamChecker.user_may_create_room
|
"""Implements synapse.events.SpamChecker.user_may_create_room
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
if cloning:
|
||||||
|
return True
|
||||||
|
|
||||||
|
if self.can_only_create_one_to_one_rooms and len(invite_list) != 1:
|
||||||
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def user_may_create_room_alias(self, userid, room_alias):
|
def user_may_create_room_alias(self, userid, room_alias):
|
||||||
|
@ -75,9 +105,12 @@ class DomainRuleChecker(object):
|
||||||
"""
|
"""
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def user_may_join_room(self, userid, room_id, is_invited, new_room):
|
def user_may_join_room(self, userid, room_id, is_invited):
|
||||||
"""Implements synapse.events.SpamChecker.user_may_join_room
|
"""Implements synapse.events.SpamChecker.user_may_join_room
|
||||||
"""
|
"""
|
||||||
|
if self.can_only_join_rooms_with_invite and not is_invited:
|
||||||
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
|
|
@ -31,13 +31,13 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
||||||
}
|
}
|
||||||
check = DomainRuleChecker(config)
|
check = DomainRuleChecker(config)
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
check.user_may_invite("test:source_one", "test:target_one", "room")
|
check.user_may_invite("test:source_one", "test:target_one", "room", False)
|
||||||
)
|
)
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
check.user_may_invite("test:source_one", "test:target_two", "room")
|
check.user_may_invite("test:source_one", "test:target_two", "room", False)
|
||||||
)
|
)
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
check.user_may_invite("test:source_two", "test:target_two", "room")
|
check.user_may_invite("test:source_two", "test:target_two", "room", False)
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_disallowed(self):
|
def test_disallowed(self):
|
||||||
|
@ -51,16 +51,16 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
||||||
}
|
}
|
||||||
check = DomainRuleChecker(config)
|
check = DomainRuleChecker(config)
|
||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
check.user_may_invite("test:source_one", "test:target_three", "room")
|
check.user_may_invite("test:source_one", "test:target_three", "room", False)
|
||||||
)
|
)
|
||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
check.user_may_invite("test:source_two", "test:target_three", "room")
|
check.user_may_invite("test:source_two", "test:target_three", "room", False)
|
||||||
)
|
)
|
||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
check.user_may_invite("test:source_two", "test:target_one", "room")
|
check.user_may_invite("test:source_two", "test:target_one", "room", False)
|
||||||
)
|
)
|
||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
check.user_may_invite("test:source_four", "test:target_one", "room")
|
check.user_may_invite("test:source_four", "test:target_one", "room", False)
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_default_allow(self):
|
def test_default_allow(self):
|
||||||
|
@ -73,7 +73,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
||||||
}
|
}
|
||||||
check = DomainRuleChecker(config)
|
check = DomainRuleChecker(config)
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
check.user_may_invite("test:source_three", "test:target_one", "room")
|
check.user_may_invite("test:source_three", "test:target_one", "room", False)
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_default_deny(self):
|
def test_default_deny(self):
|
||||||
|
@ -86,7 +86,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
||||||
}
|
}
|
||||||
check = DomainRuleChecker(config)
|
check = DomainRuleChecker(config)
|
||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
check.user_may_invite("test:source_three", "test:target_one", "room")
|
check.user_may_invite("test:source_three", "test:target_one", "room", False)
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_config_parse(self):
|
def test_config_parse(self):
|
||||||
|
|
Loading…
Reference in a new issue