mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-12-22 04:34:28 +03:00
Code Issues Projects Releases Packages Wiki Activity

Add rules to DomainRuleChecker

Browse source
This commit is contained in:
Erik Johnston 2019-03-18 15:45:27 +00:00
parent feae387576
commit 68a9d1fc34
2 changed files with 44 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
synapse/rulecheck/domain_rule_checker.py
View file

@ -34,7 +34,17 @@ class DomainRuleChecker(object):
"inviter_domain": [ "invitee_domain_permitted", "other_domain_permitted" ] "inviter_domain": [ "invitee_domain_permitted", "other_domain_permitted" ]
"other_inviter_domain": [ "invitee_domain_permitted" ] "other_inviter_domain": [ "invitee_domain_permitted" ]
default: False default: False
}
# Only let local users join rooms if they were explicitly invited.
can_only_join_rooms_with_invite: false
# Only let local users create rooms if they are inviting only one
# other user, and that user matches the rules above.
can_only_create_one_to_one_rooms: false
# Only let local users invite during room creation, regardless of the
# domain mapping rules above.
can_only_invite_during_room_creation: false
Don't forget to consider if you can invite users from your own domain. Don't forget to consider if you can invite users from your own domain.
""" """
@ -43,6 +53,16 @@ class DomainRuleChecker(object):
self.domain_mapping = config["domain_mapping"] or {} self.domain_mapping = config["domain_mapping"] or {}
self.default = config["default"] self.default = config["default"]
self.can_only_join_rooms_with_invite = config.get(
"can_only_join_rooms_with_invite", False,
)
self.can_only_create_one_to_one_rooms = config.get(
"can_only_create_one_to_one_rooms", False,
)
self.can_only_invite_during_room_creation = config.get(
"can_only_invite_during_room_creation", False,
)
def check_event_for_spam(self, event): def check_event_for_spam(self, event):
"""Implements synapse.events.SpamChecker.check_event_for_spam """Implements synapse.events.SpamChecker.check_event_for_spam
""" """
@ -52,6 +72,9 @@ class DomainRuleChecker(object):
new_room): new_room):
"""Implements synapse.events.SpamChecker.user_may_invite """Implements synapse.events.SpamChecker.user_may_invite
""" """
if self.can_only_invite_during_room_creation and not new_room:
return False
inviter_domain = self._get_domain_from_id(inviter_userid) inviter_domain = self._get_domain_from_id(inviter_userid)
invitee_domain = self._get_domain_from_id(invitee_userid) invitee_domain = self._get_domain_from_id(invitee_userid)
@ -63,6 +86,13 @@ class DomainRuleChecker(object):
def user_may_create_room(self, userid, invite_list, cloning): def user_may_create_room(self, userid, invite_list, cloning):
"""Implements synapse.events.SpamChecker.user_may_create_room """Implements synapse.events.SpamChecker.user_may_create_room
""" """
if cloning:
return True
if self.can_only_create_one_to_one_rooms and len(invite_list) != 1:
return False
return True return True
def user_may_create_room_alias(self, userid, room_alias): def user_may_create_room_alias(self, userid, room_alias):
@ -75,9 +105,12 @@ class DomainRuleChecker(object):
""" """
return True return True
def user_may_join_room(self, userid, room_id, is_invited, new_room): def user_may_join_room(self, userid, room_id, is_invited):
"""Implements synapse.events.SpamChecker.user_may_join_room """Implements synapse.events.SpamChecker.user_may_join_room
""" """
if self.can_only_join_rooms_with_invite and not is_invited:
return False
return True return True
@staticmethod @staticmethod

18
tests/rulecheck/test_domainrulecheck.py
View file

@ -31,13 +31,13 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
} }
check = DomainRuleChecker(config) check = DomainRuleChecker(config)
self.assertTrue( self.assertTrue(
check.user_may_invite("test:source_one", "test:target_one", "room") check.user_may_invite("test:source_one", "test:target_one", "room", False)
) )
self.assertTrue( self.assertTrue(
check.user_may_invite("test:source_one", "test:target_two", "room") check.user_may_invite("test:source_one", "test:target_two", "room", False)
) )
self.assertTrue( self.assertTrue(
check.user_may_invite("test:source_two", "test:target_two", "room") check.user_may_invite("test:source_two", "test:target_two", "room", False)
) )
def test_disallowed(self): def test_disallowed(self):
@ -51,16 +51,16 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
} }
check = DomainRuleChecker(config) check = DomainRuleChecker(config)
self.assertFalse( self.assertFalse(
check.user_may_invite("test:source_one", "test:target_three", "room") check.user_may_invite("test:source_one", "test:target_three", "room", False)
) )
self.assertFalse( self.assertFalse(
check.user_may_invite("test:source_two", "test:target_three", "room") check.user_may_invite("test:source_two", "test:target_three", "room", False)
) )
self.assertFalse( self.assertFalse(
check.user_may_invite("test:source_two", "test:target_one", "room") check.user_may_invite("test:source_two", "test:target_one", "room", False)
) )
self.assertFalse( self.assertFalse(
check.user_may_invite("test:source_four", "test:target_one", "room") check.user_may_invite("test:source_four", "test:target_one", "room", False)
) )
def test_default_allow(self): def test_default_allow(self):
@ -73,7 +73,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
} }
check = DomainRuleChecker(config) check = DomainRuleChecker(config)
self.assertTrue( self.assertTrue(
check.user_may_invite("test:source_three", "test:target_one", "room") check.user_may_invite("test:source_three", "test:target_one", "room", False)
) )
def test_default_deny(self): def test_default_deny(self):
@ -86,7 +86,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
} }
check = DomainRuleChecker(config) check = DomainRuleChecker(config)
self.assertFalse( self.assertFalse(
check.user_may_invite("test:source_three", "test:target_one", "room") check.user_may_invite("test:source_three", "test:target_one", "room", False)
) )
def test_config_parse(self): def test_config_parse(self):