mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-21 20:24:32 +03:00
Add rules to DomainRuleChecker
This commit is contained in:
parent
feae387576
commit
68a9d1fc34
2 changed files with 44 additions and 11 deletions
|
@ -34,7 +34,17 @@ class DomainRuleChecker(object):
|
|||
"inviter_domain": [ "invitee_domain_permitted", "other_domain_permitted" ]
|
||||
"other_inviter_domain": [ "invitee_domain_permitted" ]
|
||||
default: False
|
||||
}
|
||||
|
||||
# Only let local users join rooms if they were explicitly invited.
|
||||
can_only_join_rooms_with_invite: false
|
||||
|
||||
# Only let local users create rooms if they are inviting only one
|
||||
# other user, and that user matches the rules above.
|
||||
can_only_create_one_to_one_rooms: false
|
||||
|
||||
# Only let local users invite during room creation, regardless of the
|
||||
# domain mapping rules above.
|
||||
can_only_invite_during_room_creation: false
|
||||
|
||||
Don't forget to consider if you can invite users from your own domain.
|
||||
"""
|
||||
|
@ -43,6 +53,16 @@ class DomainRuleChecker(object):
|
|||
self.domain_mapping = config["domain_mapping"] or {}
|
||||
self.default = config["default"]
|
||||
|
||||
self.can_only_join_rooms_with_invite = config.get(
|
||||
"can_only_join_rooms_with_invite", False,
|
||||
)
|
||||
self.can_only_create_one_to_one_rooms = config.get(
|
||||
"can_only_create_one_to_one_rooms", False,
|
||||
)
|
||||
self.can_only_invite_during_room_creation = config.get(
|
||||
"can_only_invite_during_room_creation", False,
|
||||
)
|
||||
|
||||
def check_event_for_spam(self, event):
|
||||
"""Implements synapse.events.SpamChecker.check_event_for_spam
|
||||
"""
|
||||
|
@ -52,6 +72,9 @@ class DomainRuleChecker(object):
|
|||
new_room):
|
||||
"""Implements synapse.events.SpamChecker.user_may_invite
|
||||
"""
|
||||
if self.can_only_invite_during_room_creation and not new_room:
|
||||
return False
|
||||
|
||||
inviter_domain = self._get_domain_from_id(inviter_userid)
|
||||
invitee_domain = self._get_domain_from_id(invitee_userid)
|
||||
|
||||
|
@ -63,6 +86,13 @@ class DomainRuleChecker(object):
|
|||
def user_may_create_room(self, userid, invite_list, cloning):
|
||||
"""Implements synapse.events.SpamChecker.user_may_create_room
|
||||
"""
|
||||
|
||||
if cloning:
|
||||
return True
|
||||
|
||||
if self.can_only_create_one_to_one_rooms and len(invite_list) != 1:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def user_may_create_room_alias(self, userid, room_alias):
|
||||
|
@ -75,9 +105,12 @@ class DomainRuleChecker(object):
|
|||
"""
|
||||
return True
|
||||
|
||||
def user_may_join_room(self, userid, room_id, is_invited, new_room):
|
||||
def user_may_join_room(self, userid, room_id, is_invited):
|
||||
"""Implements synapse.events.SpamChecker.user_may_join_room
|
||||
"""
|
||||
if self.can_only_join_rooms_with_invite and not is_invited:
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
@staticmethod
|
||||
|
|
|
@ -31,13 +31,13 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
|||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertTrue(
|
||||
check.user_may_invite("test:source_one", "test:target_one", "room")
|
||||
check.user_may_invite("test:source_one", "test:target_one", "room", False)
|
||||
)
|
||||
self.assertTrue(
|
||||
check.user_may_invite("test:source_one", "test:target_two", "room")
|
||||
check.user_may_invite("test:source_one", "test:target_two", "room", False)
|
||||
)
|
||||
self.assertTrue(
|
||||
check.user_may_invite("test:source_two", "test:target_two", "room")
|
||||
check.user_may_invite("test:source_two", "test:target_two", "room", False)
|
||||
)
|
||||
|
||||
def test_disallowed(self):
|
||||
|
@ -51,16 +51,16 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
|||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertFalse(
|
||||
check.user_may_invite("test:source_one", "test:target_three", "room")
|
||||
check.user_may_invite("test:source_one", "test:target_three", "room", False)
|
||||
)
|
||||
self.assertFalse(
|
||||
check.user_may_invite("test:source_two", "test:target_three", "room")
|
||||
check.user_may_invite("test:source_two", "test:target_three", "room", False)
|
||||
)
|
||||
self.assertFalse(
|
||||
check.user_may_invite("test:source_two", "test:target_one", "room")
|
||||
check.user_may_invite("test:source_two", "test:target_one", "room", False)
|
||||
)
|
||||
self.assertFalse(
|
||||
check.user_may_invite("test:source_four", "test:target_one", "room")
|
||||
check.user_may_invite("test:source_four", "test:target_one", "room", False)
|
||||
)
|
||||
|
||||
def test_default_allow(self):
|
||||
|
@ -73,7 +73,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
|||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertTrue(
|
||||
check.user_may_invite("test:source_three", "test:target_one", "room")
|
||||
check.user_may_invite("test:source_three", "test:target_one", "room", False)
|
||||
)
|
||||
|
||||
def test_default_deny(self):
|
||||
|
@ -86,7 +86,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
|
|||
}
|
||||
check = DomainRuleChecker(config)
|
||||
self.assertFalse(
|
||||
check.user_may_invite("test:source_three", "test:target_one", "room")
|
||||
check.user_may_invite("test:source_three", "test:target_one", "room", False)
|
||||
)
|
||||
|
||||
def test_config_parse(self):
|
||||
|
|
Loading…
Reference in a new issue