From e34f406cfd1ded69fb5c7d66321631679dac7ff6 Mon Sep 17 00:00:00 2001
From: "H. Shay" <hillerys@element.io>
Date: Mon, 11 Dec 2023 20:06:34 -0800
Subject: [PATCH] block non-admins from publishing to room directory

---
 synapse/handlers/room.py         |  4 +++-
 synapse/rest/client/directory.py | 10 ++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index 2823ca6f0d..c391ab8f4a 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -871,7 +871,9 @@ class RoomCreationHandler:
 
         # The spec says rooms should default to private visibility if
         # `visibility` is not specified.
-        visibility = config.get("visibility", "private")
+        #visibility = config.get("visibility", "private")
+        # temporarily block publishing rooms to directory - patch date 12/12/23
+        visibility = "private"
         is_public = visibility == "public"
 
         self._validate_room_config(config, visibility)
diff --git a/synapse/rest/client/directory.py b/synapse/rest/client/directory.py
index 3534c3c259..0d16758f85 100644
--- a/synapse/rest/client/directory.py
+++ b/synapse/rest/client/directory.py
@@ -159,6 +159,16 @@ class ClientDirectoryListServer(RestServlet):
 
         content = parse_and_validate_json_object_from_request(request, self.PutBody)
 
+        # temporarily block publishing rooms to public directory for non-admins
+        # patch date 12/12/23
+        if content.visibility == "public":
+            is_admin = await self.is_server_admin(requester)
+            if not is_admin:
+                raise AuthError(
+                    403,
+                    "Publishing rooms to the room list is temporarily disabled.",
+                )
+
         await self.directory_handler.edit_published_room_list(
             requester, room_id, content.visibility
         )