mirror of
https://github.com/element-hq/synapse
synced 2024-10-02 08:02:41 +00:00
Skip strict state_key rule when MSC3779 is enabled
When the MSC is enabled, do not reject all events with a state_key beginning with @ but not equal to the sender, as that overrides the desired rule to allow the state key to have an optional suffix.
This commit is contained in:
parent
bc079d17e1
commit
9a9257c2be
1 changed files with 3 additions and 2 deletions
|
@ -808,11 +808,12 @@ def get_send_level(
|
||||||
def _can_send_event(event: "EventBase", auth_events: StateMap["EventBase"]) -> bool:
|
def _can_send_event(event: "EventBase", auth_events: StateMap["EventBase"]) -> bool:
|
||||||
power_levels_event = get_power_level_event(auth_events)
|
power_levels_event = get_power_level_event(auth_events)
|
||||||
|
|
||||||
|
uses_owned_state_events = event.room_version is RoomVersions.MSC3779v10
|
||||||
send_level = get_send_level(
|
send_level = get_send_level(
|
||||||
event.type,
|
event.type,
|
||||||
event.get("state_key"),
|
event.get("state_key"),
|
||||||
power_levels_event,
|
power_levels_event,
|
||||||
event.user_id if event.room_version is RoomVersions.MSC3779v10 else None,
|
event.user_id if uses_owned_state_events else None,
|
||||||
)
|
)
|
||||||
user_level = get_user_power_level(event.user_id, auth_events)
|
user_level = get_user_power_level(event.user_id, auth_events)
|
||||||
|
|
||||||
|
@ -826,7 +827,7 @@ def _can_send_event(event: "EventBase", auth_events: StateMap["EventBase"]) -> b
|
||||||
|
|
||||||
# Check state_key
|
# Check state_key
|
||||||
if hasattr(event, "state_key"):
|
if hasattr(event, "state_key"):
|
||||||
if event.state_key.startswith("@"):
|
if not uses_owned_state_events and event.state_key.startswith("@"):
|
||||||
if event.state_key != event.user_id:
|
if event.state_key != event.user_id:
|
||||||
raise AuthError(403, "You are not allowed to set others state")
|
raise AuthError(403, "You are not allowed to set others state")
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue