backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-17 15:51:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove admin room membership checks

Browse source 
All of these states can be recovered from by logging in as the admin
bot, so there's no point in preventing these things from happening. Also
it will cause problems when the admin bot user ID can change.
This commit is contained in:
Charles Hall 2024-09-27 13:12:14 -07:00
parent 287f6b9163
commit 12f2f89f81
No known key found for this signature in database
GPG key ID: 7B8E0645816E07CF
1 changed files with 8 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

116
src/service/rooms/timeline.rs
View file

@ -884,114 +884,14 @@ impl Service {
let (pdu, pdu_json) =
self.create_hash_and_sign_event(pdu_builder, sender, room_id)?;
if let Some(admin_room) = services().admin.get_admin_room()? {
if admin_room == **room_id {
match pdu.event_type() {
TimelineEventType::RoomEncryption => {
warn!("Encryption is not allowed in the admins room");
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Encryption is not allowed in the admins room.",
));
}
TimelineEventType::RoomMember => {
#[derive(Deserialize)]
struct ExtractMembership {
membership: MembershipState,
}
let target = pdu
.state_key()
.filter(|v| v.starts_with('@'))
.unwrap_or(sender.as_str());
let server_name = services().globals.server_name();
let server_user = format!(
"@{}:{server_name}",
if services().globals.config.conduit_compat {
"conduit"
} else {
"grapevine"
},
);
let content =
serde_json::from_str::<ExtractMembership>(
pdu.content.get(),
)
.map_err(|_| {
Error::bad_database("Invalid content in pdu.")
})?;
if content.membership == MembershipState::Leave {
if target == server_user {
warn!(
"Grapevine user cannot leave from admins \
room"
);
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Grapevine user cannot leave from admins \
room.",
));
}
let count = services()
.rooms
.state_cache
.room_members(room_id)
.filter_map(Result::ok)
.filter(|m| m.server_name() == server_name)
.filter(|m| m != target)
.count();
if count < 2 {
warn!(
"Last admin cannot leave from admins room"
);
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Last admin cannot leave from admins room.",
));
}
}
if content.membership == MembershipState::Ban
&& pdu.state_key().is_some()
{
if target == server_user {
warn!(
"Grapevine user cannot be banned in \
admins room"
);
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Grapevine user cannot be banned in \
admins room.",
));
}
let count = services()
.rooms
.state_cache
.room_members(room_id)
.filter_map(Result::ok)
.filter(|m| m.server_name() == server_name)
.filter(|m| m != target)
.count();
if count < 2 {
warn!(
"Last admin cannot be banned in admins \
room"
);
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Last admin cannot be banned in admins \
room.",
));
}
}
}
_ => {}
}
}
if services().admin.get_admin_room()?.is_some_and(|x| x == **room_id)
&& pdu.event_type() == &TimelineEventType::RoomEncryption
{
warn!("Encryption is not allowed in the admins room");
return Err(Error::BadRequest(
ErrorKind::forbidden(),
"Encryption is not allowed in the admins room.",
));
}
// If redaction event is not authorized, do not append it to the