Actually remove restrictions on 'public' join_rules

matrix-org · Sep 11, 2020 · 93f1b02 · 93f1b02
1 parent aab785a
commit 93f1b02
Showing 1 changed file with 3 additions and 24 deletions.
diff --git a/synapse/third_party_rules/access_rules.py b/synapse/third_party_rules/access_rules.py
@@ -17,7 +17,7 @@
 
 from twisted.internet import defer
 
-from synapse.api.constants import EventTypes, JoinRules, Membership, RoomCreationPreset
+from synapse.api.constants import EventTypes, Membership, RoomCreationPreset
 from synapse.api.errors import SynapseError
 from synapse.config._base import ConfigError
 from synapse.events import EventBase
@@ -383,12 +383,6 @@ async def _on_rules_change(
         if new_rule not in VALID_ACCESS_RULES:
             return False
 
-        # We must not allow rooms with the "public" join rule to be given any other access
-        # rule than "restricted".
-        join_rule = self._get_join_rule_from_state(state_events)
-        if join_rule == JoinRules.PUBLIC and new_rule != AccessRules.RESTRICTED:
-            return False
-
         # Make sure we don't apply "direct" if the room has more than two members.
         if new_rule == AccessRules.DIRECT:
             existing_members, threepid_tokens = self._get_members_and_tokens_from_state(
@@ -602,20 +596,8 @@ def _is_power_level_content_allowed(
 
     def _on_join_rule_change(self, event: EventBase, rule: str) -> bool:
         """Check whether a join rule change is allowed. A join rule change is always
-        allowed unless the new join rule is "public" and the current access rule isn't
-        "restricted".
-
-        The rationale is that external users (those whose server would be denied access
-        to rooms enforcing the "restricted" access rule) should always rely on non-
-        external users for access to rooms, therefore they shouldn't be able to access
-        rooms that don't require an invite to be joined.
-
-        Note that we currently rely on the default access rule being "restricted": during
-        room creation, the m.room.join_rules event will be sent *before* the
-        im.vector.room.access_rules one, so the access rule that will be considered here
-        in this case will be the default "restricted" one. This is fine since the
-        "restricted" access rule allows any value for the join rule, but we should keep
-        that in mind if we need to change the default access rule in the future.
+        allowed. This used to be denied in the case of when the new join rule is
+        "public" and the current access rule isn't "restricted".
 
         Args:
             event: The event to check.
@@ -624,9 +606,6 @@ def _on_join_rule_change(self, event: EventBase, rule: str) -> bool:
         Returns:
             Whether the change is allowed.
         """
-        if event.content.get("join_rule") == JoinRules.PUBLIC:
-            return rule == AccessRules.RESTRICTED
-
         return True
 
     def _on_room_avatar_change(self, event: EventBase, rule: str) -> bool: