-
-
Notifications
You must be signed in to change notification settings - Fork 3
Rework room freeze and implement unfreezing the room #100
Conversation
Failing CI is blocked on #99 |
so every user gets a PL of 100? this seems a curious choice. |
It seems like the only way to let someone name themselves as the new admin of the room (in the process of unfreezing it) |
yeah fair enough. It just feels a bit surprising that anyone can now come in and take over the room. But maybe that is the intention? |
Yep exactly (see https://github.com/matrix-org/matrix-dinsic/issues/703 which states "any existing member can take the administration of the room") |
…artyEventRules` module (#10316) Because modules might send extra state events when processing an event (e.g. matrix-org/synapse-dinsic#100), and in some cases these extra events might get dropped if we don't recalculate the initial event's auth.
Otherwise we end up poisoning the event cache since we're getting a reference when assigning (and so we're modifying the same content that's in the cache for that event).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still a few changes needed from the previous review.
Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
A feature we currently have in the
RoomAccessRules
module is the ability to "freeze" room when the last admin has left it (#59). Freezing the room means changing the room's rules in a way that prevents anyone from sending messages in the room except for leaving or taking over and unfreezing the room.The current solution for freezing a room doesn't allow the room to be unfrozen. This is because the Matrix spec explicitly forbids a user to change their own power level, or someone else's, to a higher value than their current one. As per https://spec.matrix.org/unstable/rooms/v1/#authorization-rules:
This means that from a Matrix perspective the room is effectively broken, because even if the power level event allows anyone to send a new
m.room.power_levels
event, whoever sends it won't be able to change its content. This means unfreezing can't work.This means the room freezing feature needs to be changed in the following way:
io.element.room.frozen
, is defined. Its content is{"frozen": [...]}
, withfrozen
a boolean indicating whether the room is frozen, defaulting tofalse
.user_default
key to 100 (rather than sending a brand new event with every permission up'd to 100), and removing any user whose PL isn't specifically set to 100 in theusers
object (in order to not prevent them from being able to unfreeze and take over the roomio.element.room.frozen
'sfrozen
key in the room's state, setting it totrue
RoomAccessRules
module forbids new events (except for leaving or unfreezing the room - see below for how the latter is defined) iffrozen
istrue
frozen
istrue
in the room's state:Admin
in the room list - settinguser_default
to 100 will have the side-effect of showing every user as admin in the room list, and I think clients should hide that to avoid any confusion around the current state of the room.Additionally, freezing the room would set its join rules to
invite
.This would then allow unfreezing a room by sending a new power level events that:
user_default
key back to 0Here's how this PR implements it:
RoomAccessRules
module sends aio.element.room.frozen
event; this in turns triggers a power levels update to be sentio.element.room.frozen
event manually, the module updates the power levels event accordinglyFuture work (out of scope for this PR) include:
ThirdPartyEventRules
interface to the new generic modules system first, since we'd then need to run two modules with this interface for synapse-dinsic)