[UNTESTED/ADD] Add more membership in auth rules
Some checks are pending
Compile Telodendria / Compile Telodendria (x86, alpine-v3.19) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86, debian-v12.4) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86, freebsd-v14.0) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86, netbsd-v9.3) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86_64, alpine-v3.19) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86_64, debian-v12.4) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86_64, freebsd-v14.0) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86_64, netbsd-v9.3) (push) Waiting to run
Compile Telodendria / Compile Telodendria (x86_64, openbsd-v7.4) (push) Waiting to run

The only TODO left in this bit is `invite'.
This commit is contained in:
lda 2024-05-15 09:37:31 +02:00
parent aec71d8d32
commit 6a69218479

View file

@ -605,6 +605,73 @@ AuthorizeInviteMembershipV1(Room * room, PduV1 pdu)
return false;
}
static bool
AuthorizeLeaveMembershipV1(Room * room, PduV1 pdu)
{
int64_t ban_level = RoomMinPL(room, pdu.event_id, NULL, "ban");
int64_t kick_level = RoomMinPL(room, pdu.event_id, NULL, "kick");
int64_t sender_level = RoomUserPL(room, pdu.event_id, pdu.sender);
int64_t target_level = RoomUserPL(room, pdu.state_key, pdu.sender);
/* Step 5.4.1: If the sender matches state_key, allow if and only if
* that user's current membership state is invite or join. */
if (StrEquals(pdu.sender, pdu.state_key))
{
return
RoomUserHasMembership(room, pdu.event_id, pdu.sender, "invite") ||
RoomUserHasMembership(room, pdu.event_id, pdu.sender, "join");
}
/* Step 5.4.2: If the sender's current membership state is not join,
* reject. */
if (!RoomUserHasMembership(room, pdu.event_id, pdu.sender, "join"))
{
return false;
}
/* Step 5.4.3: If the target user's current membership state is ban,
* and the sender's power level is less than the ban level, reject. */
if (RoomUserHasMembership(room, pdu.event_id, pdu.state_key, "ban") &&
sender_level < ban_level)
{
return false;
}
/* Step 5.4.4: If the sender's power level is greater than or equal to
* the kick level, and the target user's power level is less than the
* sender's power level, allow. */
if ((sender_level >= kick_level) && target_level < sender_level)
{
return true;
}
/* Step 5.4.5: Otherwise, reject. */
return false;
}
static bool
AuthorizeBanMembershipV1(Room * room, PduV1 pdu)
{
int64_t ban_pl, pdu_pl, target_pl;
/* Step 5.5.1: If the sender's current membership state is not join, reject. */
if (!RoomUserHasMembership(room, pdu.event_id, pdu.sender, "join"))
{
return false;
}
/* Step 5.5.2: If the sender's power level is greater than or equal
* to the ban level, and the target user's power level is less than
* the sender's power level, allow. */
ban_pl = RoomMinPL(room, pdu.event_id, NULL, "ban");
pdu_pl = RoomUserPL(room, pdu.event_id, pdu.sender);
target_pl = RoomUserPL(room, pdu.state_key, pdu.sender);
if ((pdu_pl >= ban_pl) && (target_pl < pdu_pl))
{
return true;
}
/* Step 5.5.3: Otherwise, reject. */
return false;
}
static bool
AuthorizeJoinMembershipV1(Room * room, PduV1 pdu)
{
/* Step 5.2.1: If the only previous event is an m.room.create and the
@ -687,9 +754,15 @@ AuthoriseMemberV1(Room * room, PduV1 pdu)
/* Step 5.2: If membership is join. */
JumpIfMembership("join", AuthorizeJoinMembershipV1);
/* Step 5.3: If membership is invite. */
/* Step 5.3: If membership is invite. TODO */
JumpIfMembership("invite", AuthorizeInviteMembershipV1);
/* Step 5.4: If membership is leave. */
JumpIfMembership("leave", AuthorizeLeaveMembershipV1);
/* Step 5.5: If membership is ban. */
JumpIfMembership("ban", AuthorizeBanMembershipV1);
/* Step 5.6: Otherwise, the membership is unknown. Reject. */
return false;
#undef JumpIfMembership