Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC2209: Alter auth rules to check notifications in m.room.power_levels #2209

Open
wants to merge 3 commits into
base: master
from

Conversation

@lucavb
Copy link
Contributor

commented Aug 1, 2019

The key notifications was added to the m.room.power_levels event after the finalisation of the auth rules specified in room version 1. This leads to the fact, that this dictionary is not subject to the same validation as other dictionaries in the event, such as users or events. This especially means that Alice is able to alter any entry within the dictionary including ones, that are above her own power level, which is inconsistent with the behaviour for the other two dictionaries.

m.room.power_levels
room version 1

rendered

Related

Issue 2198

Signed-off-by: Luca Becker luca.becker@me.com

@lucavb lucavb force-pushed the lucavb:master branch from baa7220 to 2479b40 Aug 1, 2019

@lucavb lucavb changed the title MSC2198: Alter auth rules to check notifications in m.room.power_levels MSC2209: Alter auth rules to check notifications in m.room.power_levels Aug 1, 2019

@lucavb lucavb force-pushed the lucavb:master branch from 2479b40 to ec37fe4 Aug 1, 2019

@turt2live turt2live self-requested a review Aug 1, 2019

@uhoreg
Copy link
Member

left a comment

Thanks for writing this up.

@turt2live
Copy link
Member

left a comment

seems sensible to me, thanks!

@KitsuneRal
Copy link
Member

left a comment

Aside from a formatting nitpick it looks a no-brainer to merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.