Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(Attempt to) Fix event authorization rules to allow first Power Levels events to be injected in the room #1052

Closed
wants to merge 3 commits into from
Closed

(Attempt to) Fix event authorization rules to allow first Power Levels events to be injected in the room #1052

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d55b901
Clarify that only entries of existing PLs in current state are checked
Nov 2, 2017
7670b91
Fix typo
Nov 2, 2017
bf4bd45
Revised version following feedback
Nov 4, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions specification/server_server_api.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -569,14 +569,14 @@ the state of the room.
``state_default``, ``ban``, ``redact``, ``kick``, ``invite``, as well as
each entry being changed under the ``events`` or ``users`` keys:

i. If the current value is higher than the ``sender``'s current power level,
reject.
i. If the prior existing current value is higher than the ``sender``'s
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again, no. Even if the current value is not specified explicitly (so is inferred from the defaults), it may be higher than the sender's level, in which case it should be rejected.

Copy link
Contributor Author

@maxidorius maxidorius Nov 5, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That extra commit wasn't for review, I wanted to share with someone else and since the branch is in the PR, everything shows :(
There is no fixing the logic without handling it as a special case, for sure.

current power level, reject.

#. If the new value is higher than the ``sender``'s current power level,
reject.

#. For each entry being changed under the ``users`` key, other than the
``sender``'s own entry:
#. For each prior existing entry being changed under the ``users`` key, other
than the ``sender``'s own entry:

i. If the current value is equal to the ``sender``'s current power level,
reject.
Expand Down