Clarify the maximum value of room power levels #5
Comments
digitalentity
added
the
clarification
|
fwiw, the maximum power level is defined by the maximum allowable integer by canonical json |
|
That's correct, but we should probably explicitly specify that it's safe and allowed to use levels higher than 100 to make sure certain server implementations don't cap the power level to that value. |
|
While we're at it, we should also be more explicit about the minimum power level. |
|
Related: #853 |
I spent a while yesterday scratching my head about how this was possible given the auth rules, so to write it down: the first Referencing the auth rules in https://spec.matrix.org/v1.6/rooms/v10/#authorization-rules: normally, this is restricted by some combination of 9.8.1 and 9.9.1, which stop the sending user elevating another user's power level above their own, or elevating their own power level above its current value. However, those rules don't apply for the first PL event in the room, thanks to rule 9.4 ("If there is no previous |
Link to problem area:
https://spec.matrix.org/v1.2/client-server-api/#mroompower_levels
Issue
The spec doesn't specify the maximum possible power level. The room creator power level is specified as 100, but the documentation doesn't say if a higher value is allowed (i.e. set by automation to disallow certain actions even for room creator/admin).
This is used by https://github.com/digitalentity/matrix_encryption_disabler and fhirfactory/pegacorn-communicate-roomserver#7 to disable the room encryption for certain use-cases, but since it's not documented in the spec it might be considered unsafe.
Fix
Document the valid rande for room power level. The reasonable could be i.e.
[0; 255]to match theuint8type (which would also fit into a single byte for bandwidth-efficient binary encoding and transport protocols if necessary).The text was updated successfully, but these errors were encountered: