Can create public room while "room_list_publication_rules: deny" when "alias_creation_rules: allow"

[Lighti123]

Hello!

i have the following problem and think it is a bug:
I want my users to be able to create a room and set an alias for it, but prohibit them to set the room public in the public server room list.

For this i set the following options in my own Matrix-Synapse 1.12.0 installation in the homeserver.yaml:

alias_creation_rules:
  - user_id: "*"
    alias: "*"
    room_id: "*"
    action: allow

room_list_publication_rules:
  - user_id: "*"
    alias: "*"
    room_id: "*"
    action: deny

With this setting, my users:
Can create an alias for an existing room, but can not make it public

But:
They can create a NEW room and set the option "public" and give it an alias.
The room then is created and appears in the server public room list.

After creation, you can set the option "public" for the room setting off again, but not on again like it should be.

Tested with Riot.IM Web 15.12 and Riot.App 15.14.

With the Riot.IM for iOS it works as it should.

With "alias_creation_rules: action: deny" it works as it should:
Users can not create public rooms nor set them public after creation (and no aliases, of course)

Thanks!

[clokep]

Thanks for the report @Lighti123. I was able to reproduce this and it sounds like a bug to me.

[PeerD]

Hi! I'm having a similar issue. On my homeserver both aliases and public listings should be limited to the admin user. But today a normal member created a public listed room (with no alias, this seems to work).

This is my config:

alias_creation_rules:
  - user_id: "@admin:matrix.domain.tld"
    alias: "*"
    room_id: "*"
    action: allow

room_list_publication_rules:
  - user_id: "@admin:matrix.domain.tld"
    alias: "*"
    room_id: "*"
    action: allow

It seems to me the room_list_publication_rules is currently just ignored. This used to work as I tested it on an older version but it seems the update to 1.12.3 broke this.

[Lighti123]

I can confirm this:

alias_creation_rules:
  - user_id: "*"
    alias: "*"
    room_id: "*"
    action: deny

room_list_publication_rules:
  - user_id: "*"
    alias: "*"
    room_id: "*"
    action: deny

but every user can freely create public rooms!

[Lighti123]

addendum:
on my test server the options are ignored like written above.
on my production server it works as it should. i can not publish rooms or aliases.

I don't understand it but also don't want to play with the production server.

@PeerD as a kind of workaround you can disable public room searching...

[PeerD]

Well, we want and have publicly listed rooms. We just don't want regular users to add them to the directory. So disabling them completly is not an option for us.

[PeerD]

It seems that is_publishing_room_allowed is not checked at all while creating a new room. Once a room is created and an unauthorized user tries to publish it, it fails properly. But during creation everybody can publish.

[clokep]

Fixed by #7260.