✨ Restrict settable room access levels#1444
Open
diaxoaine wants to merge 2 commits into
Open
Conversation
Add RESOURCE_ALLOWED_ACCESS_LEVELS so instance operators can limit which room access levels users may set, including room owners and admins. Enforce the allow-list through the room serializer on create and update, and fail fast when RESOURCE_DEFAULT_ACCESS_LEVEL is outside the allowed set to avoid invalid default-room creation.
Only show the access levels the instance allows in the room access picker, instead of always listing all of them.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Instance operators can set the default room access level, but room owners and admins can still create or update a room with any access level, including
public, so operators can't enforce an instance-wide policy such as forbidding fully public rooms.Proposal
Add a
RESOURCE_ALLOWED_ACCESS_LEVELSallow-list, defaulting to all current levels, enforced through the room API on create and update. The allow-list is exposed via the config endpoint, and the room access settings hide the options that aren't allowed.Closes #1076