From eaf4d11af9da7d6d9ce71cb83f70424bb38e0703 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 14 Feb 2019 16:02:23 +0000 Subject: [PATCH 1/9] Add configurable room list publishing rules This allows specifying who and what is allowed to be published onto the public room list --- synapse/config/room_directory.py | 94 +++++++++++++++++++++++------ synapse/handlers/directory.py | 29 +++++++-- synapse/storage/state.py | 25 ++++++++ tests/config/test_room_directory.py | 73 ++++++++++++++++++++++ tests/handlers/test_directory.py | 1 + 5 files changed, 200 insertions(+), 22 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index 9da13ab11..a0869ed6a 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -23,70 +23,121 @@ class RoomDirectoryConfig(Config): alias_creation_rules = config["alias_creation_rules"] self._alias_creation_rules = [ - _AliasRule(rule) + _RoomDirectoryRule("alias_creation_rules", rule) for rule in alias_creation_rules ] + room_list_publication_rules = config["room_list_publication_rules"] + + self._room_list_publication_rules = [ + _RoomDirectoryRule("room_list_publication_rules", rule) + for rule in room_list_publication_rules + ] + def default_config(self, config_dir_path, server_name, **kwargs): return """ # The `alias_creation` option controls who's allowed to create aliases # on this server. # # The format of this option is a list of rules that contain globs that - # match against user_id and the new alias (fully qualified with server - # name). The action in the first rule that matches is taken, which can - # currently either be "allow" or "deny". + # match against user_id, room_id and the new alias (fully qualified with + # server name). The action in the first rule that matches is taken, + # which can currently either be "allow" or "deny". + # + # Missing user_id/room_id/alias fields default to "*". # # If no rules match the request is denied. alias_creation_rules: - user_id: "*" - alias: "*" + alias: "*" # This matches alias being created + room_id: "*" + action: allow + + # The `room_list_publication_rules` option control who and what can be + # published in the public room list. + # + # The format of this option is the same as that for + # `alias_creation_rules` + room_list_publication_rules: + - user_id: "*" + alias: "*" # This matches any local or canonical alias + # associated with the room + room_id: "*" action: allow """ - def is_alias_creation_allowed(self, user_id, alias): + def is_alias_creation_allowed(self, user_id, room_id, alias): """Checks if the given user is allowed to create the given alias Args: user_id (str) + room_id (str) alias (str) Returns: boolean: True if user is allowed to crate the alias """ for rule in self._alias_creation_rules: - if rule.matches(user_id, alias): + if rule.matches(user_id, room_id, [alias]): + return rule.action == "allow" + + return False + + def is_publishing_room_allowed(self, user_id, room_id, aliases): + """Checks if the given user is allowed to publish the room + + Args: + user_id (str) + room_id (str) + aliases (list[str]): any local aliases associated with the room + + Returns: + boolean: True if user can publish room + """ + for rule in self._room_list_publication_rules: + if rule.matches(user_id, room_id, aliases): return rule.action == "allow" return False -class _AliasRule(object): - def __init__(self, rule): +class _RoomDirectoryRule(object): + """Helper class to test whether a room directory action is allowed, like + creating an alias or publishing a room. + """ + + def __init__(self, option_name, rule): action = rule["action"] - user_id = rule["user_id"] - alias = rule["alias"] + user_id = rule.get("user_id", "*") + room_id = rule.get("room_id", "*") + alias = rule.get("alias", "*") if action in ("allow", "deny"): self.action = action else: raise ConfigError( - "alias_creation_rules rules can only have action of 'allow'" - " or 'deny'" + "%s rules can only have action of 'allow'" + " or 'deny'" % (option_name,) ) + self._alias_matches_all = alias == "*" + try: self._user_id_regex = glob_to_regex(user_id) self._alias_regex = glob_to_regex(alias) + self._room_id_regex = glob_to_regex(room_id) except Exception as e: raise ConfigError("Failed to parse glob into regex: %s", e) - def matches(self, user_id, alias): - """Tests if this rule matches the given user_id and alias. + def matches(self, user_id, room_id, aliases): + """Tests if this rule matches the given user_id, room_id and aliases. Args: user_id (str) - alias (str) + room_id (str) + aliases (list[str]): The associated aliases to the room. Will be a + single element for testing alias creation, and can be empty for + testing room publishing. Returns: boolean @@ -96,7 +147,16 @@ class _AliasRule(object): if not self._user_id_regex.match(user_id): return False - if not self._alias_regex.match(alias): + # If we are not given any aliases then this rule only matches if the + # alias glob matches all aliases + if not aliases and not self._alias_matches_all: + return False + + for alias in aliases: + if not self._alias_regex.match(alias): + return False + + if not self._room_id_regex.match(room_id): return False return True diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py index 6bb254f89..e5319b42a 100644 --- a/synapse/handlers/directory.py +++ b/synapse/handlers/directory.py @@ -112,7 +112,9 @@ class DirectoryHandler(BaseHandler): 403, "This user is not permitted to create this alias", ) - if not self.config.is_alias_creation_allowed(user_id, room_alias.to_string()): + if not self.config.is_alias_creation_allowed( + user_id, room_id, room_alias.to_string(), + ): # Lets just return a generic message, as there may be all sorts of # reasons why we said no. TODO: Allow configurable error messages # per alias creation rule? @@ -395,9 +397,9 @@ class DirectoryHandler(BaseHandler): room_id (str) visibility (str): "public" or "private" """ - if not self.spam_checker.user_may_publish_room( - requester.user.to_string(), room_id - ): + user_id = requester.user.to_string() + + if not self.spam_checker.user_may_publish_room(user_id, room_id): raise AuthError( 403, "This user is not permitted to publish rooms to the room list" @@ -415,7 +417,24 @@ class DirectoryHandler(BaseHandler): yield self.auth.check_can_change_room_list(room_id, requester.user) - yield self.store.set_room_is_public(room_id, visibility == "public") + room_aliases = yield self.store.get_aliases_for_room(room_id) + canonical_alias = yield self.store.get_canonical_alias_for_room(room_id) + if canonical_alias: + room_aliases.append(canonical_alias) + + making_public = visibility == "public" + + if making_public and not self.config.is_publishing_room_allowed( + user_id, room_id, room_aliases, + ): + # Lets just return a generic message, as there may be all sorts of + # reasons why we said no. TODO: Allow configurable error messages + # per alias creation rule? + raise SynapseError( + 403, "Not allowed to publish room", + ) + + yield self.store.set_room_is_public(room_id, making_public) @defer.inlineCallbacks def edit_published_appservice_room_list(self, appservice_id, network_id, diff --git a/synapse/storage/state.py b/synapse/storage/state.py index d14a7b253..6ddc4055d 100644 --- a/synapse/storage/state.py +++ b/synapse/storage/state.py @@ -548,6 +548,31 @@ class StateGroupWorkerStore(EventsWorkerStore, SQLBaseStore): _get_filtered_current_state_ids_txn, ) + @defer.inlineCallbacks + def get_canonical_alias_for_room(self, room_id): + """Get canonical alias for room, if any + + Args: + room_id (str) + + Returns: + Deferred[str|None]: The canonical alias, if any + """ + + state = yield self.get_filtered_current_state_ids(room_id, StateFilter.from_types( + [(EventTypes.CanonicalAlias, "")] + )) + + event_id = state.get((EventTypes.CanonicalAlias, "")) + if not event_id: + return + + event = yield self.get_event(event_id, allow_none=True) + if not event: + return + + defer.returnValue(event.content.get("canonical_alias")) + @cached(max_entries=10000, iterable=True) def get_state_group_delta(self, state_group): """Given a state group try to return a previous group and a delta between diff --git a/tests/config/test_room_directory.py b/tests/config/test_room_directory.py index f37a17d61..1d4ca0055 100644 --- a/tests/config/test_room_directory.py +++ b/tests/config/test_room_directory.py @@ -36,6 +36,8 @@ class RoomDirectoryConfigTestCase(unittest.TestCase): - user_id: "@gah:example.com" alias: "#goo:example.com" action: "allow" + + room_list_publication_rules: [] """) rd_config = RoomDirectoryConfig() @@ -43,25 +45,96 @@ class RoomDirectoryConfigTestCase(unittest.TestCase): self.assertFalse(rd_config.is_alias_creation_allowed( user_id="@bob:example.com", + room_id="!test", alias="#test:example.com", )) self.assertTrue(rd_config.is_alias_creation_allowed( user_id="@test:example.com", + room_id="!test", alias="#unofficial_st:example.com", )) self.assertTrue(rd_config.is_alias_creation_allowed( user_id="@foobar:example.com", + room_id="!test", alias="#test:example.com", )) self.assertTrue(rd_config.is_alias_creation_allowed( user_id="@gah:example.com", + room_id="!test", alias="#goo:example.com", )) self.assertFalse(rd_config.is_alias_creation_allowed( user_id="@test:example.com", + room_id="!test", alias="#test:example.com", )) + + def test_room_publish_acl(self): + config = yaml.load(""" + alias_creation_rules: [] + + room_list_publication_rules: + - user_id: "*bob*" + alias: "*" + action: "deny" + - user_id: "*" + alias: "#unofficial_*" + action: "allow" + - user_id: "@foo*:example.com" + alias: "*" + action: "allow" + - user_id: "@gah:example.com" + alias: "#goo:example.com" + action: "allow" + - room_id: "!test-deny" + action: "deny" + """) + + rd_config = RoomDirectoryConfig() + rd_config.read_config(config) + + self.assertFalse(rd_config.is_publishing_room_allowed( + user_id="@bob:example.com", + room_id="!test", + aliases=["#test:example.com"], + )) + + self.assertTrue(rd_config.is_publishing_room_allowed( + user_id="@test:example.com", + room_id="!test", + aliases=["#unofficial_st:example.com"], + )) + + self.assertTrue(rd_config.is_publishing_room_allowed( + user_id="@foobar:example.com", + room_id="!test", + aliases=[], + )) + + self.assertTrue(rd_config.is_publishing_room_allowed( + user_id="@gah:example.com", + room_id="!test", + aliases=["#goo:example.com"], + )) + + self.assertFalse(rd_config.is_publishing_room_allowed( + user_id="@test:example.com", + room_id="!test", + aliases=["#test:example.com"], + )) + + self.assertTrue(rd_config.is_publishing_room_allowed( + user_id="@foobar:example.com", + room_id="!test-deny", + aliases=[], + )) + + self.assertFalse(rd_config.is_publishing_room_allowed( + user_id="@gah:example.com", + room_id="!test-deny", + aliases=[], + )) diff --git a/tests/handlers/test_directory.py b/tests/handlers/test_directory.py index 8ae6556c0..9bf395e92 100644 --- a/tests/handlers/test_directory.py +++ b/tests/handlers/test_directory.py @@ -121,6 +121,7 @@ class TestCreateAliasACL(unittest.HomeserverTestCase): "action": "allow", } ] + config["room_list_publication_rules"] = [] rd_config = RoomDirectoryConfig() rd_config.read_config(config) From 4074c8b968ee95fd61b610b6434ab38dfb18f623 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 14 Feb 2019 16:04:12 +0000 Subject: [PATCH 2/9] Newsfile --- changelog.d/4647.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/4647.feature diff --git a/changelog.d/4647.feature b/changelog.d/4647.feature new file mode 100644 index 000000000..5a5b1dceb --- /dev/null +++ b/changelog.d/4647.feature @@ -0,0 +1 @@ +Add configurable room list publishing rules From f666fe36d7a17d12e962461aeba61f5b7ca43ccf Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 14 Feb 2019 18:07:24 +0000 Subject: [PATCH 3/9] Fixup comments --- synapse/config/room_directory.py | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index a0869ed6a..719892be7 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -48,20 +48,21 @@ class RoomDirectoryConfig(Config): # # If no rules match the request is denied. alias_creation_rules: - - user_id: "*" - alias: "*" # This matches alias being created - room_id: "*" + - user_id: "*" # Matches agaisnt the creator of the alias + alias: "*" # Matches against the alias being created + room_id: "*" # Matches against the room ID the alias is being + # pointed at action: allow - # The `room_list_publication_rules` option control who and what can be - # published in the public room list. + # The `room_list_publication_rules` option controls who can publish and + # which rooms can be published in the public room list. # # The format of this option is the same as that for # `alias_creation_rules` room_list_publication_rules: - - user_id: "*" - alias: "*" # This matches any local or canonical alias - # associated with the room + - user_id: "*" # Matches against the user publishing the room + alias: "*" # Matches against any current local or canonical + # aliases associated with the room room_id: "*" action: allow """ @@ -107,6 +108,12 @@ class _RoomDirectoryRule(object): """ def __init__(self, option_name, rule): + """ + Args: + option_name (str): Name of the config option this rule belongs to + rule (dict): The rule as specified in the config + """ + action = rule["action"] user_id = rule.get("user_id", "*") room_id = rule.get("room_id", "*") From f61b2068e633b8ea11453992749f696d0e35e7d5 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 14 Feb 2019 18:08:09 +0000 Subject: [PATCH 4/9] Only fetch aliases when publishing rooms --- synapse/handlers/directory.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py index e5319b42a..8b113307d 100644 --- a/synapse/handlers/directory.py +++ b/synapse/handlers/directory.py @@ -417,22 +417,22 @@ class DirectoryHandler(BaseHandler): yield self.auth.check_can_change_room_list(room_id, requester.user) - room_aliases = yield self.store.get_aliases_for_room(room_id) - canonical_alias = yield self.store.get_canonical_alias_for_room(room_id) - if canonical_alias: - room_aliases.append(canonical_alias) - making_public = visibility == "public" + if making_public: + room_aliases = yield self.store.get_aliases_for_room(room_id) + canonical_alias = yield self.store.get_canonical_alias_for_room(room_id) + if canonical_alias: + room_aliases.append(canonical_alias) - if making_public and not self.config.is_publishing_room_allowed( - user_id, room_id, room_aliases, - ): - # Lets just return a generic message, as there may be all sorts of - # reasons why we said no. TODO: Allow configurable error messages - # per alias creation rule? - raise SynapseError( - 403, "Not allowed to publish room", - ) + if not self.config.is_publishing_room_allowed( + user_id, room_id, room_aliases, + ): + # Lets just return a generic message, as there may be all sorts of + # reasons why we said no. TODO: Allow configurable error messages + # per alias creation rule? + raise SynapseError( + 403, "Not allowed to publish room", + ) yield self.store.set_room_is_public(room_id, making_public) From cb12a377082f2241ee8a8280810e9e38fb69778d Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 14 Feb 2019 18:16:32 +0000 Subject: [PATCH 5/9] Clarify and fix behaviour when there are multiple aliases --- synapse/config/room_directory.py | 22 +++++++++++++++++----- tests/config/test_room_directory.py | 6 ++++++ 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index 719892be7..af84adf5f 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -58,7 +58,11 @@ class RoomDirectoryConfig(Config): # which rooms can be published in the public room list. # # The format of this option is the same as that for - # `alias_creation_rules` + # `alias_creation_rules`. + # + # If the room has one or more aliases associated with it, the rules are + # run against each alias. If there are no aliases then only rules with + # `alias: *` match. room_list_publication_rules: - user_id: "*" # Matches against the user publishing the room alias: "*" # Matches against any current local or canonical @@ -156,11 +160,19 @@ class _RoomDirectoryRule(object): # If we are not given any aliases then this rule only matches if the # alias glob matches all aliases - if not aliases and not self._alias_matches_all: - return False + matched = False + if not aliases: + if not self._alias_matches_all: + return False + else: + # Otherwise, we just need one alias to match + matched = False + for alias in aliases: + if self._alias_regex.match(alias): + matched = True + break - for alias in aliases: - if not self._alias_regex.match(alias): + if not matched: return False if not self._room_id_regex.match(room_id): diff --git a/tests/config/test_room_directory.py b/tests/config/test_room_directory.py index 1d4ca0055..3dc263152 100644 --- a/tests/config/test_room_directory.py +++ b/tests/config/test_room_directory.py @@ -138,3 +138,9 @@ class RoomDirectoryConfigTestCase(unittest.TestCase): room_id="!test-deny", aliases=[], )) + + self.assertTrue(rd_config.is_publishing_room_allowed( + user_id="@test:example.com", + room_id="!test", + aliases=["#unofficial_st:example.com", "#blah:example.com"], + )) From 8e32f26cb8f8de8554b8b75870026fe80f45add3 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 14 Feb 2019 18:21:24 +0000 Subject: [PATCH 6/9] Clarify comments --- synapse/config/room_directory.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index af84adf5f..f86626c35 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -60,9 +60,9 @@ class RoomDirectoryConfig(Config): # The format of this option is the same as that for # `alias_creation_rules`. # - # If the room has one or more aliases associated with it, the rules are - # run against each alias. If there are no aliases then only rules with - # `alias: *` match. + # If the room has one or more aliases associated with it, only one of + # the aliases needs to match the alias rule. If there are no aliases + # then only rules with `alias: *` match. room_list_publication_rules: - user_id: "*" # Matches against the user publishing the room alias: "*" # Matches against any current local or canonical From 02c46acc6a63b9e56039b5d7e24cc97ed9a4636d Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 15 Feb 2019 10:17:13 +0000 Subject: [PATCH 7/9] Fixup comments --- synapse/config/room_directory.py | 35 ++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index f86626c35..6815d6e9b 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -46,12 +46,20 @@ class RoomDirectoryConfig(Config): # # Missing user_id/room_id/alias fields default to "*". # - # If no rules match the request is denied. + # If no rules match the request is denied. An empty list means no one + # can create aliases. + # + # Options for the rules include: + # + # user_id: Matches against the creator of the alias + # alias: Matches against the alias being created + # room_id: Matches against the room ID the alias is being pointed at + # action: Whether to "allow" or "deny" the request if the rule matches + # alias_creation_rules: - - user_id: "*" # Matches agaisnt the creator of the alias - alias: "*" # Matches against the alias being created - room_id: "*" # Matches against the room ID the alias is being - # pointed at + - user_id: "*" + alias: "*" + room_id: "*" action: allow # The `room_list_publication_rules` option controls who can publish and @@ -63,10 +71,21 @@ class RoomDirectoryConfig(Config): # If the room has one or more aliases associated with it, only one of # the aliases needs to match the alias rule. If there are no aliases # then only rules with `alias: *` match. + # + # If no rules match the request is denied. An empty list means no one + # can publish rooms. + # + # Options for the rules include: + # + # user_id: Matches agaisnt the creator of the alias + # room_id: Matches against the room ID being published + # alias: Matches against any current local or canonical aliases + # associated with the room + # action: Whether to "allow" or "deny" the request if the rule matches + # room_list_publication_rules: - - user_id: "*" # Matches against the user publishing the room - alias: "*" # Matches against any current local or canonical - # aliases associated with the room + - user_id: "*" + alias: "*" room_id: "*" action: allow """ From 02c729d6b0f6b8f41455737cde0b8aeb39782a7e Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 15 Feb 2019 10:17:43 +0000 Subject: [PATCH 8/9] Hoist up checks to reduce overall work --- synapse/config/room_directory.py | 34 +++++++++++++++----------------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index 6815d6e9b..aa113f0ed 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -177,24 +177,22 @@ class _RoomDirectoryRule(object): if not self._user_id_regex.match(user_id): return False - # If we are not given any aliases then this rule only matches if the - # alias glob matches all aliases - matched = False - if not aliases: - if not self._alias_matches_all: - return False - else: - # Otherwise, we just need one alias to match - matched = False - for alias in aliases: - if self._alias_regex.match(alias): - matched = True - break - - if not matched: - return False - if not self._room_id_regex.match(room_id): return False - return True + # We only have alias checks left, so we can short circuit if the alias + # rule matches everything. + if self._alias_matches_all: + return True + + # If we are not given any aliases then this rule only matches if the + # alias glob matches all aliases, which we checked above. + if not aliases: + return False + + # Otherwise, we just need one alias to match + for alias in aliases: + if self._alias_regex.match(alias): + return True + + return False From b99c532c1c5d79cdaea20e68bf65945f056a156d Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Fri, 15 Feb 2019 10:53:39 +0000 Subject: [PATCH 9/9] Move defaults up into code --- synapse/config/room_directory.py | 62 +++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 20 deletions(-) diff --git a/synapse/config/room_directory.py b/synapse/config/room_directory.py index aa113f0ed..c8e0abbae 100644 --- a/synapse/config/room_directory.py +++ b/synapse/config/room_directory.py @@ -20,19 +20,37 @@ from ._base import Config, ConfigError class RoomDirectoryConfig(Config): def read_config(self, config): - alias_creation_rules = config["alias_creation_rules"] + alias_creation_rules = config.get("alias_creation_rules") - self._alias_creation_rules = [ - _RoomDirectoryRule("alias_creation_rules", rule) - for rule in alias_creation_rules - ] + if alias_creation_rules is not None: + self._alias_creation_rules = [ + _RoomDirectoryRule("alias_creation_rules", rule) + for rule in alias_creation_rules + ] + else: + self._alias_creation_rules = [ + _RoomDirectoryRule( + "alias_creation_rules", { + "action": "allow", + } + ) + ] - room_list_publication_rules = config["room_list_publication_rules"] + room_list_publication_rules = config.get("room_list_publication_rules") - self._room_list_publication_rules = [ - _RoomDirectoryRule("room_list_publication_rules", rule) - for rule in room_list_publication_rules - ] + if room_list_publication_rules is not None: + self._room_list_publication_rules = [ + _RoomDirectoryRule("room_list_publication_rules", rule) + for rule in room_list_publication_rules + ] + else: + self._room_list_publication_rules = [ + _RoomDirectoryRule( + "room_list_publication_rules", { + "action": "allow", + } + ) + ] def default_config(self, config_dir_path, server_name, **kwargs): return """ @@ -56,11 +74,13 @@ class RoomDirectoryConfig(Config): # room_id: Matches against the room ID the alias is being pointed at # action: Whether to "allow" or "deny" the request if the rule matches # - alias_creation_rules: - - user_id: "*" - alias: "*" - room_id: "*" - action: allow + # The default is: + # + # alias_creation_rules: + # - user_id: "*" + # alias: "*" + # room_id: "*" + # action: allow # The `room_list_publication_rules` option controls who can publish and # which rooms can be published in the public room list. @@ -83,11 +103,13 @@ class RoomDirectoryConfig(Config): # associated with the room # action: Whether to "allow" or "deny" the request if the rule matches # - room_list_publication_rules: - - user_id: "*" - alias: "*" - room_id: "*" - action: allow + # The default is: + # + # room_list_publication_rules: + # - user_id: "*" + # alias: "*" + # room_id: "*" + # action: allow """ def is_alias_creation_allowed(self, user_id, room_id, alias):