Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Server admins should be able to bypass restrictions on creating aliases #7052

Closed
turt2live opened this issue Mar 7, 2020 · 6 comments
Closed
Assignees

Comments

@turt2live
Copy link
Member

otherwise administration tools can't do their job

@turt2live
Copy link
Member Author

context: "You must be in the room to create an alias for it" - the bot isn't in the room because it's for administration, not to sit in every single room.

@clokep
Copy link
Member

clokep commented Mar 9, 2020

@turt2live Do you know if this is new? If so, it could be the change talked about in #6986 (comment)

@turt2live
Copy link
Member Author

It was tried on matrix.org moments before the issue was reported, so it's very much still an issue as far as I'm aware.

The problem was the user was trying to add an alias onto a room, not delete one. The delete operation beforehand was fine.

@richvdh richvdh changed the title Server admins should be able to bypass alias restrictions Server admins should be able to bypass restrictions on creating aliases Mar 19, 2020
@clokep
Copy link
Member

clokep commented Mar 19, 2020

Currently the checks for creating an alias are:

  1. If require_membership_for_aliases is true in the config, the creator must be in the room.
  2. The spam checker is queried.
  3. The alias_creation_rules are checked from the config.
  4. Services are checked to see whether they have an "exclusive lock" on an alias.

For reference, deleting an alias has the following checks:

  1. If the user is the creator of the alias, they can delete it.
  2. If the user is an admin, they can delete it.
  3. The user must be in the room.
  4. The creator has sufficient power levels to delete an alias (>= moderator).
  5. Services are checked to see whether the have an "exclusive lock" on an alias.

These are similar, but not identical. Adding a check for being an admin should be straightforward. Making them more consistent should also be doable if we want to go that way.

@clokep
Copy link
Member

clokep commented Mar 26, 2020

Discussed this today and the plan is to:

  • Do the straightforward work of allowing admins to create aliases.
  • File a follow-up with a proposal of how to make these more consistent.

@clokep
Copy link
Member

clokep commented Apr 1, 2020

This was fixed in #7191. I'm going to file a follow-up about being more consistent for creation / deletion.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants