diff --git a/corporal/httpgateway/policycheck/room.go b/corporal/httpgateway/policycheck/room.go index 726b02a..d3f52c6 100644 --- a/corporal/httpgateway/policycheck/room.go +++ b/corporal/httpgateway/policycheck/room.go @@ -14,6 +14,7 @@ import ( // CheckRoomCreate is a policy checker for: /_matrix/client/r0/createRoom func CheckRoomCreate(r *http.Request, ctx context.Context, policy policy.Policy, checker policy.Checker) PolicyCheckResponse { userId := ctx.Value("userId").(string) + members := ctx.Value("invite").([]string) if !checker.CanUserCreateRoom(policy, userId) { return PolicyCheckResponse{ @@ -23,6 +24,17 @@ func CheckRoomCreate(r *http.Request, ctx context.Context, policy policy.Policy, } } + // Check if powerlevel of invited members are same or less than the user powerlevel + for _, memberId := range members { + if !checker.CanSendInvite(policy, userId, memberId) { + return PolicyCheckResponse{ + Allow: false, + ErrorCode: matrix.ErrorForbidden, + ErrorMessage: "Denied by policy", + } + } + } + return PolicyCheckResponse{ Allow: true, } diff --git a/corporal/policy/checker.go b/corporal/policy/checker.go index df80ce5..ad5a2c2 100644 --- a/corporal/policy/checker.go +++ b/corporal/policy/checker.go @@ -65,3 +65,19 @@ func (me *Checker) CanUserUseCustomDisplayName(policy Policy, userId string) boo func (me *Checker) CanUserUseCustomAvatar(policy Policy, userId string) bool { return policy.Flags.AllowCustomUserAvatars } + +//Compares the power level of sender and invited members. Allows invite only within their power level and below. + +func (me *Checker) CanSendInvite(policy, userId, memberId) bool { + memberPolicy := policy.GetUserPolicyByUserId(memberId) + userPolicy := policy.GetUserPolicyByUserId(userId) + if memberPolicy == nil { + return true + } + + if userPolicy == nil { + return false + } + + return memberPolicy.PowerLevel <= userPolicy.PowerLevel +} \ No newline at end of file diff --git a/corporal/policy/policy.go b/corporal/policy/policy.go index 89fff0b..df0895b 100644 --- a/corporal/policy/policy.go +++ b/corporal/policy/policy.go @@ -58,4 +58,8 @@ type UserPolicy struct { // Tells whether this user is forbidden from creating rooms. ForbidRoomCreation *bool `json:"forbidRoomCreation"` + + //PowerLevel. + PowerLevel int `json:"powerLevel"` + }