From 91b2f77e0e4a0009665cf16d51f3edfb374ff30e Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Wed, 5 Apr 2023 10:57:08 +0100 Subject: [PATCH] Remove outdated text saying that state_default defaults to 0 (#1479) There was substantial confusion around this, but I've done some archaeology. Basically, this was changed back in r0.5.0 by MSC1304 and matrix-org/synapse#3397. Before that, it was indeed the case that state_default was 0 if there was no m.room.power_levels event, but that was confusing and a source of security holes, so we changed it. matrix-org/matrix-spec-proposals#1656 changed the spec, but apparently overlooked the text in the description. Reverts: #1478. Fixes: #861. --- .../newsfragments/1478.clarification | 1 - .../newsfragments/1479.clarification | 1 + .../schema/m.room.power_levels.yaml | 27 ++++++------------- 3 files changed, 9 insertions(+), 20 deletions(-) delete mode 100644 changelogs/client_server/newsfragments/1478.clarification create mode 100644 changelogs/client_server/newsfragments/1479.clarification diff --git a/changelogs/client_server/newsfragments/1478.clarification b/changelogs/client_server/newsfragments/1478.clarification deleted file mode 100644 index df90d278..00000000 --- a/changelogs/client_server/newsfragments/1478.clarification +++ /dev/null @@ -1 +0,0 @@ -Further clarify that `state_default` on `m.room.power_levels` is 0 when no power levels event is in the room. \ No newline at end of file diff --git a/changelogs/client_server/newsfragments/1479.clarification b/changelogs/client_server/newsfragments/1479.clarification new file mode 100644 index 00000000..f1c4b178 --- /dev/null +++ b/changelogs/client_server/newsfragments/1479.clarification @@ -0,0 +1 @@ +Remove outdated text saying that `state_default` is 0 if there is no `m.room.power_levels` event in a room. diff --git a/data/event-schemas/schema/m.room.power_levels.yaml b/data/event-schemas/schema/m.room.power_levels.yaml index c3ea94aa..f5f15fab 100644 --- a/data/event-schemas/schema/m.room.power_levels.yaml +++ b/data/event-schemas/schema/m.room.power_levels.yaml @@ -18,11 +18,10 @@ description: |- `events_default` for Message Events and `state_default` for State Events. - If there is no `state_default` in the `m.room.power_levels` event, the - `state_default` is 50. If there is no `events_default` in the - `m.room.power_levels` event, the `events_default` is 0. If the room - contains no `m.room.power_levels` event, *both* the `state_default` and - `events_default` are 0. + If there is no `state_default` in the `m.room.power_levels` event, or + there is no `m.room.power_levels` event, the `state_default` is 50. + If there is no `events_default` in the `m.room.power_levels` event, + or there is no `m.room.power_levels` event, the `events_default` is 0. The power level required to invite a user to the room, kick a user from the room, ban a user from the room, or redact an event sent by another user, is @@ -33,15 +32,6 @@ description: |- **Note:** - As noted above, in the absence of an `m.room.power_levels` event, the - `state_default` is 0, and all users are considered to have power level 0. - That means that **any** member of the room can send an - `m.room.power_levels` event, changing the permissions in the room. - - Server implementations should therefore ensure that each room has an - `m.room.power_levels` event as soon as it is created. See also the - documentation of the `/createRoom` API. - The allowed range for power level values is `[-(2**53)+1, (2**53)-1]`, as required by the [Canonical JSON specification](/appendices/#canonical-json). @@ -75,9 +65,6 @@ properties: description: |- The default level required to send state events. Can be overridden by the `events` key. Defaults to 50 if unspecified. - - **Note**: When there is no `m.room.power_levels` event in the room, this defaults - to 0. See description for more information. type: integer users: additionalProperties: @@ -87,9 +74,11 @@ properties: type: object users_default: description: |- - The default power level for every user in the room, unless their - `user_id` is mentioned in the `users` key. Defaults to 0 if + The power level for users in the room whose `user_id` is not mentioned in the `users` key. Defaults to 0 if unspecified. + + **Note**: When there is no `m.room.power_levels` event in the room, the room creator has + a power level of 100, and all other users have a power level of 0. type: integer notifications: properties: