From 56dd6a416801c611597fc4f0023d14c819784f9e Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 1 Feb 2022 09:40:08 +0000 Subject: [PATCH 1/3] Comments about string power levels --- content/server-server-api.md | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/content/server-server-api.md b/content/server-server-api.md index df8e5603e15..380b00ccbec 100644 --- a/content/server-server-api.md +++ b/content/server-server-api.md @@ -375,22 +375,43 @@ them. #### Definitions -Required Power Level +##### Required Power Level + A given event type has an associated *required power level*. This is given by the current `m.room.power_levels` event. The event type is either listed explicitly in the `events` section or given by either `state_default` or `events_default` depending on if the event is a state event or not. -Invite Level, Kick Level, Ban Level, Redact Level +##### Invite Level, Kick Level, Ban Level, Redact Level + The levels given by the `invite`, `kick`, `ban`, and `redact` properties in the current `m.room.power_levels` state. Each defaults to 50 if unspecified. -Target User +##### Target User + For an `m.room.member` state event, the user given by the `state_key` of the event. +##### Historical String Power Levels + +Power level events in room versions up to and including room version 9 +can be optionally represented in string format, in order to maintain +compatibility with pre-1.0 implementations without breaking existing rooms. +A homeserver must be prepared to deal with this by parsing the power level +from the string. In these cases, the following formatting of the power level +string is allowed: + +- a single Base10 integer — no float values or decimal points; +- optionally with leading or trailing whitespace characters; +- optionally prefixed with a single `-` or `+` character. + +This behaviour is preserved strictly for backward compatibility only. A +homeserver should take reasonable precautions to prevent users from +uploading new power level events with string values and must never +populate the default power levels in a room as string values. + #### Authorization rules The rules governing whether an event is authorized depends on a set of From d1ebcfb51cae3ace528dfeb1722be2829f322ca4 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 1 Feb 2022 10:15:11 +0000 Subject: [PATCH 2/3] Review comments --- content/server-server-api.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/server-server-api.md b/content/server-server-api.md index 380b00ccbec..77e60a7bb0d 100644 --- a/content/server-server-api.md +++ b/content/server-server-api.md @@ -403,9 +403,9 @@ A homeserver must be prepared to deal with this by parsing the power level from the string. In these cases, the following formatting of the power level string is allowed: -- a single Base10 integer — no float values or decimal points; +- a single Base10 integer, no float values or decimal points, optionally with leading zeroes; - optionally with leading or trailing whitespace characters; -- optionally prefixed with a single `-` or `+` character. +- optionally prefixed with a single `-` or `+` character before the integer but after padding. This behaviour is preserved strictly for backward compatibility only. A homeserver should take reasonable precautions to prevent users from From 5a2e214363e7901510f15d8cf91da324d31a848d Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 1 Feb 2022 10:40:26 +0000 Subject: [PATCH 3/3] Update content/server-server-api.md Co-authored-by: Jonathan de Jong --- content/server-server-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/server-server-api.md b/content/server-server-api.md index 77e60a7bb0d..3826dbb7680 100644 --- a/content/server-server-api.md +++ b/content/server-server-api.md @@ -405,7 +405,7 @@ string is allowed: - a single Base10 integer, no float values or decimal points, optionally with leading zeroes; - optionally with leading or trailing whitespace characters; -- optionally prefixed with a single `-` or `+` character before the integer but after padding. +- optionally prefixed with a single `-` or `+` character before the integer but after leading whitespace padding. This behaviour is preserved strictly for backward compatibility only. A homeserver should take reasonable precautions to prevent users from