Merge 205fa06076 into b6a127b5cb

Update changelog
Remove content that is now in #2223
2026-05-02 07:04:09 +02:00 · 2025-10-06 11:15:00 +01:00 · 2025-10-06 11:14:55 +01:00 · 2025-10-06 10:57:53 +01:00 · 2025-10-03 18:28:41 -06:00 · 2025-09-25 09:04:41 +01:00
10 changed files with 72 additions and 4 deletions
--- a/changelogs/client_server/newsfragments/2212.clarification
+++ b/changelogs/client_server/newsfragments/2212.clarification
@ -0,0 +1 @@
 Add example to each endpoint when the capability is not available.
--- a/changelogs/room_versions/newsfragments/2220.clarification
+++ b/changelogs/room_versions/newsfragments/2220.clarification
@ -0,0 +1 @@
 In room versions 8 through 12, clarify that "sufficient permission to invite users" on restricted joins also includes being a joined member of the room.
--- a/content/rooms/fragments/v8-auth-rules.md
+++ b/content/rooms/fragments/v8-auth-rules.md
@ -74,7 +74,7 @@ The rules are as follows:
            1.  If membership state is `join` or `invite`, allow.
            2.  If the `join_authorised_via_users_server` key in `content`
                is not a user with sufficient permission to invite other
-                users, reject.
+                users or is not a joined member of the room, reject.
            3.  Otherwise, allow.
        6.  If the `join_rule` is `public`, allow.
        7.  Otherwise, reject.
--- a/content/rooms/v10.md
+++ b/content/rooms/v10.md
@ -150,7 +150,7 @@ The rules are as follows:
            1.  If membership state is `join` or `invite`, allow.
            2.  If the `join_authorised_via_users_server` key in `content`
                is not a user with sufficient permission to invite other
-                users, reject.
+                users or is not a joined member of the room, reject.
            3.  Otherwise, allow.
        6.  If the `join_rule` is `public`, allow.
        7.  Otherwise, reject.
--- a/content/rooms/v11.md
+++ b/content/rooms/v11.md
@ -157,7 +157,7 @@ The rules are as follows:
            1.  If membership state is `join` or `invite`, allow.
            2.  If the `join_authorised_via_users_server` key in `content`
                is not a user with sufficient permission to invite other
-                users, reject.
+                users or is not a joined member of the room, reject.
            3.  Otherwise, allow.
        6.  If the `join_rule` is `public`, allow.
        7.  Otherwise, reject.
--- a/content/rooms/v12.md
+++ b/content/rooms/v12.md
@ -141,7 +141,7 @@ The rules are as follows:
            1.  If membership state is `join` or `invite`, allow.
            2.  If the `join_authorised_via_users_server` key in `content`
                is not a user with sufficient permission to invite other
-                users, reject.
+                users or is not a joined member of the room, reject.
            3.  Otherwise, allow.
        6.  If the `join_rule` is `public`, allow.
        7.  Otherwise, reject.
--- a/data/api/client-server/administrative_contact.yaml
+++ b/data/api/client-server/administrative_contact.yaml
@ -176,6 +176,18 @@ paths:
                  value: {
                    "submit_url": "https://example.org/path/to/submitToken"
                  }
        "400":
          description: The 3PID changes capability is not available.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_FORBIDDEN",
                    "error": "3PID changes are disabled on this server."
                  }
        "403":
          description: The credentials could not be verified with the identity server.
          content:
@ -244,6 +256,18 @@ paths:
              examples:
                response:
                  value: {}
        "400":
          description: The 3PID changes capability is not available.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_FORBIDDEN",
                    "error": "3PID changes are disabled on this server."
                  }
        "401":
          description: The homeserver requires additional authentication information.
          content:
@ -389,6 +413,18 @@ paths:
                    example: success
                required:
                  - id_server_unbind_result
        "400":
          description: The 3PID changes capability is not available.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_FORBIDDEN",
                    "error": "3PID changes are disabled on this server."
                  }
      tags:
        - Account management
  /account/3pid/unbind:
--- a/data/api/client-server/login_token.yaml
+++ b/data/api/client-server/login_token.yaml
@ -110,6 +110,18 @@ paths:
            application/json:
              schema:
                $ref: definitions/auth_response.yaml
        "404":
          description: The get login token capability is not available.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_UNRECOGNIZED",
                    "error": "The get login token capability is not available."
                  }
        "429":
          description: This request was rate-limited.
          content:
--- a/data/api/client-server/password_management.yaml
+++ b/data/api/client-server/password_management.yaml
@ -82,6 +82,18 @@ paths:
            application/json:
              schema:
                $ref: definitions/auth_response.yaml
        "403":
          description: The password change capability is not available.
          content:
            application/json:
              schema:
                $ref: definitions/errors/error.yaml
              examples:
                response:
                  value: {
                    "errcode": "M_FORBIDDEN",
                    "error": "Password change is disabled."
                  }
        "429":
          description: This request was rate-limited.
          content:
--- a/data/api/client-server/profile.yaml
+++ b/data/api/client-server/profile.yaml
@ -116,6 +116,12 @@ paths:
                      "errcode": "M_INVALID_PARAM",
                      "error": "Invalid profile key.",
                    }
                capability_disabled:
                  value:
                    {
                      "errcode": "M_FORBIDDEN",
                      "error": "Profile modification is disabled on this homeserver.",
                    }
        "403":
          description: The server is unwilling to perform the operation, either
            due to insufficient permissions or because profile modifications
Author	SHA1	Message	Date
Hugh Nimmo-Smith	9ac91f6e21	Merge `205fa06076` into `b6a127b5cb`	2025-10-06 11:15:00 +01:00
Hugh Nimmo-Smith	205fa06076	Update changelog	2025-10-06 11:14:55 +01:00
Hugh Nimmo-Smith	2a8a6d7833	Remove content that is now in #2223	2025-10-06 10:57:53 +01:00
Travis Ralston	b6a127b5cb	Clarify that restricted joins require the referenced user to be joined (#2220 ) Some checks failed Spec / 🔎 Validate OpenAPI specifications (push) Has been cancelled Details Spec / 🔎 Check Event schema examples (push) Has been cancelled Details Spec / 🔎 Check OpenAPI definitions examples (push) Has been cancelled Details Spec / 🔎 Check JSON Schemas inline examples (push) Has been cancelled Details Spec / ⚙️ Calculate baseURL for later jobs (push) Has been cancelled Details Spec / 📢 Run towncrier for changelog (push) Has been cancelled Details Spell Check / Spell Check with Typos (push) Has been cancelled Details Spec / 🐍 Build OpenAPI definitions (push) Has been cancelled Details Spec / 📖 Build the spec (push) Has been cancelled Details Spec / 🔎 Validate generated HTML (push) Has been cancelled Details Spec / 📖 Build the historical backup spec (push) Has been cancelled Details	2025-10-03 18:28:41 -06:00
Hugh Nimmo-Smith	8cb0b3e7f6	Update data/api/client-server/profile.yaml Co-authored-by: Johannes Marbach <n0-0ne+github@mailbox.org>	2025-09-25 09:04:41 +01:00
Hugh Nimmo-Smith	bf08e68af7	Fix links	2025-09-17 18:19:34 +01:00
Hugh Nimmo-Smith	82e7b625e0	Changelog	2025-09-17 18:11:10 +01:00
Hugh Nimmo-Smith	e7abc7cf41	Add note where an endpoint uses capability negotiation	2025-09-17 18:08:56 +01:00
		`@ -0,0 +1 @@`
							`Add example to each endpoint when the capability is not available.`
		`@ -0,0 +1 @@`
							`In room versions 8 through 12, clarify that "sufficient permission to invite users" on restricted joins also includes being a joined member of the room.`