mirror of
https://gitea.blesmrt.net/mikaela/gist.git
synced 2024-11-25 04:39:24 +01:00
158 lines
5.4 KiB
Markdown
158 lines
5.4 KiB
Markdown
<!-- @format -->
|
|
|
|
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
|
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
|
|
|
- [Template power levels event for quick copy-pasting](#template-power-levels-event-for-quick-copy-pasting)
|
|
- [Completeish event](#completeish-event)
|
|
- [Reasonable version](#reasonable-version)
|
|
- [Paranoid version](#paranoid-version)
|
|
|
|
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
|
|
|
# Template power levels event for quick copy-pasting
|
|
|
|
The main point I do this for is users `users`
|
|
|
|
```json
|
|
{
|
|
"users": {
|
|
"@Ciblia:matrix.org": 100,
|
|
"@aminda:dendrite.matrix.org": 100,
|
|
"@aminda:matrix.org": 100,
|
|
"@aminda:mozilla.org": 100,
|
|
"@aminda:pikaviestin.fi": 100,
|
|
"@aminda:tedomum.net": 100,
|
|
"@mikaela:tchncs.de": 100,
|
|
"@mikaela-5756df8cc43b8c6019785660:gitter.im": 100,
|
|
"@mkaysi:fedora.im": 100,
|
|
"@mikaela.suomalainen:matrix.org": 100,
|
|
"@mikaela.matterbridge:converser.eu": 100,
|
|
"@mikaela.matterbridge:tedomum.net": 100,
|
|
"@aminda:beeper.com": 100,
|
|
"@aminda:masfloss.net": 100,
|
|
"@aminda:envs.net": 100,
|
|
"@leon:masfloss.net": 99,
|
|
"@fidino:artemislena.eu": 99,
|
|
"@mjolnir_3a78dd65-60a4-4c3a-9a60-01e214a5d6f6:draupnir.midnightthoughts.space": 99
|
|
}
|
|
},
|
|
```
|
|
|
|
## Completeish event
|
|
|
|
This has the rest event in two forms, but doesn't duplicate the above.
|
|
|
|
Generic notes:
|
|
|
|
- Don't have anything in `events {}` as `0` or otherwise users will be able to
|
|
send state events with that name including gigabytes of data breaking the
|
|
room.
|
|
- Refer to security considerations of
|
|
[MSC3779](https://github.com/matrix-org/matrix-spec-proposals/pull/3779).
|
|
|
|
### Reasonable version
|
|
|
|
This is not the Element/Synapse default as that would be pointless to list.
|
|
|
|
```jsonnet
|
|
{
|
|
"ban": 50,
|
|
"events": {
|
|
"im.vector.modular.widgets": 50,
|
|
"m.room.avatar": 50,
|
|
"m.room.canonical_alias": 13,
|
|
"m.room.encryption": 100,
|
|
"m.room.history_visibility": 99,
|
|
"m.room.join_rules": 50,
|
|
"m.room.name": 50,
|
|
"m.room.pinned_events": 25,
|
|
"m.room.power_levels": 50,
|
|
"m.room.retention": 100,
|
|
"m.room.server_acl": 99,
|
|
"m.room.tombstone": 100,
|
|
"m.room.topic": 25,
|
|
"m.space.child": 50,
|
|
},
|
|
"events_default": 0,
|
|
"historical": 100,
|
|
"invite": 13,
|
|
"kick": 25,
|
|
"redact": 25,
|
|
"state_default": 50,
|
|
"users": {
|
|
// READ THE BEGINNING OF THE FILE FOR THIS SECTION AND PROPER FORMAT! OR SEE YOUR CURRENT EVENT!
|
|
},
|
|
"users_default": 0,
|
|
}
|
|
```
|
|
|
|
- `m.room.history_visibility` is lowered to 99 as it's a less permanent action
|
|
than many of the others. I am not sure on my initial logic, but it's
|
|
documented in PPFI repo as PL100 vs PL99.
|
|
- `m.room.power_levels` is set to `50` so moderators can raise others to
|
|
moderators for example matrix-appservice-irc, which I would then give PL51
|
|
for ops syncing. On matrix side immune mods, could be PL52.
|
|
- `m.room.server_acl` is set to `99` so moderation bots can function and do
|
|
mostly everything while admins still have power over them.
|
|
- invite commonly defaults to `50`, but I haven't seen abuse through it.
|
|
However as it changes state by introducing membership event, it goes to the
|
|
minimum power of 13.
|
|
- PL25, half-moderator is introduced (inspired from Ergo/IRC halfop), with
|
|
powers to: change room topic, pinned messages, remove messages and kick
|
|
users (but not ban).
|
|
- Maybe this could be used e.g. in an association where a secretary/someone
|
|
unwilling to be a full moderator wants to update room topic for next
|
|
meeting time or update a version number? :shrug: Alternatively someone not
|
|
wanting full moderator responsibility could remove spam while not
|
|
participating in banning discussions.
|
|
- PL13 gets access to change main alias and add/remove published room aliases
|
|
alongside (at least on Synapse)
|
|
[un/publish the room in the room directory](https://github.com/vector-im/element-web/issues/13835).
|
|
Additionally has it also affects state, they can invite others.
|
|
- This can be used with e.g.
|
|
[altalias maubot plugin](https://matrix.org/blog/2020/06/19/this-week-in-matrix-2020-06-19#alt-alias-maubot-plugin).
|
|
I don't care about room directory or the main alias as it doesn't affect
|
|
ctrl-k that much anyway, rooms are generally discovered through Spaces and
|
|
I use Matrix URI scheme which takes room internal ID and servers to find
|
|
it from instead of caring about the alias. Most importantly **don't give
|
|
permissions to entirely untrusted users.**
|
|
|
|
### Paranoid version
|
|
|
|
```jsonnet
|
|
{
|
|
"ban": 50,
|
|
"events": {
|
|
"im.vector.modular.widgets": 100,
|
|
"m.room.avatar": 100,
|
|
"m.room.canonical_alias": 100,
|
|
"m.room.encryption": 100,
|
|
"m.room.history_visibility": 100,
|
|
"m.room.join_rules": 100,
|
|
"m.room.name": 100,
|
|
"m.room.pinned_events": 100,
|
|
"m.room.power_levels": 100,
|
|
"m.room.retention": 100,
|
|
"m.room.server_acl": 99,
|
|
"m.room.tombstone": 100,
|
|
"m.room.topic": 100,
|
|
"m.space.child": 100,
|
|
},
|
|
"events_default": 0,
|
|
"historical": 100,
|
|
"invite": 100,
|
|
"kick": 50,
|
|
"redact": 50,
|
|
"state_default": 100,
|
|
"users": {
|
|
// READ THE BEGINNING OF THE FILE FOR THIS SECTION AND PROPER FORMAT! OR SEE YOUR CURRENT EVENT!
|
|
},
|
|
"users_default": 0,
|
|
}
|
|
```
|
|
|
|
- Almost everything requires PL100
|
|
- `invite`, `kick`, `redact` and `state_default` are bumbed to `100`, `50`,
|
|
`50` and `100` in that order.
|