Skip to content

MSC4185: Event Visibility API #4185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

MSC4185: Event Visibility API #4185

wants to merge 1 commit into from

Conversation

@tadzik
Copy link

@tadzik tadzik commented Aug 29, 2024
edited
Loading

@tadzik tadzik marked this pull request as ready for review August 29, 2024 14:28
Half-Shot
Half-Shot reviewed Aug 29, 2024
View reviewed changes
Copy link
Contributor

@Half-Shot Half-Shot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very sensible to me and fixes a long standing issue we've had with visibility overall. I'd be curious to hear from the homeserver developer community if there are pitfalls with requesting this information frequently.

proposals/4185-event-visibility-api.md

While the homeserver is likely to have event visibility information cached for its local users,
the operation could be end up costly when performed for remote users.
Still, even for that case, the homeserver is probably in the best position to calculate this.
Copy link
Contributor

@Half-Shot Half-Shot Aug 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if caching is a thing we should mention, or whether that's an implementation detail?

@turt2live turt2live added proposal A matrix spec change proposal application services client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Aug 29, 2024
@tadzik tadzik mentioned this pull request Nov 28, 2024
Open
@tulir tulir removed the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Nov 28, 2024
@MadLittleMods MadLittleMods mentioned this pull request Nov 29, 2024
Open
3 tasks
MadLittleMods
MadLittleMods reviewed Dec 16, 2024
View reviewed changes
proposals/4185-event-visibility-api.md

GET /_matrix/client/v1/can_user_see_event/<room_id>/<user_id>/<event_id>

That responds with a boolean, revealing if `<user_id>` has access to `<event_id>` in `<room_id>`.
Copy link
Contributor

@MadLittleMods MadLittleMods Dec 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What determines if a user has access to an event?

I assume this has to do with room membership and history visibility but I feel we should probably explain this explicitly.

And for example, room encryption has nothing to do with this since that happens out of band on the client. (or redactions, etc)

proposals/4185-event-visibility-api.md
the operation could be end up costly when performed for remote users.
Still, even for that case, the homeserver is probably in the best position to calculate this.

## Alternatives
Copy link
Contributor

@MadLittleMods MadLittleMods Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One alternative would be to just try fetching the event GET /_matrix/client/v3/rooms/{roomId}/event/{eventId}.

Responses

Status Description
200 The full event.
404 The event was not found or you do not have permission to read this event.

Application services can already request on the behalf of another user using the ?user_id=@example:example.org query parameter.

Copy link
Author

@tadzik tadzik Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that would indeed solve the problem for ASes. As the MSC notes, however, it excludes potential integrations that are not ASes (bots, for instance). Perhaps that's a YAGNI though, and this is worth setting aside until such need arises, if at all.

Copy link
Author

@tadzik tadzik Jan 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plugging this for the record: https://spec.matrix.org/v1.11/application-service-api/#identity-assertion

I don't think it will work for us in the general case. This can only apply to users in Appservice's control, which won't work for remote users even with very generous configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Half-Shot Half-Shot Half-Shot left review comments

+1 more reviewer

@MadLittleMods MadLittleMods MadLittleMods left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

application services client-server Client-Server API kind:maintenance MSC which clarifies/updates existing spec proposal A matrix spec change proposal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

As a user or appservice, I want to know if another user has access to a specific event.

5 participants

@tadzik @MadLittleMods @Half-Shot @turt2live @tulir