From 74c5bfd3118822035ff242274d8bcefd70afa453 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Sun, 15 Dec 2024 14:31:11 -0500
Subject: [PATCH] dont allow m.room.server_acl to be redacted

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/service/rooms/state_accessor/mod.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/service/rooms/state_accessor/mod.rs b/src/service/rooms/state_accessor/mod.rs
index 6ddf198d..fd132798 100644
--- a/src/service/rooms/state_accessor/mod.rs
+++ b/src/service/rooms/state_accessor/mod.rs
@@ -512,6 +512,16 @@ impl Service {
 			return Err!(Request(Forbidden("Redacting m.room.create is not safe, forbidding.")));
 		}
 
+		if redacting_event
+			.as_ref()
+			.is_ok_and(|pdu| pdu.kind == TimelineEventType::RoomServerAcl)
+		{
+			return Err!(Request(Forbidden(
+				"Redacting m.room.server_acl will result in the room being inaccessible for \
+				 everyone (empty allow key), forbidding."
+			)));
+		}
+
 		if let Ok(pl_event_content) = self
 			.room_state_get_content::<RoomPowerLevelsEventContent>(
 				room_id,