-
-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Users don't leave managed rooms #4
Comments
You're currently supposed to deactivate them, yes. The point of that was to make matrix-corporal manage people in the policy file and leave all other users on the server alone. This lets you have non-managed users, as well as various bots, etc., while matrix-corporal will not interfere with. I can see how disabling can be annoying and it may make sense to reconsider this in the future and instead go for a some |
I've thought, that if room is managed by matrix-corporal, it is completely managed by it only. Seems that I was wrong. May be some option could be added for managed rooms, to change behaviour to follow expression: if user is present in room and not in list, it is kicked off. |
It's possible. However, reconciliation work at the moment is focused on 2 things about each policy user:
We compute the differences and reconcile so that the desired state is reached for each policy user. What I mean to say is, the code is very focused on users right now and reconciling each user's current state with the desired state. We never do anything for non-managed users. We also don't (yet) work on a per-room basis, asking "what members are joined to this room? alright, we'll join a few more and kick some others", although I can see a benefit to changing the approach to this - in most cases the number of rooms is smaller than the number of users, so it could be more efficient to work on a per-room basis. In any case, matrix-corporal wishes to manage profile data for users, so it needs to do work for individual users as well (like it does now). Potential solutionI guess that we can leave things as they are now (operating from a per-user perspective for the most part) and add some extra features to do what you want. Besides the regular "per-user" reconciliation that I've described above, matrix-corporal could do some more -- inspecting managed rooms and applying additional rules there. I don't know if it should be a global flag (like If we wish to define it per-room, we might have to change our {
"managedRooms": [
{
"id": "!roomA:server",
"kickNonManagedMembers": true
},
{
"id": "!roomB:server",
"kickNonManagedMembers": false
}
]
} If something like this is set, matrix-corporal could check the joined members for each managed room, compare it to the people that SHOULD be part of the room (as per the policy) and try to kick people out. Of course, it should avoid kicking itself as well ;) If we do such backward-breaking changes to the policy, we should probably bump the Notes about kickingIt should be noted that matrix-corporal does not currently kick people out. Since it can do work on behalf of any of its managed users, it's much simpler for matrix-corporal to just log in as the user and perform a "room leave" operation from there. This way, people leave rooms gracefully and no special privileges are required from the matrix-corporal reconciliator user. If matrix-corporal were to kick users, we'd need to ensure that its user has the appropriate kicking-level access in the room and that the user being kicked has a lower power level (you can't kick people at the same power level as you, so if I'm an Administrator for some reason, matrix-corporal won't be able to kick me). We try to do the safer thing, by making people leave on their own. In any case, kicking can be implemented for this new feature. |
I guess this is not true anymore? I am still evaluating whether to user matrix-corporal or some other means.
|
What the README says is true in the sense that users defined in the policy (either as enabled or disabled) will be managed and reconciled by matrix-corporal. If the policy defines them as part of a certain room, they will be joined to that room. If the policy says they shouldn't be in the room, they will be kicked out of it. The feature should work as expected. That said, it's only true as long as you keep your users managed (defined in the policy). This issue here is discussing an edge case, where users are removed from the policy subsequently. If matrix-corporal does not see a user in its policy, it considers it a non-managed user and doesn't bother touching it in any way. As such, it will not kick it out of existing rooms, nor disable the account. |
If user removed from policy file, it doesn't automatically kicked of from managed rooms. What scenario is intented to work with fired employees ? If I was supposed to deactivate them, then list of deactivated users will endlessly grow.
The text was updated successfully, but these errors were encountered: