From c9c79fbea6d87058d52da0e058b2ebbf8be485a5 Mon Sep 17 00:00:00 2001
From: nexy7574 <git@nexy7574.co.uk>
Date: Sat, 20 Sep 2025 18:02:15 +0100
Subject: [PATCH] fix: Fix restricted join rules inconsistencies

---
 src/api/client/membership/join.rs       |  3 +++
 src/core/matrix/state_res/event_auth.rs | 22 +++++++++++++---------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/api/client/membership/join.rs b/src/api/client/membership/join.rs
index c0af0bb2..fd431cc8 100644
--- a/src/api/client/membership/join.rs
+++ b/src/api/client/membership/join.rs
@@ -742,6 +742,7 @@ async fn join_room_by_id_helper_local(
 			.iter()
 			.stream()
 			.any(|restriction_room_id| {
+				trace!("Checking if {sender_user} is joined to {restriction_room_id}");
 				services
 					.rooms
 					.state_cache
@@ -754,6 +755,7 @@ async fn join_room_by_id_helper_local(
 				.state_cache
 				.local_users_in_room(room_id)
 				.filter(|user| {
+					trace!("Checking if {user} can invite {sender_user} to {room_id}");
 					services.rooms.state_accessor.user_can_invite(
 						room_id,
 						user,
@@ -766,6 +768,7 @@ async fn join_room_by_id_helper_local(
 				.await
 				.map(ToOwned::to_owned)
 		} else {
+			trace!("No restriction rooms are joined by {sender_user}");
 			None
 		}
 	};
diff --git a/src/core/matrix/state_res/event_auth.rs b/src/core/matrix/state_res/event_auth.rs
index 350f4346..b82aa3b3 100644
--- a/src/core/matrix/state_res/event_auth.rs
+++ b/src/core/matrix/state_res/event_auth.rs
@@ -727,12 +727,20 @@ where
 		let user_joined = user_for_join_auth_membership == &MembershipState::Join;
 		let okay_power = is_creator(room_version, &creators, create_room, user_for_join_auth)
 			|| auth_user_pl >= invite_level;
+		trace!(
+			auth_user_pl=?auth_user_pl,
+			invite_level=?invite_level,
+			user_joined=?user_joined,
+			okay_power=?okay_power,
+			passing=?(user_joined && okay_power),
+			"user for join auth is valid check details"
+		);
 		user_joined && okay_power
 	} else {
 		// No auth user was given
+		trace!("No auth user given for join auth");
 		false
 	};
-
 	let sender_creator = is_creator(room_version, &creators, create_room, sender);
 	let target_creator = is_creator(room_version, &creators, create_room, target_user);
 
@@ -811,9 +819,7 @@ where
 						false
 					},
 					| JoinRule::KnockRestricted(_) => {
-						let valid_join = user_for_join_auth_is_valid
-							|| sender_membership == MembershipState::Join;
-						if membership_allows_join || valid_join {
+						if membership_allows_join || user_for_join_auth_is_valid {
 							true
 						} else {
 							warn!(
@@ -826,16 +832,14 @@ where
 						}
 					},
 					| JoinRule::Restricted(_) =>
-						if !user_for_join_auth_is_valid
-							&& sender_membership != MembershipState::Join
-						{
+						if membership_allows_join || user_for_join_auth_is_valid {
+							true
+						} else {
 							warn!(
 								"Join rule is a restricted one but no valid authorising user \
 								 was given"
 							);
 							false
-						} else {
-							true
 						},
 					| JoinRule::Public => true,
 					| _ => {