Unexpected powerlevels interactions

[richvdh]

We accept some PL event transitions that are maybe unexpected.

Suppose we have a room where:

• events."m.room.power_levels" has been lowered to 50 (ie, "moderators" have been allowed to change the power levels)
• users."@mischievous_mod:example.com" is 50 (ie, they are a moderator)
• events_default is 75, so @mischievous_mod (and other users) cannot send arbitrary events.

Now:

1. @mischievous_mod can add new entries to events, thus allowing themselves (or other users) to send events. This appears to be counter to the spirit of point 10.4.1 of the auth rules:

   For each entry being added ... in both the events and users keys: if the current value is higher than the sender’s current power level, reject.

   ... which seems to seek to prevent the sender of a PL event from controlling the transmission of events that they themselves do not have permission to send.

2. Conversely, suppose there is an existing entry in events setting "m.room.message": 0. The mischievous moderator can remove this entry, thus changing the required PL for sending such an event to the default (75). This appears to be counter to the spirit of point 10.4.2:

   If the new value is higher than the sender’s current power level, reject.

   ... which seems to seek to prevent the sender of a PL event from preventing other users with the same PL from sending that event.

Suppose now that users_default is 75.

3. @mischievous_mod can add an entry to the users key demoting another user with a higher power level than themselves.
4. @mischievous_mod can remove an entry from the users key, promoting another user (or themselves) to a higher power level than their own.