Server admins should be able to bypass restrictions on creating aliases

[turt2live]

otherwise administration tools can't do their job

[turt2live]

context: "You must be in the room to create an alias for it" - the bot isn't in the room because it's for administration, not to sit in every single room.

[clokep]

@turt2live Do you know if this is new? If so, it could be the change talked about in #6986 (comment)

[turt2live]

It was tried on matrix.org moments before the issue was reported, so it's very much still an issue as far as I'm aware.

The problem was the user was trying to add an alias onto a room, not delete one. The delete operation beforehand was fine.

[clokep]

Currently the checks for creating an alias are:

1. If require_membership_for_aliases is true in the config, the creator must be in the room.
2. The spam checker is queried.
3. The alias_creation_rules are checked from the config.
4. Services are checked to see whether they have an "exclusive lock" on an alias.

For reference, deleting an alias has the following checks:

1. If the user is the creator of the alias, they can delete it.
2. If the user is an admin, they can delete it.
3. The user must be in the room.
4. The creator has sufficient power levels to delete an alias (>= moderator).
5. Services are checked to see whether the have an "exclusive lock" on an alias.

These are similar, but not identical. Adding a check for being an admin should be straightforward. Making them more consistent should also be doable if we want to go that way.

[clokep]

Discussed this today and the plan is to:

• Do the straightforward work of allowing admins to create aliases.
• File a follow-up with a proposal of how to make these more consistent.

[clokep]

This was fixed in #7191. I'm going to file a follow-up about being more consistent for creation / deletion.