Prevent suspended users from sending encrypted messages

[H-Shay]

Missed in the first round.

[erikjohnston]

Would it make sense to whitelist things? e.g. just membership events?

[H-Shay]

I think this makes more sense? There is a relatively small set of actions which are prohibited - most of which are bounced higher in the stack, but I do see the point that the whitelist approach prevents errors like this. Happy to do it the way you think best, just let me know!

[erikjohnston]

It's mostly up to T&S I think, it just feels odd to ban people from sending messages but not other events into the room, e.g. polls.

[H-Shay]

yeah suspended users shouldn't be sending polls - I have switched to an allowlist. I don't think what I have added violates any of these specifically allowed actions but let me know if it does:
Log in/create additional sessions (which should also behave as suspended).
See and receive messages, particularly via /sync and /messages.
Verify their other devices and write associated cross-signing data
Populate their key backup
Leave rooms & reject invites.
Redacting their own events.
Log out/delete any device of theirs, including the current session.
Deactivate their account, potentially with a deliberate time delay to discourage making a new account right away.

[erikjohnston]

Suggested change

	if event_dict["type"] in ["m.room.redaction", "m.room.member"]:
	# We want to allow suspended users to perform "corrective" actions
	# asked of them by server admins, such as redact their messages and
	# leave rooms.
	if event_dict["type"] in ["m.room.redaction", "m.room.member"]:

[H-Shay]

Thanks for the review! I added a test and the comment, if it looks good can you merge when you get a chance? I no longer can :)