Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/lib/user_groups.py

761 lines
28 KiB
Python
Raw Normal View History

user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
from contextlib import contextmanager
from dataclasses import dataclass
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
from typing import Collection, Dict, Iterable, Iterator, List, Mapping, Optional, TypedDict, Union
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
from django.db import connection, transaction
groups: Update group objects to pass anonymous groups data for settings. This commit updates code to handle the can_mention_group field correctly if the setting is set to an anonymous user group.
2024-05-02 05:52:37 +02:00
from django.db.models import F, Prefetch, QuerySet
user_groups: Audit UserGroup creation. We also create RealmAuditLog entries for the initial memberships that get added along with the creation of a UserGroup. System user groups are not created with members so no audit logs are populated for that. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 05:43:03 +01:00
from django.utils.timezone import now as timezone_now
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 00:57:30 +02:00
from django.utils.translation import gettext as _
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
from django_cte import With
typing: Import ValuesQuerySet alias from django_stubs_ext. This saves us from using a conditional import. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-19 21:48:53 +02:00
from django_stubs_ext import ValuesQuerySet
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
from psycopg2.sql import SQL, Literal
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
groups: Move functions for updating settings to "lib.user_groups". This commit moves validate_group_setting_value_change, are_both_setting_values_equal and parse_group_setting_value functions, which are used for updating the group settings, to "zerver.lib.user_groups" as these functions will also be used for group based realm and stream settings and "zerver.lib.user_groups" file seems a better place to place such functions which are used at multiple places. For same reasons, we also move GroupSettingChangeRequest dataclass to "zerver.lib.user_groups" file.
2024-05-16 17:58:43 +02:00
from zerver.lib.exceptions import JsonableError, PreviousSettingValueMismatchedError
register: Pass the configuration objects for group settings in response. This commit adds code to pass configuration objects for group permission settings in register response to clients such that we do need to duplicate that data in clients and can avoid future bugs due to inconsistency. The "server_supported_permission_settings" field is included in the response if "realm" is present in "fetch_event_types", as this is what we do for other server-related fields.
2023-10-19 16:50:26 +02:00
from zerver.lib.types import GroupPermissionSetting, ServerSupportedPermissionSettings
user_groups: Audit UserGroup creation. We also create RealmAuditLog entries for the initial memberships that get added along with the creation of a UserGroup. System user groups are not created with members so no audit logs are populated for that. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 05:43:03 +01:00
from zerver.models import (
GroupGroupMembership,
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
NamedUserGroup,
user_groups: Audit UserGroup creation. We also create RealmAuditLog entries for the initial memberships that get added along with the creation of a UserGroup. System user groups are not created with members so no audit logs are populated for that. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 05:43:03 +01:00
Realm,
RealmAuditLog,
register: Pass the configuration objects for group settings in response. This commit adds code to pass configuration objects for group permission settings in register response to clients such that we do need to duplicate that data in clients and can avoid future bugs due to inconsistency. The "server_supported_permission_settings" field is included in the response if "realm" is present in "fetch_event_types", as this is what we do for other server-related fields.
2023-10-19 16:50:26 +02:00
Stream,
user_groups: Audit UserGroup creation. We also create RealmAuditLog entries for the initial memberships that get added along with the creation of a UserGroup. System user groups are not created with members so no audit logs are populated for that. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 05:43:03 +01:00
UserGroup,
UserGroupMembership,
UserProfile,
)
models: Extract zerver.models.groups. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-15 01:55:59 +01:00
from zerver.models.groups import SystemGroups
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
user-groups: Add basic backend for UserGroup model. This adds the data model and bugdown support for the new UserGroup mention feature. Before it'll be fully operational, we'll still need: * A backend API for making these. * A UI for interacting with that API. * Typeahead on the frontend. * CSS to make them look pretty and see who's in them.
2017-09-25 09:47:15 +02:00
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
@dataclass
class AnonymousSettingGroupDict:
direct_members: List[int]
direct_subgroups: List[int]
groups: Move functions for updating settings to "lib.user_groups". This commit moves validate_group_setting_value_change, are_both_setting_values_equal and parse_group_setting_value functions, which are used for updating the group settings, to "zerver.lib.user_groups" as these functions will also be used for group based realm and stream settings and "zerver.lib.user_groups" file seems a better place to place such functions which are used at multiple places. For same reasons, we also move GroupSettingChangeRequest dataclass to "zerver.lib.user_groups" file.
2024-05-16 17:58:43 +02:00
@dataclass
class GroupSettingChangeRequest:
new: Union[int, AnonymousSettingGroupDict]
old: Optional[Union[int, AnonymousSettingGroupDict]] = None
typing: Tighten type annotation for serialized user groups. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-20 23:18:50 +02:00
class UserGroupDict(TypedDict):
id: int
name: str
description: str
members: List[int]
direct_subgroup_ids: List[int]
is_system_group: bool
groups: Update group objects to pass anonymous groups data for settings. This commit updates code to handle the can_mention_group field correctly if the setting is set to an anonymous user group.
2024-05-02 05:52:37 +02:00
can_mention_group: Union[int, AnonymousSettingGroupDict]
typing: Tighten type annotation for serialized user groups. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-20 23:18:50 +02:00
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
@dataclass
class LockedUserGroupContext:
"""User groups in this dataclass are guaranteeed to be locked until the
end of the current transaction.
supergroup is the user group to have subgroups added or removed;
direct_subgroups are user groups that are recursively queried for subgroups;
recursive_subgroups include direct_subgroups and their descendants.
"""
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
supergroup: NamedUserGroup
direct_subgroups: List[NamedUserGroup]
recursive_subgroups: List[NamedUserGroup]
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
def has_user_group_access(
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
user_group: NamedUserGroup, user_profile: UserProfile, *, for_read: bool, as_subgroup: bool
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
) -> bool:
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
if user_group.realm_id != user_profile.realm_id:
return False
if as_subgroup:
# At this time, we only check for realm ID of a potential subgroup.
return True
user_groups: Reduce necessary nesting inside try-block. The error only occurs when we do the get call.
2023-06-17 00:25:05 +02:00
if for_read and not user_profile.is_guest:
# Everyone is allowed to read a user group and check who
# are its members. Guests should be unable to reach this
# code path, since they can't access user groups API
# endpoints, but we check for guests here for defense in
# depth.
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
return True
user_groups: Reduce necessary nesting inside try-block. The error only occurs when we do the get call.
2023-06-17 00:25:05 +02:00
if user_group.is_system_group:
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
return False
user_groups: Reduce necessary nesting inside try-block. The error only occurs when we do the get call.
2023-06-17 00:25:05 +02:00
group_member_ids = get_user_group_direct_member_ids(user_group)
if (
not user_profile.is_realm_admin
and not user_profile.is_moderator
and user_profile.id not in group_member_ids
):
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
return False
return True
def access_user_group_by_id(
user_group_id: int, user_profile: UserProfile, *, for_read: bool
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
) -> NamedUserGroup:
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
try:
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
if for_read:
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
user_group = NamedUserGroup.objects.get(id=user_group_id, realm=user_profile.realm)
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
else:
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
user_group = NamedUserGroup.objects.select_for_update().get(
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
id=user_group_id, realm=user_profile.realm
)
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
except NamedUserGroup.DoesNotExist:
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
raise JsonableError(_("Invalid user group"))
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
if not has_user_group_access(user_group, user_profile, for_read=for_read, as_subgroup=False):
user_groups: Reduce necessary nesting inside try-block. The error only occurs when we do the get call.
2023-06-17 00:25:05 +02:00
raise JsonableError(_("Insufficient permission"))
user_groups: Extract has_user_group_access helper. Similar to has_message, we can maintain a helper dedicated to managing access to user groups. Future permission related changes should be added here.
2023-08-23 00:11:09 +02:00
user-groups: Add create API endpoint. Significantly modified by tabbott for better security structure.
2017-11-01 10:04:16 +01:00
return user_group
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
@contextmanager
def lock_subgroups_with_respect_to_supergroup(
potential_subgroup_ids: Collection[int], potential_supergroup_id: int, acting_user: UserProfile
) -> Iterator[LockedUserGroupContext]:
"""This locks the user groups with the given potential_subgroup_ids, as well
as their indirect subgroups, followed by the potential supergroup. It
ensures that we lock the user groups in a consistent order topologically to
avoid unnecessary deadlocks on non-conflicting queries.
user_groups: Add API endpoint for updating subgroups of a user group.
2022-03-02 11:58:37 +01:00
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
Regardless of whether the user groups returned are used, always call this
helper before making changes to subgroup memberships. This avoids
introducing cycles among user groups when there is a race condition in
which one of these subgroups become an ancestor of the parent user group in
another transaction.
Note that it only does a permission check on the potential supergroup,
not the potential subgroups or their recursive subgroups.
"""
with transaction.atomic(savepoint=False):
# Calling list with the QuerySet forces its evaluation putting a lock on
# the queried rows.
recursive_subgroups = list(
get_recursive_subgroups_for_groups(
potential_subgroup_ids, acting_user.realm
).select_for_update(nowait=True)
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
)
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
# TODO: This select_for_update query is subject to deadlocking, and
# better error handling is needed. We may use
# select_for_update(nowait=True) and release the locks held by ending
# the transaction with a JsonableError by handling the DatabaseError.
# But at the current scale of concurrent requests, we rely on
# Postgres's deadlock detection when it occurs.
potential_supergroup = access_user_group_by_id(
potential_supergroup_id, acting_user, for_read=False
)
# We avoid making a separate query for user_group_ids because the
# recursive query already returns those user groups.
potential_subgroups = [
user_group
for user_group in recursive_subgroups
if user_group.id in potential_subgroup_ids
]
# We expect that the passed user_group_ids each corresponds to an
# existing user group.
group_ids_found = [group.id for group in potential_subgroups]
group_ids_not_found = [
group_id for group_id in potential_subgroup_ids if group_id not in group_ids_found
]
if group_ids_not_found:
raise JsonableError(
_("Invalid user group ID: {group_id}").format(group_id=group_ids_not_found[0])
)
user_groups: Add API endpoint for updating subgroups of a user group.
2022-03-02 11:58:37 +01:00
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
for subgroup in potential_subgroups:
# At this time, we only do a check on the realm ID of the fetched
# subgroup. This would be caught by the check earlier, so there is
# no coverage here.
if not has_user_group_access(subgroup, acting_user, for_read=False, as_subgroup=True):
raise JsonableError(_("Insufficient permission")) # nocoverage
yield LockedUserGroupContext(
direct_subgroups=potential_subgroups,
recursive_subgroups=recursive_subgroups,
supergroup=potential_supergroup,
)
user_groups: Add API endpoint for updating subgroups of a user group.
2022-03-02 11:58:37 +01:00
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
def check_setting_configuration_for_system_groups(
setting_group: NamedUserGroup,
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
setting_name: str,
user_groups: Pass config object to access_user_group_for_setting. We now pass the complete configuration object for a setting to access_user_group_for_setting instead of passing the configuration object's fields as different variables.
2023-09-18 16:55:58 +02:00
permission_configuration: GroupPermissionSetting,
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
) -> None:
if permission_configuration.require_system_group and not setting_group.is_system_group:
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
raise JsonableError(
_("'{setting_name}' must be a system user group.").format(setting_name=setting_name)
)
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
user_groups: Pass config object to access_user_group_for_setting. We now pass the complete configuration object for a setting to access_user_group_for_setting instead of passing the configuration object's fields as different variables.
2023-09-18 16:55:58 +02:00
if (
not permission_configuration.allow_internet_group
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
and setting_group.name == SystemGroups.EVERYONE_ON_INTERNET
user_groups: Pass config object to access_user_group_for_setting. We now pass the complete configuration object for a setting to access_user_group_for_setting instead of passing the configuration object's fields as different variables.
2023-09-18 16:55:58 +02:00
):
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("'{setting_name}' setting cannot be set to 'role:internet' group.").format(
setting_name=setting_name
)
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
)
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
if (
not permission_configuration.allow_owners_group
and setting_group.name == SystemGroups.OWNERS
):
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("'{setting_name}' setting cannot be set to 'role:owners' group.").format(
setting_name=setting_name
)
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
)
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
if (
not permission_configuration.allow_nobody_group
and setting_group.name == SystemGroups.NOBODY
):
user_groups: Add allow_nobody_group to access_user_group_for_setting. This commit adds allow_nobody_group parameter to access_user_group_for_setting with a default value of True.
2023-04-06 08:13:16 +02:00
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("'{setting_name}' setting cannot be set to 'role:nobody' group.").format(
setting_name=setting_name
)
user_groups: Add allow_nobody_group to access_user_group_for_setting. This commit adds allow_nobody_group parameter to access_user_group_for_setting with a default value of True.
2023-04-06 08:13:16 +02:00
)
user_groups: Pass config object to access_user_group_for_setting. We now pass the complete configuration object for a setting to access_user_group_for_setting instead of passing the configuration object's fields as different variables.
2023-09-18 16:55:58 +02:00
if (
not permission_configuration.allow_everyone_group
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
and setting_group.name == SystemGroups.EVERYONE
user_groups: Pass config object to access_user_group_for_setting. We now pass the complete configuration object for a setting to access_user_group_for_setting instead of passing the configuration object's fields as different variables.
2023-09-18 16:55:58 +02:00
):
settings: Disallow everyone group for new setting. This is important because the "guests" value isn't one that we'd expect anyone to pick intentionally, and in particular isn't an available option for the similar/adjacent "email invitations" setting.
2023-09-07 02:06:51 +02:00
raise JsonableError(
_("'{setting_name}' setting cannot be set to 'role:everyone' group.").format(
setting_name=setting_name
)
)
models: Add can_access_all_users_group setting. This commit adds new setting for controlling who can access all users in the realm which would have "Everyone" and "Members only" option. Fixes part of #10970.
2023-03-23 15:42:00 +01:00
if (
permission_configuration.allowed_system_groups
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
and setting_group.name not in permission_configuration.allowed_system_groups
models: Add can_access_all_users_group setting. This commit adds new setting for controlling who can access all users in the realm which would have "Everyone" and "Members only" option. Fixes part of #10970.
2023-03-23 15:42:00 +01:00
):
raise JsonableError(
_("'{setting_name}' setting cannot be set to '{group_name}' group.").format(
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
setting_name=setting_name, group_name=setting_group.name
models: Add can_access_all_users_group setting. This commit adds new setting for controlling who can access all users in the realm which would have "Everyone" and "Members only" option. Fixes part of #10970.
2023-03-23 15:42:00 +01:00
)
)
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
def update_or_create_user_group_for_setting(
realm: Realm,
direct_members: List[int],
direct_subgroups: List[int],
current_setting_value: Optional[UserGroup],
groups: Allow setting anonymous group to settings while creation. This commit adds support to set can_mention_group setting to anonymous group while group creation.
2024-04-29 05:51:48 +02:00
) -> UserGroup:
groups: Allow setting anonymous group to settings while editing. This commit adds support to set can_mention_group setting to anonymous group while editing groups.
2024-04-30 15:16:58 +02:00
if current_setting_value is not None and not hasattr(current_setting_value, "named_user_group"):
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
# We do not create a new group if the setting was already set
# to an anonymous group. The memberships of existing group
# itself are updated.
user_group = current_setting_value
else:
user_group = UserGroup.objects.create(realm=realm)
from zerver.lib.users import user_ids_to_users
member_users = user_ids_to_users(direct_members, realm)
user_group.direct_members.set(member_users)
potential_subgroups = NamedUserGroup.objects.filter(realm=realm, id__in=direct_subgroups)
group_ids_found = [group.id for group in potential_subgroups]
group_ids_not_found = [
group_id for group_id in direct_subgroups if group_id not in group_ids_found
]
if group_ids_not_found:
raise JsonableError(
_("Invalid user group ID: {group_id}").format(group_id=group_ids_not_found[0])
)
user_group.direct_subgroups.set(group_ids_found)
streams: Allow changing can_remove_subscribers_group through API. This commit adds API support to change can_remove_subscribers_group setting for a stream.
2022-09-16 14:27:38 +02:00
return user_group
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
def access_user_group_for_setting(
setting_user_group: Union[int, AnonymousSettingGroupDict],
user_profile: UserProfile,
*,
setting_name: str,
permission_configuration: GroupPermissionSetting,
current_setting_value: Optional[UserGroup] = None,
) -> UserGroup:
if isinstance(setting_user_group, int):
named_user_group = access_user_group_by_id(setting_user_group, user_profile, for_read=True)
check_setting_configuration_for_system_groups(
named_user_group, setting_name, permission_configuration
)
return named_user_group.usergroup_ptr
# The API would not allow passing the setting parameter as a Dict
# if require_system_group is true for a setting.
groups: Allow setting anonymous group to settings while creation. This commit adds support to set can_mention_group setting to anonymous group while group creation.
2024-04-29 05:51:48 +02:00
assert permission_configuration.require_system_group is False
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
user_group = update_or_create_user_group_for_setting(
user_profile.realm,
setting_user_group.direct_members,
setting_user_group.direct_subgroups,
current_setting_value,
groups: Allow setting anonymous group to settings while creation. This commit adds support to set can_mention_group setting to anonymous group while group creation.
2024-04-29 05:51:48 +02:00
)
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
groups: Allow setting anonymous group to settings while creation. This commit adds support to set can_mention_group setting to anonymous group while group creation.
2024-04-29 05:51:48 +02:00
return user_group
user_groups: Update access_user_group_for_setting. This commit updates access_user_group_for_setting to support setting anonymous user groups for different settings. There are some lines without coverage as of this commit, but the next few commits would add tests covering those.
2024-04-30 13:15:46 +02:00
user_groups: Add API restrictions for long user group names. Previously we had database level restriction on length of user group names. Now we add the same restriction to API level as well, so we can return a better error response.
2023-07-03 08:01:01 +02:00
def check_user_group_name(group_name: str) -> str:
user_groups: Do not allow empty group names in backend. We now raise error if a user tries to create a group with empty name or tries to update a group name to be empty.
2023-09-20 11:46:52 +02:00
if group_name.strip() == "":
raise JsonableError(_("User group name can't be empty!"))
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
if len(group_name) > NamedUserGroup.MAX_NAME_LENGTH:
user_groups: Add API restrictions for long user group names. Previously we had database level restriction on length of user group names. Now we add the same restriction to API level as well, so we can return a better error response.
2023-07-03 08:01:01 +02:00
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("User group name cannot exceed {max_length} characters.").format(
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
max_length=NamedUserGroup.MAX_NAME_LENGTH
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
)
user_groups: Add API restrictions for long user group names. Previously we had database level restriction on length of user group names. Now we add the same restriction to API level as well, so we can return a better error response.
2023-07-03 08:01:01 +02:00
)
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
for invalid_prefix in NamedUserGroup.INVALID_NAME_PREFIXES:
user_groups: Disallow certain prefixes in group name. We do not allow user group names to start with "@", "role:", "user:", "stream:" and "channel:". Group names starting with "@" look odd in mentions and "role:", "user:" and "stream:" prefixes are reserved for system groups which will be used in the new groups-based permission model. We do not allow "channel:" prefix for now just to be safe in a case where we use it instead of "stream:" prefix for stream based groups in future. Fixes part of #26148.
2023-07-03 08:20:48 +02:00
if group_name.startswith(invalid_prefix):
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
raise JsonableError(
_("User group name cannot start with '{prefix}'.").format(prefix=invalid_prefix)
)
user_groups: Disallow certain prefixes in group name. We do not allow user group names to start with "@", "role:", "user:", "stream:" and "channel:". Group names starting with "@" look odd in mentions and "role:", "user:" and "stream:" prefixes are reserved for system groups which will be used in the new groups-based permission model. We do not allow "channel:" prefix for now just to be safe in a case where we use it instead of "stream:" prefix for stream based groups in future. Fixes part of #26148.
2023-07-03 08:20:48 +02:00
user_groups: Add API restrictions for long user group names. Previously we had database level restriction on length of user group names. Now we add the same restriction to API level as well, so we can return a better error response.
2023-07-03 08:01:01 +02:00
return group_name
groups: Update group objects to pass anonymous groups data for settings. This commit updates code to handle the can_mention_group field correctly if the setting is set to an anonymous user group.
2024-05-02 05:52:37 +02:00
def get_group_setting_value_for_api(
setting_value_group: UserGroup,
) -> Union[int, AnonymousSettingGroupDict]:
if hasattr(setting_value_group, "named_user_group"):
return setting_value_group.id
return AnonymousSettingGroupDict(
direct_members=[member.id for member in setting_value_group.direct_members.all()],
direct_subgroups=[subgroup.id for subgroup in setting_value_group.direct_subgroups.all()],
)
typing: Tighten type annotation for serialized user groups. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-20 23:18:50 +02:00
def user_groups_in_realm_serialized(realm: Realm) -> List[UserGroupDict]:
user_groups: Fix reporting of empty user groups. Previously, we weren't doing a proper left join in user_groups_in_realm_serialized, resulting in empty user groups being excluded from the query. We want to leave decisions about excluding empty user groups to the UI layer, so we include these here.
2017-11-30 01:09:23 +01:00
"""This function is used in do_events_register code path so this code
should be performant. We need to do 2 database queries because
Django's ORM doesn't properly support the left join between
UserGroup and UserGroupMembership that we need.
user-groups: Add groups to page_params.
2017-11-07 07:56:26 +01:00
"""
groups: Update group objects to pass anonymous groups data for settings. This commit updates code to handle the can_mention_group field correctly if the setting is set to an anonymous user group.
2024-05-02 05:52:37 +02:00
realm_groups = (
NamedUserGroup.objects.select_related(
"can_mention_group", "can_mention_group__named_user_group"
)
# Using prefetch_related results in one query for each field. This is fine
# for now but would be problematic when more settings would be added.
#
# TODO: We should refactor it such that we only make two queries - one
# to fetch all the realm groups and the second to fetch all the groups
# that they point to and then set the setting fields for realm groups
# accordingly in Python.
.prefetch_related(
Prefetch("can_mention_group__direct_members", queryset=UserProfile.objects.only("id")),
Prefetch(
"can_mention_group__direct_subgroups", queryset=NamedUserGroup.objects.only("id")
),
)
.filter(realm=realm)
)
typing: Tighten type annotation for serialized user groups. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-20 23:18:50 +02:00
group_dicts: Dict[int, UserGroupDict] = {}
user_groups: Fix reporting of empty user groups. Previously, we weren't doing a proper left join in user_groups_in_realm_serialized, resulting in empty user groups being excluded from the query. We want to leave decisions about excluding empty user groups to the UI layer, so we include these here.
2017-11-30 01:09:23 +01:00
for user_group in realm_groups:
group_dicts[user_group.id] = dict(
id=user_group.id,
name=user_group.name,
description=user_group.description,
members=[],
user_groups: Rename subgroups fields to direct_subgroup_ids. This commit renames subgroups and subgroup_ids field sent in user group objects to direct_subgroup_ids for better readability.
2022-05-16 17:02:44 +02:00
direct_subgroup_ids=[],
user_groups: Add 'is_system_group' field to objects passed to clients.
2021-08-06 19:31:00 +02:00
is_system_group=user_group.is_system_group,
groups: Update group objects to pass anonymous groups data for settings. This commit updates code to handle the can_mention_group field correctly if the setting is set to an anonymous user group.
2024-05-02 05:52:37 +02:00
can_mention_group=get_group_setting_value_for_api(user_group.can_mention_group),
user_groups: Fix reporting of empty user groups. Previously, we weren't doing a proper left join in user_groups_in_realm_serialized, resulting in empty user groups being excluded from the query. We want to leave decisions about excluding empty user groups to the UI layer, so we include these here.
2017-11-30 01:09:23 +01:00
)
groups: Fix queries to get members and sugroups for user group objects. This commit fixes the queries to get members and subgroups for user group objects returned by user_groups_in_realm_serialized to not include the UserGroup objects which are not linked to a NamedUserGroup object, since the function only returns data for NamedUserGroup objects.
2024-05-02 05:46:09 +02:00
membership = (
UserGroupMembership.objects.filter(user_group__realm=realm)
.exclude(user_group__named_user_group=None)
.values_list("user_group_id", "user_profile_id")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
black: Reformat with Black 23. Black 23 enforces some slightly more specific rules about empty line counts and redundant parenthesis removal, but the result is still compatible with Black 22. (This does not actually upgrade our Python environment to Black 23 yet.) Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-02 04:35:24 +01:00
for user_group_id, user_profile_id in membership:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
group_dicts[user_group_id]["members"].append(user_profile_id)
user_groups: Add "subgroups" field to user group objects. This commit also adds 'subgroups' field to the user_group present in the event sent on creating a user group. We do not allow passing the subgroups while creating a user group as of this commit, but added the field in the event object to pass tests.
2022-02-28 11:50:33 +01:00
groups: Fix queries to get members and sugroups for user group objects. This commit fixes the queries to get members and subgroups for user group objects returned by user_groups_in_realm_serialized to not include the UserGroup objects which are not linked to a NamedUserGroup object, since the function only returns data for NamedUserGroup objects.
2024-05-02 05:46:09 +02:00
group_membership = (
GroupGroupMembership.objects.filter(subgroup__realm=realm)
.exclude(supergroup__named_user_group=None)
.values_list("subgroup_id", "supergroup_id")
user_groups: Add "subgroups" field to user group objects. This commit also adds 'subgroups' field to the user_group present in the event sent on creating a user group. We do not allow passing the subgroups while creating a user group as of this commit, but added the field in the event object to pass tests.
2022-02-28 11:50:33 +01:00
)
black: Reformat with Black 23. Black 23 enforces some slightly more specific rules about empty line counts and redundant parenthesis removal, but the result is still compatible with Black 22. (This does not actually upgrade our Python environment to Black 23 yet.) Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-02 04:35:24 +01:00
for subgroup_id, supergroup_id in group_membership:
user_groups: Rename subgroups fields to direct_subgroup_ids. This commit renames subgroups and subgroup_ids field sent in user group objects to direct_subgroup_ids for better readability.
2022-05-16 17:02:44 +02:00
group_dicts[supergroup_id]["direct_subgroup_ids"].append(subgroup_id)
user_groups: Add "subgroups" field to user group objects. This commit also adds 'subgroups' field to the user_group present in the event sent on creating a user group. We do not allow passing the subgroups while creating a user group as of this commit, but added the field in the event object to pass tests.
2022-02-28 11:50:33 +01:00
user_groups: Fix reporting of empty user groups. Previously, we weren't doing a proper left join in user_groups_in_realm_serialized, resulting in empty user groups being excluded from the query. We want to leave decisions about excluding empty user groups to the UI layer, so we include these here.
2017-11-30 01:09:23 +01:00
for group_dict in group_dicts.values():
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
group_dict["members"] = sorted(group_dict["members"])
user_groups: Rename subgroups fields to direct_subgroup_ids. This commit renames subgroups and subgroup_ids field sent in user group objects to direct_subgroup_ids for better readability.
2022-05-16 17:02:44 +02:00
group_dict["direct_subgroup_ids"] = sorted(group_dict["direct_subgroup_ids"])
user_groups: Fix reporting of empty user groups. Previously, we weren't doing a proper left join in user_groups_in_realm_serialized, resulting in empty user groups being excluded from the query. We want to leave decisions about excluding empty user groups to the UI layer, so we include these here.
2017-11-30 01:09:23 +01:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
return sorted(group_dicts.values(), key=lambda group_dict: group_dict["id"])
user-groups: Add groups to page_params.
2017-11-07 07:56:26 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
user_groups: Rename get_user_groups to get_direct_user_groups. This is a prep commit for new permissions model in which a user group would be able to have a subgroup. This commit renames get_user_groups to get_direct_user_groups to specify that the function is used only to fetch the direct groups that user is part of and not subgroups of the direct group. Extracted this commit from #19866. Co-authored-by: Anders Kaseorg <anders@zulip.com>
2021-10-09 19:53:03 +02:00
def get_direct_user_groups(user_profile: UserProfile) -> List[UserGroup]:
models: Add related_name to UserGroup and UserGroupMembership fields. This commit adds related_name parameter to UserGroup.direct_members such that we can use direct_groups instead of the default usergroupmembership_set for getting all the groups of which the user is direct member. This commit also sets related_name of UserGroupMembership.user_group and UserGroupMembership.user_profile to "+" which means that we will not be having backward relations for these. This change is correct since we would need to use the recursive queries to get all the groups of a user and all the members of a group after we add the subgroups concept in next commit. This leads to us using direct_members field of UserGroup instead of usergroupmembership_set in mention code, but this will soon be replaced with the recursive query function to include subgroup's members as well. Extracted this commit from #19866. Authored-by : Anders Kaseorg <anders@zulip.com>
2021-10-11 08:37:15 +02:00
return list(user_profile.direct_groups.all())
user-groups: Add basic backend for UserGroup model. This adds the data model and bugdown support for the new UserGroup mention feature. Before it'll be fully operational, we'll still need: * A backend API for making these. * A UI for interacting with that API. * Typeahead on the frontend. * CSS to make them look pretty and see who's in them.
2017-09-25 09:47:15 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
user_groups: Tighten function signatures with generic QuerySet. `member_ids` needs to be defined as an `Iterable` as it will otherwise inferred to have incompatible types in the else branch. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-23 19:53:41 +02:00
def get_user_group_direct_member_ids(
user_group: UserGroup,
typing: Import ValuesQuerySet alias from django_stubs_ext. This saves us from using a conditional import. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-19 21:48:53 +02:00
) -> ValuesQuerySet[UserGroupMembership, int]:
user_groups: Make get_user_group_direct_members query efficient. This commit makes the query in get_user_group_direct_members efficient by directly fetching user-profile ids instead of first fetching user profile object and then id.
2021-10-12 11:47:36 +02:00
return UserGroupMembership.objects.filter(user_group=user_group).values_list(
"user_profile_id", flat=True
)
user-groups: Add backend enforcing for new modification settings. Add function in user-groups.py for getting member ids for a group. Update view to enforce checks for modifying user-groups. Only admins and user group members can modify user-groups.
2018-02-19 13:38:18 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
user_groups: Tighten function signatures with generic QuerySet. `member_ids` needs to be defined as an `Iterable` as it will otherwise inferred to have incompatible types in the else branch. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-23 19:53:41 +02:00
def get_user_group_direct_members(user_group: UserGroup) -> QuerySet[UserProfile]:
user_groups: Add get_user_group_direct_members function. This commit adds get_user_group_direct_members function which returns a QuerySet of UserProfile and is used in is_user_in_group function.
2022-04-27 12:38:19 +02:00
return user_group.direct_members.all()
user_groups: Rename get_memberships_of_users. This is a prep commit for new permissions model in which a user group would be able to have a subgroup. This commit renames get_memberships_of_users to get_direct_memberships_of_users to specify that the function is used only to fetch the direct memberships and not memberships of subgroups of the direct group. Extracted this commit from #19866. Co-authored-by: Anders Kaseorg <anders@zulip.com>
2021-10-09 20:02:39 +02:00
def get_direct_memberships_of_users(user_group: UserGroup, members: List[UserProfile]) -> List[int]:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
return list(
UserGroupMembership.objects.filter(
user_group=user_group, user_profile__in=members
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
).values_list("user_profile_id", flat=True)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
# These recursive lookups use standard PostgreSQL common table
# expression (CTE) queries. These queries use the django-cte library,
# because upstream Django does not yet support CTE.
#
# https://www.postgresql.org/docs/current/queries-with.html
# https://pypi.org/project/django-cte/
# https://code.djangoproject.com/ticket/28919
python: Unquote some unnecessarily quoted type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 10:03:34 +02:00
def get_recursive_subgroups(user_group: UserGroup) -> QuerySet[UserGroup]:
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
cte = With.recursive(
lambda cte: UserGroup.objects.filter(id=user_group.id)
user_groups: Work around django-cte bug with Django 4.2. https://github.com/dimagi/django-cte/issues/66 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-07 02:03:03 +02:00
.values(group_id=F("id"))
groups: Update subgroup to be NamedUserGroup.
2024-04-20 17:03:33 +02:00
.union(
cte.join(NamedUserGroup, direct_supergroups=cte.col.group_id).values(group_id=F("id"))
)
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
)
user_groups: Work around django-cte bug with Django 4.2. https://github.com/dimagi/django-cte/issues/66 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-07 02:03:03 +02:00
return cte.join(UserGroup, id=cte.col.group_id).with_cte(cte)
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
groups: Update subgroup to be NamedUserGroup.
2024-04-20 17:03:33 +02:00
def get_recursive_strict_subgroups(user_group: UserGroup) -> QuerySet[NamedUserGroup]:
user_groups: Add get_recursive_strict_subgroups function. This commit adds get_recursive_strict_subgroups function which returns all the subgroups but not includes the user group passed to the function. We also update the test to check subgroups of named user groups using the get_recursive_strict_subgroups function. This is fine as we already test the get_recursive_subgroups function.
2024-04-24 11:26:50 +02:00
# Same as get_recursive_subgroups but does not include the
# user_group passed.
direct_subgroup_ids = user_group.direct_subgroups.all().values("id")
cte = With.recursive(
groups: Update subgroup to be NamedUserGroup.
2024-04-20 17:03:33 +02:00
lambda cte: NamedUserGroup.objects.filter(id__in=direct_subgroup_ids)
user_groups: Add get_recursive_strict_subgroups function. This commit adds get_recursive_strict_subgroups function which returns all the subgroups but not includes the user group passed to the function. We also update the test to check subgroups of named user groups using the get_recursive_strict_subgroups function. This is fine as we already test the get_recursive_subgroups function.
2024-04-24 11:26:50 +02:00
.values(group_id=F("id"))
groups: Update subgroup to be NamedUserGroup.
2024-04-20 17:03:33 +02:00
.union(
cte.join(NamedUserGroup, direct_supergroups=cte.col.group_id).values(group_id=F("id"))
)
user_groups: Add get_recursive_strict_subgroups function. This commit adds get_recursive_strict_subgroups function which returns all the subgroups but not includes the user group passed to the function. We also update the test to check subgroups of named user groups using the get_recursive_strict_subgroups function. This is fine as we already test the get_recursive_subgroups function.
2024-04-24 11:26:50 +02:00
)
groups: Update subgroup to be NamedUserGroup.
2024-04-20 17:03:33 +02:00
return cte.join(NamedUserGroup, id=cte.col.group_id).with_cte(cte)
user_groups: Add get_recursive_strict_subgroups function. This commit adds get_recursive_strict_subgroups function which returns all the subgroups but not includes the user group passed to the function. We also update the test to check subgroups of named user groups using the get_recursive_strict_subgroups function. This is fine as we already test the get_recursive_subgroups function.
2024-04-24 11:26:50 +02:00
python: Unquote some unnecessarily quoted type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 10:03:34 +02:00
def get_recursive_group_members(user_group: UserGroup) -> QuerySet[UserProfile]:
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
return UserProfile.objects.filter(direct_groups__in=get_recursive_subgroups(user_group))
python: Unquote some unnecessarily quoted type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 10:03:34 +02:00
def get_recursive_membership_groups(user_profile: UserProfile) -> QuerySet[UserGroup]:
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
cte = With.recursive(
user_groups: Work around django-cte bug with Django 4.2. https://github.com/dimagi/django-cte/issues/66 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-07 02:03:03 +02:00
lambda cte: user_profile.direct_groups.values(group_id=F("id")).union(
cte.join(UserGroup, direct_subgroups=cte.col.group_id).values(group_id=F("id"))
user_groups: Add a recursive group membership model. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-29 02:46:57 +02:00
)
)
user_groups: Work around django-cte bug with Django 4.2. https://github.com/dimagi/django-cte/issues/66 Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-04-07 02:03:03 +02:00
return cte.join(UserGroup, id=cte.col.group_id).with_cte(cte)
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
user_groups: Add is_user_in_group function. This commits adds is_user_in_group function which can be used to check whether a user is part of a user group or not. It also supports recursive parameter for including the members of all the subgroups as well.
2022-03-28 15:55:51 +02:00
def is_user_in_group(
user_group: UserGroup, user: UserProfile, *, direct_member_only: bool = False
) -> bool:
if direct_member_only:
user_groups: Add get_user_group_direct_members function. This commit adds get_user_group_direct_members function which returns a QuerySet of UserProfile and is used in is_user_in_group function.
2022-04-27 12:38:19 +02:00
return get_user_group_direct_members(user_group=user_group).filter(id=user.id).exists()
user_groups: Add is_user_in_group function. This commits adds is_user_in_group function which can be used to check whether a user is part of a user group or not. It also supports recursive parameter for including the members of all the subgroups as well.
2022-03-28 15:55:51 +02:00
return get_recursive_group_members(user_group=user_group).filter(id=user.id).exists()
user_groups: Add API endpoint to get members of a user group. This commit adds 'GET /user_groups/{user_group_id}/members' endpoint to get members of a user group. "direct_member_only" parameter can be passed as True to the endpoint to get only direct members of the user group and not the members of subgroup.
2022-03-24 11:39:57 +01:00
def get_user_group_member_ids(
user_group: UserGroup, *, direct_member_only: bool = False
) -> List[int]:
if direct_member_only:
user_groups: Tighten function signatures with generic QuerySet. `member_ids` needs to be defined as an `Iterable` as it will otherwise inferred to have incompatible types in the else branch. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-23 19:53:41 +02:00
member_ids: Iterable[int] = get_user_group_direct_member_ids(user_group)
user_groups: Add API endpoint to get members of a user group. This commit adds 'GET /user_groups/{user_group_id}/members' endpoint to get members of a user group. "direct_member_only" parameter can be passed as True to the endpoint to get only direct members of the user group and not the members of subgroup.
2022-03-24 11:39:57 +01:00
else:
member_ids = get_recursive_group_members(user_group).values_list("id", flat=True)
return list(member_ids)
user_groups: Add API endpoint to get subgroups of a user group.
2022-04-04 13:59:25 +02:00
def get_subgroup_ids(user_group: UserGroup, *, direct_subgroup_only: bool = False) -> List[int]:
if direct_subgroup_only:
subgroup_ids = user_group.direct_subgroups.all().values_list("id", flat=True)
else:
user_groups: Add get_recursive_strict_subgroups function. This commit adds get_recursive_strict_subgroups function which returns all the subgroups but not includes the user group passed to the function. We also update the test to check subgroups of named user groups using the get_recursive_strict_subgroups function. This is fine as we already test the get_recursive_subgroups function.
2024-04-24 11:26:50 +02:00
subgroup_ids = get_recursive_strict_subgroups(user_group).values_list("id", flat=True)
user_groups: Add API endpoint to get subgroups of a user group.
2022-04-04 13:59:25 +02:00
return list(subgroup_ids)
user_groups: Make locks required for updating user group memberships. **Background** User groups are expected to comply with the DAG constraint for the many-to-many inter-group membership. The check for this constraint has to be performed recursively so that we can find all direct and indirect subgroups of the user group to be added. This kind of check is vulnerable to phantom reads which is possible at the default read committed isolation level because we cannot guarantee that the check is still valid when we are adding the subgroups to the user group. **Solution** To avoid having another transaction concurrently update one of the to-be-subgroup after the recursive check is done, and before the subgroup is added, we use SELECT FOR UPDATE to lock the user group rows. The lock needs to be acquired before a group membership change is about to occur before any check has been conducted. Suppose that we are adding subgroup B to supergroup A, the locking protocol is specified as follows: 1. Acquire a lock for B and all its direct and indirect subgroups. 2. Acquire a lock for A. For the removal of user groups, we acquire a lock for the user group to be removed with all its direct and indirect subgroups. This is the special case A=B, which is still complaint with the protocol. **Error handling** We currently rely on Postgres' deadlock detection to abort transactions and show an error for the users. In the future, we might need some recovery mechanism or at least better error handling. **Notes** An important note is that we need to reuse the recursive CTE query that finds the direct and indirect subgroups when applying the lock on the rows. And the lock needs to be acquired the same way for the addition and removal of direct subgroups. User membership change (as opposed to user group membership) is not affected. Read-only queries aren't either. The locks only protect critical regions where the user group dependency graph might violate the DAG constraint, where users are not participating. **Testing** We implement a transaction test case targeting some typical scenarios when an internal server error is expected to happen (this means that the user group view makes the correct decision to abort the transaction when something goes wrong with locks). To achieve this, we add a development view intended only for unit tests. It has a global BARRIER that can be shared across threads, so that we can synchronize them to consistently reproduce certain potential race conditions prevented by the database locks. The transaction test case lanuches pairs of threads initiating possibly conflicting requests at the same time. The tests are set up such that exactly N of them are expected to succeed with a certain error message (while we don't know each one). **Security notes** get_recursive_subgroups_for_groups will no longer fetch user groups from other realms. As a result, trying to add/remove a subgroup from another realm results in a UserGroup not found error response. We also implement subgroup-specific checks in has_user_group_access to keep permission managing in a single place. Do note that the API currently don't have a way to violate that check because we are only checking the realm ID now.
2023-06-17 04:39:52 +02:00
def get_recursive_subgroups_for_groups(
user_group_ids: Iterable[int], realm: Realm
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
) -> QuerySet[NamedUserGroup]:
user_groups: Prevent cycles when adding subgroups for a user group. The user group depedency graph should always be a DAG. This commit adds code to make sure we keep the graph DAG while adding subgroups to a user group. Fixes #25913.
2023-06-10 10:00:56 +02:00
cte = With.recursive(
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
lambda cte: NamedUserGroup.objects.filter(id__in=user_group_ids, realm=realm)
user_groups: Prevent cycles when adding subgroups for a user group. The user group depedency graph should always be a DAG. This commit adds code to make sure we keep the graph DAG while adding subgroups to a user group. Fixes #25913.
2023-06-10 10:00:56 +02:00
.values(group_id=F("id"))
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
.union(
cte.join(NamedUserGroup, direct_supergroups=cte.col.group_id).values(group_id=F("id"))
)
user_groups: Prevent cycles when adding subgroups for a user group. The user group depedency graph should always be a DAG. This commit adds code to make sure we keep the graph DAG while adding subgroups to a user group. Fixes #25913.
2023-06-10 10:00:56 +02:00
)
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
recursive_subgroups = cte.join(NamedUserGroup, id=cte.col.group_id).with_cte(cte)
user_groups: Return a QuerySet for recursive subgroups query. This makes it more consistent with other recursive queries and allow better composability.
2023-06-17 03:59:22 +02:00
return recursive_subgroups
user_groups: Prevent cycles when adding subgroups for a user group. The user group depedency graph should always be a DAG. This commit adds code to make sure we keep the graph DAG while adding subgroups to a user group. Fixes #25913.
2023-06-10 10:00:56 +02:00
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
def get_role_based_system_groups_dict(realm: Realm) -> Dict[str, NamedUserGroup]:
groups: Use NamedUserGroup for all queries.
2024-04-02 18:39:18 +02:00
system_groups = NamedUserGroup.objects.filter(realm=realm, is_system_group=True).select_related(
"usergroup_ptr"
)
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
system_groups_name_dict = {}
for group in system_groups:
system_groups_name_dict[group.name] = group
return system_groups_name_dict
def set_defaults_for_group_settings(
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
user_group: NamedUserGroup,
user_groups: Add support to set can_mention_group during creation. This commit adds API support to set can_mention_group while creating a user group. Fixes a part of #25927.
2023-06-14 16:48:58 +02:00
group_settings_map: Mapping[str, UserGroup],
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
system_groups_name_dict: Dict[str, NamedUserGroup],
) -> NamedUserGroup:
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
for setting_name, permission_config in NamedUserGroup.GROUP_PERMISSION_SETTINGS.items():
user_groups: Add support to set can_mention_group during creation. This commit adds API support to set can_mention_group while creating a user group. Fixes a part of #25927.
2023-06-14 16:48:58 +02:00
if setting_name in group_settings_map:
# We skip the settings for which a value is passed
# in user group creation API request.
continue
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
if user_group.is_system_group and permission_config.default_for_system_groups is not None:
default_group_name = permission_config.default_for_system_groups
else:
default_group_name = permission_config.default_group_name
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
default_group = system_groups_name_dict[default_group_name].usergroup_ptr
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
setattr(user_group, setting_name, default_group)
return user_group
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
def bulk_create_system_user_groups(groups: List[Dict[str, str]], realm: Realm) -> None:
# This value will be used to set the temporary initial value for different
# settings since we can only set them to the correct values after the groups
# are created.
initial_group_setting_value = -1
user_groups: Remove unneeded fields from UserGroup model. This commit removes name, description, is_system_group and can_mention_group fields from UserGroup model and rename them in NamedUserGroup model. Fixes #29554.
2024-04-18 18:59:50 +02:00
rows = [SQL("({})").format(Literal(realm.id))] * len(groups)
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
query = SQL(
"""
user_groups: Remove unneeded fields from UserGroup model. This commit removes name, description, is_system_group and can_mention_group fields from UserGroup model and rename them in NamedUserGroup model. Fixes #29554.
2024-04-18 18:59:50 +02:00
INSERT INTO zerver_usergroup (realm_id)
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
VALUES {rows}
RETURNING id
"""
).format(rows=SQL(", ").join(rows))
with connection.cursor() as cursor:
cursor.execute(query)
user_group_ids = [id for (id,) in cursor.fetchall()]
rows = [
SQL("({},{},{},{},{},{})").format(
Literal(user_group_ids[idx]),
Literal(realm.id),
Literal(group["name"]),
Literal(group["description"]),
Literal(True),
Literal(initial_group_setting_value),
)
for idx, group in enumerate(groups)
]
query = SQL(
"""
INSERT INTO zerver_namedusergroup (usergroup_ptr_id, realm_id, name, description, is_system_group, can_mention_group_id)
VALUES {rows}
"""
).format(rows=SQL(", ").join(rows))
with connection.cursor() as cursor:
cursor.execute(query)
user_groups: Make system groups creation atomic. We want to make sure that the system groups, once created, will always have the GroupGroupMemberships fully set up. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-06-05 23:31:10 +02:00
@transaction.atomic(savepoint=False)
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
def create_system_user_groups_for_realm(realm: Realm) -> Dict[int, NamedUserGroup]:
user_groups: Add members to the System groups created. This commit adds users to the appropriate system user group based on their role. We also change the user groups when changing role of the user. We also add migration to add existing users to the appropriate user groups. This commit adds update_users_in_full_members_system_group which is currently used to update the full members group on changing role of a user. This function will be modified in next commit such that it can be used to update full members group on changing waiting_period_threshold setting of realm.
2021-08-12 12:15:06 +02:00
"""Any changes to this function likely require a migration to adjust
create_system_user_groups_for_realm: Tweak docstring. The migration number is 0382. 0375 must have been the number before rebasing and didn't get updated in the docstring.
2022-08-01 18:19:31 +02:00
existing realms. See e.g. migration 0382_create_role_based_system_groups.py,
user_groups: Add members to the System groups created. This commit adds users to the appropriate system user group based on their role. We also change the user groups when changing role of the user. We also add migration to add existing users to the appropriate user groups. This commit adds update_users_in_full_members_system_group which is currently used to update the full members group on changing role of a user. This function will be modified in next commit such that it can be used to update full members group on changing waiting_period_threshold setting of realm.
2021-08-12 12:15:06 +02:00
which is a copy of this function from when we introduced system groups.
"""
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
role_system_groups_dict: Dict[int, NamedUserGroup] = {}
system_groups_info_list: List[Dict[str, str]] = []
nobody_group_info = {
"name": SystemGroups.NOBODY,
"description": "Nobody",
}
full_members_group_info = {
"name": SystemGroups.FULL_MEMBERS,
"description": "Members of this organization, not including new accounts and guests",
}
everyone_on_internet_group_info = {
"name": SystemGroups.EVERYONE_ON_INTERNET,
"description": "Everyone on the Internet",
}
system_groups_info_list = [
nobody_group_info,
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[UserProfile.ROLE_REALM_OWNER],
NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[UserProfile.ROLE_REALM_ADMINISTRATOR],
NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[UserProfile.ROLE_MODERATOR],
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
full_members_group_info,
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[UserProfile.ROLE_MEMBER],
NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[UserProfile.ROLE_GUEST],
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
everyone_on_internet_group_info,
]
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
bulk_create_system_user_groups(system_groups_info_list, realm)
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
system_groups_name_dict: Dict[str, NamedUserGroup] = get_role_based_system_groups_dict(realm)
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
for role in NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP:
group_name = NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[role]["name"]
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
role_system_groups_dict[role] = system_groups_name_dict[group_name]
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
# Order of this list here is important to create correct GroupGroupMembership objects
user_groups: Audit UserGroup memberships changes. This also add audit log entries during user creation and role change, because we modify system group memberships there. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 07:26:34 +01:00
# Note that because we do not create user memberships here, no audit log entries for
# user memberships are populated either.
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
system_user_groups_list = [
user_groups: Create NamedUserGroup objects when creating new groups.
2024-04-16 16:05:43 +02:00
system_groups_name_dict[SystemGroups.NOBODY],
system_groups_name_dict[SystemGroups.OWNERS],
system_groups_name_dict[SystemGroups.ADMINISTRATORS],
system_groups_name_dict[SystemGroups.MODERATORS],
system_groups_name_dict[SystemGroups.FULL_MEMBERS],
system_groups_name_dict[SystemGroups.MEMBERS],
system_groups_name_dict[SystemGroups.EVERYONE],
system_groups_name_dict[SystemGroups.EVERYONE_ON_INTERNET],
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
]
user_groups: Audit UserGroup creation. We also create RealmAuditLog entries for the initial memberships that get added along with the creation of a UserGroup. System user groups are not created with members so no audit logs are populated for that. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 05:43:03 +01:00
creation_time = timezone_now()
user_groups: Audit UserGroup subgroup memberships changes. It's worth noting that instead of adding another field to the RealmAuditLog model, we store the modified subgroup ids in extra_data as a JSON encoded dict with the key "subgroup_ids". We don't create audit log entries for supergroup changes at this point. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
realmauditlog_objects = [
user_groups: Audit UserGroup creation. We also create RealmAuditLog entries for the initial memberships that get added along with the creation of a UserGroup. System user groups are not created with members so no audit logs are populated for that. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-21 05:43:03 +01:00
RealmAuditLog(
realm=realm,
acting_user=None,
event_type=RealmAuditLog.USER_GROUP_CREATED,
event_time=creation_time,
modified_user_group=user_group,
)
for user_group in system_user_groups_list
user_groups: Audit UserGroup subgroup memberships changes. It's worth noting that instead of adding another field to the RealmAuditLog model, we store the modified subgroup ids in extra_data as a JSON encoded dict with the key "subgroup_ids". We don't create audit log entries for supergroup changes at this point. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
]
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
groups_with_updated_settings = []
for group in system_user_groups_list:
user_groups: Add support to set can_mention_group during creation. This commit adds API support to set can_mention_group while creating a user group. Fixes a part of #25927.
2023-06-14 16:48:58 +02:00
user_group = set_defaults_for_group_settings(group, {}, system_groups_name_dict)
audit_log: Update audit log entries created while creating a group. Earlier a extra audit log entry of type USER_GROUP_GROUP_BASED_SETTING_CHANGED was made when a new user group is created. This commit updates the code to not create that audit log entry. There is no need to create these entry as we would still have the required data from the "OLD_VALUE" field in the audit log entry created when changing the setting and this also makes it consistent with the entries created for other operations like stream creation.
2023-09-03 13:41:31 +02:00
groups_with_updated_settings.append(user_group)
user_groups: Remove unneeded fields from UserGroup model. This commit removes name, description, is_system_group and can_mention_group fields from UserGroup model and rename them in NamedUserGroup model. Fixes #29554.
2024-04-18 18:59:50 +02:00
NamedUserGroup.objects.bulk_update(groups_with_updated_settings, ["can_mention_group"])
user_groups: Add can_mention_group setting. This commit adds a new can_mention_group setting which will be used to determine who can mention a particular group. Fixes a part of #25927.
2023-06-12 13:27:47 +02:00
user_groups: Audit UserGroup subgroup memberships changes. It's worth noting that instead of adding another field to the RealmAuditLog model, we store the modified subgroup ids in extra_data as a JSON encoded dict with the key "subgroup_ids". We don't create audit log entries for supergroup changes at this point. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
subgroup_objects: List[GroupGroupMembership] = []
user_groups: Add "Nobody" system user group. This commit adds code to create a "Nobody" system user group to realms which will be used in settings to represent "Nobody" option. We also add a migration to add this group to existing realms.
2023-03-27 05:28:12 +02:00
# "Nobody" system group is not a subgroup of any user group, since it is already empty.
subgroup, remaining_groups = system_user_groups_list[1], system_user_groups_list[2:]
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
for supergroup in remaining_groups:
subgroup_objects.append(GroupGroupMembership(subgroup=subgroup, supergroup=supergroup))
user_groups: Audit UserGroup supergroup memberships changes. This is mostly the same as tracking subgroup changes, except that now modified_user_group is the subgroup. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
now = timezone_now()
realmauditlog_objects.extend(
[
RealmAuditLog(
realm=realm,
modified_user_group=supergroup,
event_type=RealmAuditLog.USER_GROUP_DIRECT_SUBGROUP_MEMBERSHIP_ADDED,
event_time=now,
acting_user=None,
migration: Rename extra_data_json to extra_data in audit log models. This migration applies under the assumption that extra_data_json has been populated for all existing and coming audit log entries. - This removes the manual conversions back and forth for extra_data throughout the codebase including the orjson.loads(), orjson.dumps(), and str() calls. - The custom handler used for converting Decimal is removed since DjangoJSONEncoder handles that for extra_data. - We remove None-checks for extra_data because it is now no longer nullable. - Meanwhile, we want the bouncer to support processing RealmAuditLog entries for remote servers before and after the JSONField migration on extra_data. - Since now extra_data should always be a dict for the newer remote server, which is now migrated, the test cases are updated to create RealmAuditLog objects by passing a dict for extra_data before sending over the analytics data. Note that while JSONField allows for non-dict values, a proper remote server always passes a dict for extra_data. - We still test out the legacy extra_data format because not all remote servers have migrated to use JSONField extra_data. This verifies that support for extra_data being a string or None has not been dropped. Co-authored-by: Siddharth Asthana <siddharthasthana31@gmail.com> Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-07-13 19:46:06 +02:00
extra_data={"subgroup_ids": [subgroup.id]},
user_groups: Audit UserGroup supergroup memberships changes. This is mostly the same as tracking subgroup changes, except that now modified_user_group is the subgroup. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
),
RealmAuditLog(
realm=realm,
modified_user_group=subgroup,
event_type=RealmAuditLog.USER_GROUP_DIRECT_SUPERGROUP_MEMBERSHIP_ADDED,
event_time=now,
acting_user=None,
migration: Rename extra_data_json to extra_data in audit log models. This migration applies under the assumption that extra_data_json has been populated for all existing and coming audit log entries. - This removes the manual conversions back and forth for extra_data throughout the codebase including the orjson.loads(), orjson.dumps(), and str() calls. - The custom handler used for converting Decimal is removed since DjangoJSONEncoder handles that for extra_data. - We remove None-checks for extra_data because it is now no longer nullable. - Meanwhile, we want the bouncer to support processing RealmAuditLog entries for remote servers before and after the JSONField migration on extra_data. - Since now extra_data should always be a dict for the newer remote server, which is now migrated, the test cases are updated to create RealmAuditLog objects by passing a dict for extra_data before sending over the analytics data. Note that while JSONField allows for non-dict values, a proper remote server always passes a dict for extra_data. - We still test out the legacy extra_data format because not all remote servers have migrated to use JSONField extra_data. This verifies that support for extra_data being a string or None has not been dropped. Co-authored-by: Siddharth Asthana <siddharthasthana31@gmail.com> Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-07-13 19:46:06 +02:00
extra_data={"supergroup_ids": [supergroup.id]},
user_groups: Audit UserGroup supergroup memberships changes. This is mostly the same as tracking subgroup changes, except that now modified_user_group is the subgroup. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
),
]
user_groups: Audit UserGroup subgroup memberships changes. It's worth noting that instead of adding another field to the RealmAuditLog model, we store the modified subgroup ids in extra_data as a JSON encoded dict with the key "subgroup_ids". We don't create audit log entries for supergroup changes at this point. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
)
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
subgroup = supergroup
GroupGroupMembership.objects.bulk_create(subgroup_objects)
user_groups: Audit UserGroup subgroup memberships changes. It's worth noting that instead of adding another field to the RealmAuditLog model, we store the modified subgroup ids in extra_data as a JSON encoded dict with the key "subgroup_ids". We don't create audit log entries for supergroup changes at this point. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-12-12 03:29:10 +01:00
RealmAuditLog.objects.bulk_create(realmauditlog_objects)
realm: Create role-based system user groups on creating realm. We create system user groups for following roles - owners, admins, moderators, members and guests. Full members user group will be handled separately.
2021-08-11 15:10:17 +02:00
return role_system_groups_dict
user_groups: Add members to the System groups created. This commit adds users to the appropriate system user group based on their role. We also change the user groups when changing role of the user. We also add migration to add existing users to the appropriate user groups. This commit adds update_users_in_full_members_system_group which is currently used to update the full members group on changing role of a user. This function will be modified in next commit such that it can be used to update full members group on changing waiting_period_threshold setting of realm.
2021-08-12 12:15:06 +02:00
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
def get_system_user_group_for_user(user_profile: UserProfile) -> NamedUserGroup:
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
system_user_group_name = NamedUserGroup.SYSTEM_USER_GROUP_ROLE_MAP[user_profile.role]["name"]
user_groups: Add members to the System groups created. This commit adds users to the appropriate system user group based on their role. We also change the user groups when changing role of the user. We also add migration to add existing users to the appropriate user groups. This commit adds update_users_in_full_members_system_group which is currently used to update the full members group on changing role of a user. This function will be modified in next commit such that it can be used to update full members group on changing waiting_period_threshold setting of realm.
2021-08-12 12:15:06 +02:00
user_groups: Update code in actions module to use NamedUserGroup.
2024-04-17 05:45:32 +02:00
system_user_group = NamedUserGroup.objects.get(
user_groups: Add members to the System groups created. This commit adds users to the appropriate system user group based on their role. We also change the user groups when changing role of the user. We also add migration to add existing users to the appropriate user groups. This commit adds update_users_in_full_members_system_group which is currently used to update the full members group on changing role of a user. This function will be modified in next commit such that it can be used to update full members group on changing waiting_period_threshold setting of realm.
2021-08-12 12:15:06 +02:00
name=system_user_group_name, realm=user_profile.realm, is_system_group=True
)
return system_user_group
register: Pass the configuration objects for group settings in response. This commit adds code to pass configuration objects for group permission settings in register response to clients such that we do need to duplicate that data in clients and can avoid future bugs due to inconsistency. The "server_supported_permission_settings" field is included in the response if "realm" is present in "fetch_event_types", as this is what we do for other server-related fields.
2023-10-19 16:50:26 +02:00
def get_server_supported_permission_settings() -> ServerSupportedPermissionSettings:
return ServerSupportedPermissionSettings(
ruff: Fix PERF403 Use a dictionary comprehension instead of a for-loop. This is a preview rule, not yet enabled by default. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 03:02:52 +01:00
realm=Realm.REALM_PERMISSION_GROUP_SETTINGS,
stream=Stream.stream_permission_group_settings,
groups: Move constants inside NamedUserGroup.
2024-04-18 10:50:51 +02:00
group=NamedUserGroup.GROUP_PERMISSION_SETTINGS,
register: Pass the configuration objects for group settings in response. This commit adds code to pass configuration objects for group permission settings in register response to clients such that we do need to duplicate that data in clients and can avoid future bugs due to inconsistency. The "server_supported_permission_settings" field is included in the response if "realm" is present in "fetch_event_types", as this is what we do for other server-related fields.
2023-10-19 16:50:26 +02:00
)
groups: Move functions for updating settings to "lib.user_groups". This commit moves validate_group_setting_value_change, are_both_setting_values_equal and parse_group_setting_value functions, which are used for updating the group settings, to "zerver.lib.user_groups" as these functions will also be used for group based realm and stream settings and "zerver.lib.user_groups" file seems a better place to place such functions which are used at multiple places. For same reasons, we also move GroupSettingChangeRequest dataclass to "zerver.lib.user_groups" file.
2024-05-16 17:58:43 +02:00
def parse_group_setting_value(
setting_value: Union[int, AnonymousSettingGroupDict],
) -> Union[int, AnonymousSettingGroupDict]:
if isinstance(setting_value, int):
return setting_value
if len(setting_value.direct_members) == 0 and len(setting_value.direct_subgroups) == 1:
return setting_value.direct_subgroups[0]
return setting_value
user_groups: Rename are_both_setting_values_equal function. This commit renames are_both_setting_values_equal function to are_both_group_setting_values_equal to make it clear that this function is used to compare value of group settings.
2024-05-16 18:10:01 +02:00
def are_both_group_setting_values_equal(
groups: Move functions for updating settings to "lib.user_groups". This commit moves validate_group_setting_value_change, are_both_setting_values_equal and parse_group_setting_value functions, which are used for updating the group settings, to "zerver.lib.user_groups" as these functions will also be used for group based realm and stream settings and "zerver.lib.user_groups" file seems a better place to place such functions which are used at multiple places. For same reasons, we also move GroupSettingChangeRequest dataclass to "zerver.lib.user_groups" file.
2024-05-16 17:58:43 +02:00
first_setting_value: Union[int, AnonymousSettingGroupDict],
second_setting_value: Union[int, AnonymousSettingGroupDict],
) -> bool:
if isinstance(first_setting_value, int) and isinstance(second_setting_value, int):
return first_setting_value == second_setting_value
if isinstance(first_setting_value, AnonymousSettingGroupDict) and isinstance(
second_setting_value, AnonymousSettingGroupDict
):
return set(first_setting_value.direct_members) == set(
second_setting_value.direct_members
) and set(first_setting_value.direct_subgroups) == set(
second_setting_value.direct_subgroups
)
return False
def validate_group_setting_value_change(
current_value: UserGroup,
new_setting_value: Union[int, AnonymousSettingGroupDict],
expected_current_setting_value: Optional[Union[int, AnonymousSettingGroupDict]],
) -> bool:
current_setting_api_value = get_group_setting_value_for_api(current_value)
user_groups: Rename are_both_setting_values_equal function. This commit renames are_both_setting_values_equal function to are_both_group_setting_values_equal to make it clear that this function is used to compare value of group settings.
2024-05-16 18:10:01 +02:00
if expected_current_setting_value is not None and not are_both_group_setting_values_equal(
groups: Move functions for updating settings to "lib.user_groups". This commit moves validate_group_setting_value_change, are_both_setting_values_equal and parse_group_setting_value functions, which are used for updating the group settings, to "zerver.lib.user_groups" as these functions will also be used for group based realm and stream settings and "zerver.lib.user_groups" file seems a better place to place such functions which are used at multiple places. For same reasons, we also move GroupSettingChangeRequest dataclass to "zerver.lib.user_groups" file.
2024-05-16 17:58:43 +02:00
expected_current_setting_value,
current_setting_api_value,
):
# This check is here to help prevent races, by refusing to
# change a setting where the client (and thus the UI presented
# to user) showed a different existing state.
raise PreviousSettingValueMismatchedError
user_groups: Rename are_both_setting_values_equal function. This commit renames are_both_setting_values_equal function to are_both_group_setting_values_equal to make it clear that this function is used to compare value of group settings.
2024-05-16 18:10:01 +02:00
return not are_both_group_setting_values_equal(current_setting_api_value, new_setting_value)