zulip/zerver/views/muted_users.py

from django.db import IntegrityError
from django.http import HttpRequest, HttpResponse
from django.utils.timezone import now as timezone_now
from django.utils.translation import gettext as _

from zerver.actions.muted_users import do_mute_user, do_unmute_user
from zerver.lib.exceptions import JsonableError
from zerver.lib.muted_users import get_mute_object
from zerver.lib.response import json_success
from zerver.lib.users import access_user_by_id_including_cross_realm
from zerver.models import UserProfile


def mute_user(request: HttpRequest, user_profile: UserProfile, muted_user_id: int) -> HttpResponse:
    if user_profile.id == muted_user_id:
        raise JsonableError(_("Cannot mute self"))

    # Arguably, access_used_by_id is not quite the right check; in the
    # corner case of a limited guest trying to mute a deactivated user
    # who they no longer have access to because the user was
    # deactivated... it might from a policy perspective be OK to allow
    # that operation even though this API will reject it.
    #
    # But it's quite possibly something nobody will try to do, so we
    # just reuse the existing shared code path.
    muted_user = access_user_by_id_including_cross_realm(
        user_profile, muted_user_id, allow_bots=True, allow_deactivated=True, for_admin=False
    )
    date_muted = timezone_now()

    try:
        do_mute_user(user_profile, muted_user, date_muted)
    except IntegrityError:
        raise JsonableError(_("User already muted"))

    return json_success(request)


def unmute_user(
    request: HttpRequest, user_profile: UserProfile, muted_user_id: int
) -> HttpResponse:
    muted_user = access_user_by_id_including_cross_realm(
        user_profile, muted_user_id, allow_bots=True, allow_deactivated=True, for_admin=False
    )
    mute_object = get_mute_object(user_profile, muted_user)

    if mute_object is None:
        raise JsonableError(_("User is not muted"))

    do_unmute_user(mute_object)
    return json_success(request)
topic: Return JsonableError for race condition in topic mute. To avoid an uncaught IntegrityError causing a 500 HTTP response in a race between two processes trying to mute a topic, we catch the integrity error and raise the error exception with status 400 we'd have gotten if the second request had been a bit later. Fixes #21011. 2022-02-09 16:49:46 +01:00			`from django.db import IntegrityError`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`from django.http import HttpRequest, HttpResponse`
muting: Record DateTime when a Topic is muted. This includes the necessary migration to add the date_muted field to the MutedTopic class and populates it with a hard coded value. 2020-01-17 16:01:00 +01:00			`from django.utils.timezone import now as timezone_now`
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-04-16 00:57:30 +02:00			`from django.utils.translation import gettext as _`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
actions: Split out zerver.actions.muted_users. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-04-14 23:55:22 +02:00			`from zerver.actions.muted_users import do_mute_user, do_unmute_user`
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes. 2021-06-30 18:35:50 +02:00			`from zerver.lib.exceptions import JsonableError`
muted users: Make file naming consistent. This makes the names of the relevant files consistant with the database model name as well as the frontend JS files. 2023-02-10 14:33:24 +01:00			`from zerver.lib.muted_users import get_mute_object`
lint: Fix import sort order. 2023-02-11 00:47:32 +01:00			`from zerver.lib.response import json_success`
bots: Fix muting of cross realm bots. Previously, we weren't able to mute the cross realm bots. This was because, for muting the users, we access only those profiles which are in realm, excluding the cross realm system bots. This is fixed by replacing the access_user_by_id method with a new method access_user_by_id_including_cross_realm for this specific test. Fixes #27823 2023-11-27 05:39:27 +01:00			`from zerver.lib.users import access_user_by_id_including_cross_realm`
views: Remove unused imports. Signed-off-by: Anders Kaseorg <andersk@mit.edu> 2019-02-02 23:53:22 +01:00			`from zerver.models import UserProfile`
Add MutedTopic model. This commit completely switches us over to using a dedicated model called MutedTopic to track which topics a user has muted. This includes the necessary migrations to create the table and populate it from legacy data in UserProfile. A subsequent commit will actually remove the old field in UserProfile. 2017-08-30 02:19:34 +02:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
mute user: Add backend infrastructure code. Adds backend code for the mute users feature. This is just infrastructure work (database interactions, helpers, tests, events, API docs etc) and does not involve any behavioral/semantic aspects of muted users. Adds POST and DELETE endpoints, to keep the URL scheme mostly consistent in terms of `users/me`. TODOs: 1. Add tests for exporting `zulip_muteduser` database table. 2. Add dedicated methods to python-zulip-api to be used in place of the current `client.call_endpoint` implementation. 2021-03-27 12:23:32 +01:00			`def mute_user(request: HttpRequest, user_profile: UserProfile, muted_user_id: int) -> HttpResponse:`
			`if user_profile.id == muted_user_id:`
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes. 2021-06-30 18:35:50 +02:00			`raise JsonableError(_("Cannot mute self"))`
mute user: Add backend infrastructure code. Adds backend code for the mute users feature. This is just infrastructure work (database interactions, helpers, tests, events, API docs etc) and does not involve any behavioral/semantic aspects of muted users. Adds POST and DELETE endpoints, to keep the URL scheme mostly consistent in terms of `users/me`. TODOs: 1. Add tests for exporting `zulip_muteduser` database table. 2. Add dedicated methods to python-zulip-api to be used in place of the current `client.call_endpoint` implementation. 2021-03-27 12:23:32 +01:00
users: Restrict read access to users in access_user_by_id. This commit adds code to update access_user_by_id to raise error if guest tries to access an inaccessible user. One notable behavioral change due to this is that we do not allow guest to mute or unmute a deactivated user if that user was not involved in DMs. 2023-10-17 15:25:07 +02:00			`# Arguably, access_used_by_id is not quite the right check; in the`
			`# corner case of a limited guest trying to mute a deactivated user`
			`# who they no longer have access to because the user was`
			`# deactivated... it might from a policy perspective be OK to allow`
			`# that operation even though this API will reject it.`
			`#`
			`# But it's quite possibly something nobody will try to do, so we`
			`# just reuse the existing shared code path.`
bots: Fix muting of cross realm bots. Previously, we weren't able to mute the cross realm bots. This was because, for muting the users, we access only those profiles which are in realm, excluding the cross realm system bots. This is fixed by replacing the access_user_by_id method with a new method access_user_by_id_including_cross_realm for this specific test. Fixes #27823 2023-11-27 05:39:27 +01:00			`muted_user = access_user_by_id_including_cross_realm(`
muted users: Add support to muting bots. We intentionally disallow muting bots previously upon a pending design decision in #16915. This lifts that constraint. Fixes #22693. 2023-06-13 18:15:36 +02:00			`user_profile, muted_user_id, allow_bots=True, allow_deactivated=True, for_admin=False`
muting: Add support for muting deactivated users. Fixes #19141 2021-07-07 16:55:52 +02:00			`)`
mute user: Add backend infrastructure code. Adds backend code for the mute users feature. This is just infrastructure work (database interactions, helpers, tests, events, API docs etc) and does not involve any behavioral/semantic aspects of muted users. Adds POST and DELETE endpoints, to keep the URL scheme mostly consistent in terms of `users/me`. TODOs: 1. Add tests for exporting `zulip_muteduser` database table. 2. Add dedicated methods to python-zulip-api to be used in place of the current `client.call_endpoint` implementation. 2021-03-27 12:23:32 +01:00			`date_muted = timezone_now()`

muting: Handle the case of a race muting the same user twice. 2022-03-25 00:45:35 +01:00			`try:`
			`do_mute_user(user_profile, muted_user, date_muted)`
			`except IntegrityError:`
			`raise JsonableError(_("User already muted"))`

backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`return json_success(request)`
mute user: Add backend infrastructure code. Adds backend code for the mute users feature. This is just infrastructure work (database interactions, helpers, tests, events, API docs etc) and does not involve any behavioral/semantic aspects of muted users. Adds POST and DELETE endpoints, to keep the URL scheme mostly consistent in terms of `users/me`. TODOs: 1. Add tests for exporting `zulip_muteduser` database table. 2. Add dedicated methods to python-zulip-api to be used in place of the current `client.call_endpoint` implementation. 2021-03-27 12:23:32 +01:00

			`def unmute_user(`
			`request: HttpRequest, user_profile: UserProfile, muted_user_id: int`
			`) -> HttpResponse:`
bots: Fix muting of cross realm bots. Previously, we weren't able to mute the cross realm bots. This was because, for muting the users, we access only those profiles which are in realm, excluding the cross realm system bots. This is fixed by replacing the access_user_by_id method with a new method access_user_by_id_including_cross_realm for this specific test. Fixes #27823 2023-11-27 05:39:27 +01:00			`muted_user = access_user_by_id_including_cross_realm(`
muted users: Add support to muting bots. We intentionally disallow muting bots previously upon a pending design decision in #16915. This lifts that constraint. Fixes #22693. 2023-06-13 18:15:36 +02:00			`user_profile, muted_user_id, allow_bots=True, allow_deactivated=True, for_admin=False`
muting: Add support for muting deactivated users. Fixes #19141 2021-07-07 16:55:52 +02:00			`)`
mute user: Reduce two database fetches when unmuting to one. Previously, when unmuting a user, we used to make two database fetches - one to verify that the user is has been muted before, and one while actually unmuting the user. This reduces that to one, by passing around the `MutedUser` object fetched in the first round. Since the new function returns `Optional[MutedUser]`, we need to use a hack for events tests, because mypy does not yet use the type inferred from `assert foo is not None` in nested functions like lambdas. See python/mypy@8780d45507ab1efba33568744967674cce7184d1. 2021-04-08 06:20:43 +02:00			`mute_object = get_mute_object(user_profile, muted_user)`
mute user: Add backend infrastructure code. Adds backend code for the mute users feature. This is just infrastructure work (database interactions, helpers, tests, events, API docs etc) and does not involve any behavioral/semantic aspects of muted users. Adds POST and DELETE endpoints, to keep the URL scheme mostly consistent in terms of `users/me`. TODOs: 1. Add tests for exporting `zulip_muteduser` database table. 2. Add dedicated methods to python-zulip-api to be used in place of the current `client.call_endpoint` implementation. 2021-03-27 12:23:32 +01:00
mute user: Reduce two database fetches when unmuting to one. Previously, when unmuting a user, we used to make two database fetches - one to verify that the user is has been muted before, and one while actually unmuting the user. This reduces that to one, by passing around the `MutedUser` object fetched in the first round. Since the new function returns `Optional[MutedUser]`, we need to use a hack for events tests, because mypy does not yet use the type inferred from `assert foo is not None` in nested functions like lambdas. See python/mypy@8780d45507ab1efba33568744967674cce7184d1. 2021-04-08 06:20:43 +02:00			`if mute_object is None:`
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes. 2021-06-30 18:35:50 +02:00			`raise JsonableError(_("User is not muted"))`
mute user: Add backend infrastructure code. Adds backend code for the mute users feature. This is just infrastructure work (database interactions, helpers, tests, events, API docs etc) and does not involve any behavioral/semantic aspects of muted users. Adds POST and DELETE endpoints, to keep the URL scheme mostly consistent in terms of `users/me`. TODOs: 1. Add tests for exporting `zulip_muteduser` database table. 2. Add dedicated methods to python-zulip-api to be used in place of the current `client.call_endpoint` implementation. 2021-03-27 12:23:32 +01:00
mute user: Reduce two database fetches when unmuting to one. Previously, when unmuting a user, we used to make two database fetches - one to verify that the user is has been muted before, and one while actually unmuting the user. This reduces that to one, by passing around the `MutedUser` object fetched in the first round. Since the new function returns `Optional[MutedUser]`, we need to use a hack for events tests, because mypy does not yet use the type inferred from `assert foo is not None` in nested functions like lambdas. See python/mypy@8780d45507ab1efba33568744967674cce7184d1. 2021-04-08 06:20:43 +02:00			`do_unmute_user(mute_object)`
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`return json_success(request)`