Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/lib/streams.py

558 lines
23 KiB
Python
Raw Normal View History

python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from typing import Any, Iterable, List, Mapping, Optional, Set, Tuple, Union
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
from django.conf import settings
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from django.db.models.query import QuerySet
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
from django.utils.timezone import now as timezone_now
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from django.utils.translation import ugettext as _
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
from zerver.lib.exceptions import StreamAdministratorRequired
refactor: Rename convert to markdown_convert. Prior to this commit whenever convert was imported from zerver.lib.markdown it was aliased as markdown_convert for readability. This commit rename convert function to markdown_convert so that it can be directly import it without aliasing and without compromising readability.
2020-07-04 14:34:46 +02:00
from zerver.lib.markdown import markdown_convert
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
from zerver.lib.request import JsonableError
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
from zerver.models import (
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
DefaultStreamGroup,
Realm,
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
RealmAuditLog,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
Recipient,
Stream,
Subscription,
UserProfile,
active_non_guest_user_ids,
bulk_get_streams,
get_realm_stream,
get_stream,
get_stream_by_id_in_realm,
is_cross_realm_bot_email,
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
)
tornado: Extract functions called from django into one module. This makes clearer the separation of concerns.
2020-08-10 18:40:38 +02:00
from zerver.tornado.django_api import send_event
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
def get_default_value_for_history_public_to_subscribers(
realm: Realm,
invite_only: bool,
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
history_public_to_subscribers: Optional[bool],
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
) -> bool:
if invite_only:
if history_public_to_subscribers is None:
# A private stream's history is non-public by default
history_public_to_subscribers = False
else:
# If we later decide to support public streams without
# history, we can remove this code path.
history_public_to_subscribers = True
if realm.is_zephyr_mirror_realm:
# In the Zephyr mirroring model, history is unconditionally
# not public to subscribers, even for public streams.
history_public_to_subscribers = False
return history_public_to_subscribers
def render_stream_description(text: str) -> str:
refactor: Rename remaining bugdown_convert to markdown_convert. This commit is part of series of commits aimed at renaming bugdown to markdown.
2020-06-28 12:26:18 +02:00
return markdown_convert(text, no_previews=True)
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
def send_stream_creation_event(stream: Stream, user_ids: List[int]) -> None:
event = dict(type="stream", op="create",
streams=[stream.to_dict()])
send_event(stream.realm, event, user_ids)
def create_stream_if_needed(realm: Realm,
stream_name: str,
*,
invite_only: bool=False,
stream_post_policy: int=Stream.STREAM_POST_POLICY_EVERYONE,
history_public_to_subscribers: Optional[bool]=None,
streams: Add API for changing stream-level message_retention_days. This commit adds backend support for setting message_retention_days while creating streams and updating it for an existing stream. We only allow organization owners to set/update it for a stream. 'message_retention_days' field for a stream existed previously also, but there was no way to set it while creating streams or update it for an exisiting streams using any endpoint.
2020-06-14 18:57:02 +02:00
stream_description: str="",
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
message_retention_days: Optional[int]=None,
acting_user: Optional[UserProfile]=None) -> Tuple[Stream, bool]:
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
history_public_to_subscribers = get_default_value_for_history_public_to_subscribers(
realm, invite_only, history_public_to_subscribers)
(stream, created) = Stream.objects.get_or_create(
realm=realm,
name__iexact=stream_name,
defaults = dict(
name=stream_name,
description=stream_description,
invite_only=invite_only,
stream_post_policy=stream_post_policy,
history_public_to_subscribers=history_public_to_subscribers,
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
is_in_zephyr_realm=realm.is_zephyr_mirror_realm,
streams: Add API for changing stream-level message_retention_days. This commit adds backend support for setting message_retention_days while creating streams and updating it for an existing stream. We only allow organization owners to set/update it for a stream. 'message_retention_days' field for a stream existed previously also, but there was no way to set it while creating streams or update it for an exisiting streams using any endpoint.
2020-06-14 18:57:02 +02:00
message_retention_days=message_retention_days,
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
),
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
)
if created:
recipient = Recipient.objects.create(type_id=stream.id, type=Recipient.STREAM)
stream.recipient = recipient
stream.rendered_description = render_stream_description(stream_description)
stream.save(update_fields=["recipient", "rendered_description"])
if stream.is_public():
send_stream_creation_event(stream, active_non_guest_user_ids(stream.realm_id))
else:
realm_admin_ids = [user.id for user in
stream.realm.get_admin_users_and_bots()]
send_stream_creation_event(stream, realm_admin_ids)
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
event_time = timezone_now()
RealmAuditLog.objects.create(realm=realm, acting_user=acting_user,
modified_stream=stream, event_type=RealmAuditLog.STREAM_CREATED,
event_time=event_time)
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
return stream, created
def create_streams_if_needed(realm: Realm,
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
stream_dicts: List[Mapping[str, Any]],
acting_user: Optional[UserProfile]=None) -> Tuple[List[Stream], List[Stream]]:
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
"""Note that stream_dict["name"] is assumed to already be stripped of
whitespace"""
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
added_streams: List[Stream] = []
existing_streams: List[Stream] = []
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
for stream_dict in stream_dicts:
stream, created = create_stream_if_needed(
realm,
stream_dict["name"],
invite_only=stream_dict.get("invite_only", False),
stream_post_policy=stream_dict.get("stream_post_policy", Stream.STREAM_POST_POLICY_EVERYONE),
history_public_to_subscribers=stream_dict.get("history_public_to_subscribers"),
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
stream_description=stream_dict.get("description", ""),
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
message_retention_days=stream_dict.get("message_retention_days", None),
acting_user=acting_user
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
)
if created:
added_streams.append(stream)
else:
existing_streams.append(stream)
return added_streams, existing_streams
def check_stream_name(stream_name: str) -> None:
if stream_name.strip() == "":
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Invalid stream name '{}'").format(stream_name))
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
if len(stream_name) > Stream.MAX_NAME_LENGTH:
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Stream name too long (limit: {} characters).").format(Stream.MAX_NAME_LENGTH))
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
for i in stream_name:
if ord(i) == 0:
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Stream name '{}' contains NULL (0x00) characters.").format(stream_name))
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
def subscribed_to_stream(user_profile: UserProfile, stream_id: int) -> bool:
return Subscription.objects.filter(
user_profile=user_profile,
active=True,
recipient__type=Recipient.STREAM,
recipient__type_id=stream_id).exists()
def access_stream_for_send_message(sender: UserProfile,
stream: Stream,
forwarder_user_profile: Optional[UserProfile]) -> None:
# Our caller is responsible for making sure that `stream` actually
# matches the realm of the sender.
# Organization admins can send to any stream, irrespective of the stream_post_policy value.
if sender.is_realm_admin or is_cross_realm_bot_email(sender.delivery_email):
pass
elif sender.is_bot and (sender.bot_owner is not None and
sender.bot_owner.is_realm_admin):
pass
elif stream.stream_post_policy == Stream.STREAM_POST_POLICY_ADMINS:
raise JsonableError(_("Only organization administrators can send to this stream."))
elif stream.stream_post_policy == Stream.STREAM_POST_POLICY_RESTRICT_NEW_MEMBERS:
if sender.is_bot and (sender.bot_owner is not None and
sender.bot_owner.is_new_member):
raise JsonableError(_("New members cannot send to this stream."))
elif sender.is_new_member:
raise JsonableError(_("New members cannot send to this stream."))
streams: Grant guest users access to web-public streams. In this commit, we grant guest users access to stream history, send message and common stream data of web-public streams. This is part of PR #14638 that aims to allow guest users to browse and subscribe to web-public streams.
2020-07-24 04:56:12 +02:00
if stream.is_web_public:
# Even guest users can write to web-public streams.
return
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
if not (stream.invite_only or sender.is_guest):
# This is a public stream and sender is not a guest user
return
if subscribed_to_stream(sender, stream.id):
# It is private, but your are subscribed
return
if sender.is_api_super_user:
return
if (forwarder_user_profile is not None and forwarder_user_profile.is_api_super_user):
return
if sender.is_bot and (sender.bot_owner is not None and
subscribed_to_stream(sender.bot_owner, stream.id)):
# Bots can send to any stream their owner can.
return
if sender.delivery_email == settings.WELCOME_BOT:
# The welcome bot welcomes folks to the stream.
return
if sender.delivery_email == settings.NOTIFICATION_BOT:
return
# All other cases are an error.
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Not authorized to send to stream '{}'").format(stream.name))
streams: Remove dependency of streams on actions. Refactored code in actions.py and streams.py to move stream related functions into streams.py and remove the dependency on actions.py. validate_sender_can_write_to_stream function in actions.py was renamed to access_stream_for_send_message in streams.py.
2020-03-24 14:47:41 +01:00
Accept stream_id for muting endpoints.
2018-12-24 17:04:27 +01:00
def check_for_exactly_one_stream_arg(stream_id: Optional[int], stream: Optional[str]) -> None:
if stream_id is None and stream is None:
raise JsonableError(_("Please supply 'stream'."))
if stream_id is not None and stream is not None:
raise JsonableError(_("Please choose one: 'stream' or 'stream_id'."))
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
def check_stream_access_for_delete_or_update(user_profile: UserProfile, stream: Stream,
sub: Optional[Subscription]=None) -> None:
Allow admins to delete private streams (backend only). This is the backend piece. Getting the UI right here is a bit more complicated here, but this allows admins to use the API to delete streams.
2017-08-22 21:41:08 +02:00
error = _("Invalid stream id")
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
if stream.realm_id != user_profile.realm_id:
raise JsonableError(error)
if user_profile.is_realm_admin:
return
if sub is None and stream.invite_only:
raise JsonableError(error)
if sub is not None and sub.is_stream_admin:
return
raise StreamAdministratorRequired()
def access_stream_for_delete_or_update(user_profile: UserProfile, stream_id: int) -> Stream:
Allow admins to delete private streams (backend only). This is the backend piece. Getting the UI right here is a bit more complicated here, but this allows admins to use the API to delete streams.
2017-08-22 21:41:08 +02:00
try:
stream = Stream.objects.get(id=stream_id)
except Stream.DoesNotExist:
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
raise JsonableError(_("Invalid stream id"))
Allow admins to delete private streams (backend only). This is the backend piece. Getting the UI right here is a bit more complicated here, but this allows admins to use the API to delete streams.
2017-08-22 21:41:08 +02:00
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
try:
sub = Subscription.objects.get(user_profile=user_profile,
recipient=stream.recipient,
active=True)
except Subscription.DoesNotExist:
sub = None
Allow admins to delete private streams (backend only). This is the backend piece. Getting the UI right here is a bit more complicated here, but this allows admins to use the API to delete streams.
2017-08-22 21:41:08 +02:00
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
check_stream_access_for_delete_or_update(user_profile, stream, sub)
Allow admins to delete private streams (backend only). This is the backend piece. Getting the UI right here is a bit more complicated here, but this allows admins to use the API to delete streams.
2017-08-22 21:41:08 +02:00
return stream
stream settings: Allow realm admins to access all private stream subs. This will allow realm admins to access subscribers of unsubscribed private stream. This is a preparatory commit for letting realm admins remove those users.
2018-02-14 17:59:01 +01:00
# Only set allow_realm_admin flag to True when you want to allow realm admin to
# access unsubscribed private stream content.
zerver/lib: Use python 3 syntax for typing. Extracted from a larger commit by tabbott because these changes will not create significant merge conflicts.
2017-11-05 11:15:10 +01:00
def access_stream_common(user_profile: UserProfile, stream: Stream,
zerver/lib: Change use of typing.Text to str.
2018-05-11 01:40:23 +02:00
error: str,
stream settings: Allow realm admins to access all private stream subs. This will allow realm admins to access subscribers of unsubscribed private stream. This is a preparatory commit for letting realm admins remove those users.
2018-02-14 17:59:01 +01:00
require_active: bool=True,
mypy: Mark Subscription as Optional in lib/streams.py:access_stream*.
2018-03-22 18:52:40 +01:00
allow_realm_admin: bool=False) -> Tuple[Recipient, Optional[Subscription]]:
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
"""Common function for backend code where the target use attempts to
access the target stream, returning all the data fetched along the
way. If that user does not have permission to access that stream,
we throw an exception. A design goal is that the error message is
the same for streams you can't access and streams that don't exist."""
# First, we don't allow any access to streams in other realms.
if stream.realm_id != user_profile.realm_id:
raise JsonableError(error)
streams: Eliminate some unnecessary get_stream_recipient calls.
2019-12-05 23:26:24 +01:00
recipient = stream.recipient
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
try:
sub = Subscription.objects.get(user_profile=user_profile,
recipient=recipient,
subs: Fix clearing unread counts when leaving private streams. Because we use access_stream_by_id here, and that checks for an active subscription to interact with a private stream, this didn't work. The correct fix to add an option to active_stream_by_id to accept an argument indicating whether we need an active subscription; for this use case, we definitely do not.
2017-11-29 23:35:33 +01:00
active=require_active)
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
except Subscription.DoesNotExist:
sub = None
streams: Grant guest users access to web-public streams. In this commit, we grant guest users access to stream history, send message and common stream data of web-public streams. This is part of PR #14638 that aims to allow guest users to browse and subscribe to web-public streams.
2020-07-24 04:56:12 +02:00
# Any realm user, even guests, can access web_public streams.
if stream.is_web_public:
return (recipient, sub)
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
# If the stream is in your realm and public, you can access it.
streams: Limit access to public streams for guest users. With most of the tests tests written by Shubham Dhama.
2018-05-02 17:00:06 +02:00
if stream.is_public() and not user_profile.is_guest:
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
return (recipient, sub)
# Or if you are subscribed to the stream, you can access it.
if sub is not None:
return (recipient, sub)
stream settings: Allow realm admins to access all private stream subs. This will allow realm admins to access subscribers of unsubscribed private stream. This is a preparatory commit for letting realm admins remove those users.
2018-02-14 17:59:01 +01:00
# For some specific callers (e.g. getting list of subscribers,
# removing other users from a stream, and updating stream name and
# description), we allow realm admins to access stream even if
# they are not subscribed to a private stream.
if user_profile.is_realm_admin and allow_realm_admin:
return (recipient, sub)
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
# Otherwise it is a private stream and you're not on it, so throw
# an error.
raise JsonableError(error)
subs: Fix clearing unread counts when leaving private streams. Because we use access_stream_by_id here, and that checks for an active subscription to interact with a private stream, this didn't work. The correct fix to add an option to active_stream_by_id to accept an argument indicating whether we need an active subscription; for this use case, we definitely do not.
2017-11-29 23:35:33 +01:00
def access_stream_by_id(user_profile: UserProfile,
stream_id: int,
stream settings: Allow realm admins to access all private stream subs. This will allow realm admins to access subscribers of unsubscribed private stream. This is a preparatory commit for letting realm admins remove those users.
2018-02-14 17:59:01 +01:00
require_active: bool=True,
mypy: Mark Subscription as Optional in lib/streams.py:access_stream*.
2018-03-22 18:52:40 +01:00
allow_realm_admin: bool=False) -> Tuple[Stream, Recipient, Optional[Subscription]]:
lib/streams.py: Extract get_stream_by_id as a separate function. We extract get_stream_by_id function out of the body of access_stream_by_id function to help us access streams for archives.
2018-04-27 15:50:57 +02:00
stream = get_stream_by_id(stream_id)
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
lib/streams.py: Extract get_stream_by_id as a separate function. We extract get_stream_by_id function out of the body of access_stream_by_id function to help us access streams for archives.
2018-04-27 15:50:57 +02:00
error = _("Invalid stream id")
subs: Fix clearing unread counts when leaving private streams. Because we use access_stream_by_id here, and that checks for an active subscription to interact with a private stream, this didn't work. The correct fix to add an option to active_stream_by_id to accept an argument indicating whether we need an active subscription; for this use case, we definitely do not.
2017-11-29 23:35:33 +01:00
(recipient, sub) = access_stream_common(user_profile, stream, error,
stream settings: Allow realm admins to access all private stream subs. This will allow realm admins to access subscribers of unsubscribed private stream. This is a preparatory commit for letting realm admins remove those users.
2018-02-14 17:59:01 +01:00
require_active=require_active,
allow_realm_admin=allow_realm_admin)
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
return (stream, recipient, sub)
search: Add streams:public to search entire history of public streams. Add ability to search entire message history of all public streams at once. It includes all subscibed, non subscribed public streams messages and even historical public stream messages sent before user had joined an organization or stream. Fixes #8859.
2019-08-13 20:20:36 +02:00
def get_public_streams_queryset(realm: Realm) -> 'QuerySet[Stream]':
return Stream.objects.filter(realm=realm, invite_only=False,
history_public_to_subscribers=True)
message_fetch: Allow access to web-public msgs for unauth users. Via API, users can now access messages which are in web-public streams without any authentication. If the user is not authenticated, we assume it is a web-public query and add `streams:web-public` narrow if not already present to the narrow. web-public streams are also directly accessible. Any malformed narrow which is not allowed in a web-public query results in a 400 or 401. See test_message_fetch for the allowed queries.
2020-08-04 19:33:43 +02:00
def get_web_public_streams_queryset(realm: Realm) -> 'QuerySet[Stream]':
# In theory, is_web_public=True implies invite_only=False and
# history_public_to_subscribers=True, but it's safer to include
# this in the query.
return Stream.objects.filter(realm=realm, deactivated=False, invite_only=False,
history_public_to_subscribers=True, is_web_public=True)
lib/streams.py: Extract get_stream_by_id as a separate function. We extract get_stream_by_id function out of the body of access_stream_by_id function to help us access streams for archives.
2018-04-27 15:50:57 +02:00
def get_stream_by_id(stream_id: int) -> Stream:
error = _("Invalid stream id")
try:
stream = Stream.objects.get(id=stream_id)
except Stream.DoesNotExist:
raise JsonableError(error)
return stream
zerver/lib: Change use of typing.Text to str.
2018-05-11 01:40:23 +02:00
def check_stream_name_available(realm: Realm, name: str) -> None:
streams: Eliminate last use of get_stream in views.
2017-01-30 06:42:09 +01:00
check_stream_name(name)
get_stream: Throw DoesNotExist if stream is not found. This makes get_stream match get_realm, get_user_profile_by_email, etc., in interface, and is more convenient for mypy annotations because `get_stream` now doesn't return an Optional[Stream].
2017-03-23 07:22:28 +01:00
try:
get_stream(name, realm)
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Stream name '{}' is already taken.").format(name))
get_stream: Throw DoesNotExist if stream is not found. This makes get_stream match get_realm, get_user_profile_by_email, etc., in interface, and is more convenient for mypy annotations because `get_stream` now doesn't return an Optional[Stream].
2017-03-23 07:22:28 +01:00
except Stream.DoesNotExist:
pass
streams: Eliminate last use of get_stream in views.
2017-01-30 06:42:09 +01:00
zerver/lib: Use python 3 syntax for typing. Extracted from a larger commit by tabbott because these changes will not create significant merge conflicts.
2017-11-05 11:15:10 +01:00
def access_stream_by_name(user_profile: UserProfile,
default stream: Allows admins to remove any default stream. This fixes a bug where administrators couldn't remove private unsubscribed streams from the "default streams" list, because access_stream_by_name didn't give them access to the stream object.
2018-08-07 14:13:58 +02:00
stream_name: str,
allow_realm_admin: bool=False) -> Tuple[Stream, Recipient, Optional[Subscription]]:
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
error = _("Invalid stream name '{}'").format(stream_name)
get_stream: Throw DoesNotExist if stream is not found. This makes get_stream match get_realm, get_user_profile_by_email, etc., in interface, and is more convenient for mypy annotations because `get_stream` now doesn't return an Optional[Stream].
2017-03-23 07:22:28 +01:00
try:
Call get_realm_stream() in access_stream_by_name().
2017-10-22 02:02:27 +02:00
stream = get_realm_stream(stream_name, user_profile.realm_id)
get_stream: Throw DoesNotExist if stream is not found. This makes get_stream match get_realm, get_user_profile_by_email, etc., in interface, and is more convenient for mypy annotations because `get_stream` now doesn't return an Optional[Stream].
2017-03-23 07:22:28 +01:00
except Stream.DoesNotExist:
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
raise JsonableError(error)
default stream: Allows admins to remove any default stream. This fixes a bug where administrators couldn't remove private unsubscribed streams from the "default streams" list, because access_stream_by_name didn't give them access to the stream object.
2018-08-07 14:13:58 +02:00
(recipient, sub) = access_stream_common(user_profile, stream, error,
allow_realm_admin=allow_realm_admin)
streams: Add zerver/lib/streams.py library for security checks. The goal of this library is to make it a lot easier to prevent bugs like CVE-2017-0881 by having all of our views logic for fetching a stream go through a couple carefully tested code paths.
2017-01-30 00:48:45 +01:00
return (stream, recipient, sub)
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
topic_history: Allow anonymous access in web-public streams. For web-public streams, clients can access full topic history without being authenticated. They only need to additionally send "streams:web-public" narrow with their request like all the other web-public queries.
2020-08-21 17:12:05 +02:00
def access_web_public_stream(stream_id: int, realm: Realm) -> Stream:
error = _("Invalid stream id")
try:
stream = get_stream_by_id_in_realm(stream_id, realm)
except Stream.DoesNotExist:
raise JsonableError(error)
if not stream.is_web_public:
raise JsonableError(error)
return stream
Accept stream_id for muting endpoints.
2018-12-24 17:04:27 +01:00
def access_stream_for_unmute_topic_by_name(user_profile: UserProfile,
stream_name: str,
error: str) -> Stream:
Add MutedTopic model. This commit completely switches us over to using a dedicated model called MutedTopic to track which topics a user has muted. This includes the necessary migrations to create the table and populate it from legacy data in UserProfile. A subsequent commit will actually remove the old field in UserProfile.
2017-08-30 02:19:34 +02:00
"""
It may seem a little silly to have this helper function for unmuting
topics, but it gets around a linter warning, and it helps to be able
to review all security-related stuff in one place.
Our policy for accessing streams when you unmute a topic is that you
don't necessarily need to have an active subscription or even "legal"
access to the stream. Instead, we just verify the stream_id has been
muted in the past (not here, but in the caller).
Long term, we'll probably have folks just pass us in the id of the
MutedTopic row to unmute topics.
"""
try:
stream = get_stream(stream_name, user_profile.realm)
except Stream.DoesNotExist:
raise JsonableError(error)
return stream
Accept stream_id for muting endpoints.
2018-12-24 17:04:27 +01:00
def access_stream_for_unmute_topic_by_id(user_profile: UserProfile,
stream_id: int,
error: str) -> Stream:
try:
stream = Stream.objects.get(id=stream_id, realm_id=user_profile.realm_id)
except Stream.DoesNotExist:
raise JsonableError(error)
return stream
streams: Refactor can_access_stream_history. This refactor extracts the code logic of checking if user can access stream history into it's own function: can_access_stream_history that takes in user_profile and stream. Then we make seperate function can_access_stream_by_name that takes in stream_name and retrives stream and pass it to can_access_stream_history. This will make it easily to later add a function that does the same thing with stream ID.
2019-08-13 19:52:22 +02:00
def can_access_stream_history(user_profile: UserProfile, stream: Stream) -> bool:
messages: Pass UserProfile to is_public_stream_by_name and rename. The new name can_access_stream_history_by_name gets to the point of what this function actually does. And passing in a user object lets us define what this does based on the user subscribed.
2018-04-05 00:10:01 +02:00
"""Determine whether the provided user is allowed to access the
history of the target stream. The stream is specified by name.
This is used by the caller to determine whether this user can get
historical messages before they joined for a narrowing search.
messages: Move is_public_stream out of views code. The main purpose of this change is to minimize access to get_stream in views code.
2017-08-15 18:58:29 +02:00
Because of the way our search is currently structured,
we may be passed an invalid stream here. We return
False in that situation, and subsequent code will do
validation and raise the appropriate JsonableError.
Note that this function should only be used in contexts where
access_stream is being called elsewhere to confirm that the user
can actually see this stream.
"""
streams: Grant guest users access to web-public streams. In this commit, we grant guest users access to stream history, send message and common stream data of web-public streams. This is part of PR #14638 that aims to allow guest users to browse and subscribe to web-public streams.
2020-07-24 04:56:12 +02:00
if stream.is_web_public:
return True
streams: Limit access to public streams for guest users. With most of the tests tests written by Shubham Dhama.
2018-05-02 17:00:06 +02:00
if stream.is_history_realm_public() and not user_profile.is_guest:
messages: Add a server-level setting to control private stream history. We don't indend for this server-level setting to exist in the long term; the purpose of this is just to make it easy to test this code path for development purposes. This implements much of the Message side part of #2745.
2018-04-05 00:28:14 +02:00
return True
if stream.is_history_public_to_subscribers():
# In this case, we check if the user is subscribed.
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
error = _("Invalid stream name '{}'").format(stream.name)
messages: Add a server-level setting to control private stream history. We don't indend for this server-level setting to exist in the long term; the purpose of this is just to make it easy to test this code path for development purposes. This implements much of the Message side part of #2745.
2018-04-05 00:28:14 +02:00
try:
(recipient, sub) = access_stream_common(user_profile, stream, error)
except JsonableError:
return False
return True
return False
messages: Move is_public_stream out of views code. The main purpose of this change is to minimize access to get_stream in views code.
2017-08-15 18:58:29 +02:00
streams: Refactor can_access_stream_history. This refactor extracts the code logic of checking if user can access stream history into it's own function: can_access_stream_history that takes in user_profile and stream. Then we make seperate function can_access_stream_by_name that takes in stream_name and retrives stream and pass it to can_access_stream_history. This will make it easily to later add a function that does the same thing with stream ID.
2019-08-13 19:52:22 +02:00
def can_access_stream_history_by_name(user_profile: UserProfile, stream_name: str) -> bool:
try:
stream = get_stream(stream_name, user_profile.realm)
except Stream.DoesNotExist:
return False
return can_access_stream_history(user_profile, stream)
messages: Support passing user ID for stream operator. ok_to_include_history fuction was updated to expect stream ID. Fixes part of #9474.
2019-08-07 17:32:19 +02:00
def can_access_stream_history_by_id(user_profile: UserProfile, stream_id: int) -> bool:
try:
stream = get_stream_by_id_in_realm(stream_id, user_profile.realm)
except Stream.DoesNotExist:
return False
return can_access_stream_history(user_profile, stream)
zerver/lib: Use python 3 syntax for typing. Extracted from a larger commit by tabbott because these changes will not create significant merge conflicts.
2017-11-05 11:15:10 +01:00
def filter_stream_authorization(user_profile: UserProfile,
streams: Iterable[Stream]) -> Tuple[List[Stream], List[Stream]]:
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
streams_subscribed: Set[int] = set()
recipients: Remove bulk_get_recipients function and its uses. With the recipient field being denormalized into the UserProfile and Streams models, all current uses of bulk_get_recipients can be done more efficient, by simply checking the .recipient_id attribute on the appropriate objects.
2019-12-06 00:15:59 +01:00
recipient_ids = [stream.recipient_id for stream in streams]
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
subs = Subscription.objects.filter(user_profile=user_profile,
recipients: Remove bulk_get_recipients function and its uses. With the recipient field being denormalized into the UserProfile and Streams models, all current uses of bulk_get_recipients can be done more efficient, by simply checking the .recipient_id attribute on the appropriate objects.
2019-12-06 00:15:59 +01:00
recipient_id__in=recipient_ids,
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
active=True)
for sub in subs:
streams_subscribed.add(sub.recipient.type_id)
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
unauthorized_streams: List[Stream] = []
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
for stream in streams:
streams.py: Use the singular 'they' pronoun.
2017-07-05 11:50:47 +02:00
# The user is authorized for their own streams
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
if stream.id in streams_subscribed:
continue
streams: Grant authorization to guest users to subscribe. Modifies filter_stream_authorization so that web-public streams are added in the list of authorized streams that a guest user can subscribe. This commit is part of PR #14638 that aims to allow guest users to browse and subscribe to web-public streams.
2020-07-24 05:30:58 +02:00
# Web public streams are accessible even to guests
if stream.is_web_public:
continue
streams: Change flow in filter_stream_authorization. This change makes the flow more coherent by instead of checking, in the last condition, if the user isn't authorized to access that stream, check if they are, as it is done in the other checks. Only if all the conditions are false, which means that the user doesn't have access to that stream, the stream is added to the unauthorized_streams list.
2020-07-29 23:54:00 +02:00
# Members and administrators are authorized for public streams
if not stream.invite_only and not user_profile.is_guest:
continue
unauthorized_streams.append(stream)
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
authorized_streams = [stream for stream in streams if
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-09 21:51:58 +02:00
stream.id not in {stream.id for stream in unauthorized_streams}]
streams: Move filter_stream_authorization to lib.
2017-01-30 02:57:24 +01:00
return authorized_streams, unauthorized_streams
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
zerver/lib: Use python 3 syntax for typing. Extracted from a larger commit by tabbott because these changes will not create significant merge conflicts.
2017-11-05 11:15:10 +01:00
def list_to_streams(streams_raw: Iterable[Mapping[str, Any]],
user_profile: UserProfile,
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
autocreate: bool=False,
admin_access_required: bool=False) -> Tuple[List[Stream], List[Stream]]:
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
"""Converts list of dicts to a list of Streams, validating input in the process
For each stream name, we validate it to ensure it meets our
streams: Consider stream name validation logic.
2017-01-30 07:01:19 +01:00
requirements for a proper stream name using check_stream_name.
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
This function in autocreate mode should be atomic: either an exception will be raised
during a precheck, or all the streams specified will have been created if applicable.
@param streams_raw The list of stream dictionaries to process;
names should already be stripped of whitespace by the caller.
text: Fix some typos (most of them found and fixed by codespell). Signed-off-by: Stefan Weil <sw@weilnetz.de>
2020-03-28 01:25:56 +01:00
@param user_profile The user for whom we are retrieving the streams
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
@param autocreate Whether we should create streams if they don't already exist
"""
# Validate all streams, getting extant ones, then get-or-creating the rest.
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-09 21:51:58 +02:00
stream_set = {stream_dict["name"] for stream_dict in streams_raw}
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
for stream_name in stream_set:
# Stream names should already have been stripped by the
# caller, but it makes sense to verify anyway.
assert stream_name == stream_name.strip()
streams: Consider stream name validation logic.
2017-01-30 07:01:19 +01:00
check_stream_name(stream_name)
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
existing_streams: List[Stream] = []
missing_stream_dicts: List[Mapping[str, Any]] = []
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
existing_stream_map = bulk_get_streams(user_profile.realm, stream_set)
streams: Allow stream admin to update and deactivate streams. The new Stream administrator role is allowed to manage a stream they administer, including: * Setting properties like name, description, privacy and post-policy. * Removing subscribers * Deactivating the stream The access_stream_for_delete_or_update is modified and is used only to get objects from database and further checks for administrative rights is done by check_stream_access_for_delete_or_update. We have also added a new exception class StreamAdministratorRequired.
2020-07-13 16:13:28 +02:00
if admin_access_required:
existing_stream_ids = [stream.id for stream in existing_stream_map.values()]
subs = Subscription.objects.select_related("recipient").filter(
user_profile=user_profile,
recipient__type=Recipient.STREAM,
recipient__type_id__in=existing_stream_ids,
active=True)
sub_dict_by_stream_ids = {sub.recipient.type_id: sub for sub in subs}
for stream in existing_stream_map.values():
sub = None
if stream.id in sub_dict_by_stream_ids:
sub = sub_dict_by_stream_ids[stream.id]
check_stream_access_for_delete_or_update(user_profile, stream, sub)
streams: Add API for changing stream-level message_retention_days. This commit adds backend support for setting message_retention_days while creating streams and updating it for an existing stream. We only allow organization owners to set/update it for a stream. 'message_retention_days' field for a stream existed previously also, but there was no way to set it while creating streams or update it for an exisiting streams using any endpoint.
2020-06-14 18:57:02 +02:00
message_retention_days_not_none = False
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
for stream_dict in streams_raw:
stream_name = stream_dict["name"]
stream = existing_stream_map.get(stream_name.lower())
if stream is None:
streams: Add API for changing stream-level message_retention_days. This commit adds backend support for setting message_retention_days while creating streams and updating it for an existing stream. We only allow organization owners to set/update it for a stream. 'message_retention_days' field for a stream existed previously also, but there was no way to set it while creating streams or update it for an exisiting streams using any endpoint.
2020-06-14 18:57:02 +02:00
if stream_dict.get('message_retention_days', None) is not None:
message_retention_days_not_none = True
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
missing_stream_dicts.append(stream_dict)
else:
existing_streams.append(stream)
if len(missing_stream_dicts) == 0:
# This is the happy path for callers who expected all of these
# streams to exist already.
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
created_streams: List[Stream] = []
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
else:
# autocreate=True path starts here
if not user_profile.can_create_streams():
raise JsonableError(_('User cannot create streams.'))
elif not autocreate:
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Stream(s) ({}) do not exist").format(
", ".join(stream_dict["name"] for stream_dict in missing_stream_dicts),
))
streams: Add API for changing stream-level message_retention_days. This commit adds backend support for setting message_retention_days while creating streams and updating it for an existing stream. We only allow organization owners to set/update it for a stream. 'message_retention_days' field for a stream existed previously also, but there was no way to set it while creating streams or update it for an exisiting streams using any endpoint.
2020-06-14 18:57:02 +02:00
elif message_retention_days_not_none:
if not user_profile.is_realm_owner:
raise JsonableError(_('User cannot create stream with this settings.'))
user_profile.realm.ensure_not_on_limited_plan()
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
# We already filtered out existing streams, so dup_streams
# will normally be an empty list below, but we protect against somebody
# else racing to create the same stream. (This is not an entirely
# paranoid approach, since often on Zulip two people will discuss
# creating a new stream, and both people eagerly do it.)
created_streams, dup_streams = create_streams_if_needed(realm=user_profile.realm,
audit_log: Log RealmAuditLog when Stream is created. Added new Event Type in AbstractRealmAuditLog STREAM_CREATED. Since we finally create streams in create_stream_if_needed function in zerver/lib/streams.py so logged realm_audit there. Passed acting_user when create_stream_if_needed or ensure_stream function is called. Added tests in test_audit_log.
2020-06-29 23:31:25 +02:00
stream_dicts=missing_stream_dicts,
acting_user=user_profile)
streams: Move list_to_streams to lib.
2017-01-30 03:02:40 +01:00
existing_streams += dup_streams
return existing_streams, created_streams
api: Pass group id instead of name to default stream group api.
2017-11-14 20:33:09 +01:00
def access_default_stream_group_by_id(realm: Realm, group_id: int) -> DefaultStreamGroup:
try:
return DefaultStreamGroup.objects.get(realm=realm, id=group_id)
except DefaultStreamGroup.DoesNotExist:
python: Convert percent formatting to .format for translated strings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 23:22:24 +02:00
raise JsonableError(_("Default stream group with id '{}' does not exist.").format(group_id))
refactor: Add get_stream_by_narrow_operand_access_unchecked. This let's us clean up the linter that excludes the use of get_stream and by adding the access_unchecked in the name we make it clear that it should be used with caution. Refactoring idea by Tim Abbott.
2019-08-11 18:57:54 +02:00
def get_stream_by_narrow_operand_access_unchecked(operand: Union[str, int], realm: Realm) -> Stream:
"""This is required over access_stream_* in certain cases where
we need the stream data only to prepare a response that user can access
and not send it out to unauthorized recipients.
"""
if isinstance(operand, str):
return get_stream(operand, realm)
return get_stream_by_id_in_realm(operand, realm)