Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Split bot deactivation from user deactivation 

(imported from commit 153a870b244e040e3b5976f639866dbace5563f6)
This commit is contained in:
Jason Michalski 2014-02-11 11:14:33 -05:00
parent d177f49a96
commit 0244b50f0b
4 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
static/js/settings.js
View File

@ -144,7 +144,7 @@ $(function () {
$("#bots_list").on("click", "button.delete_bot", function (e) { $("#bots_list").on("click", "button.delete_bot", function (e) {
var email = $(e.currentTarget).data('email'); var email = $(e.currentTarget).data('email');
channel.del({ channel.del({
url: '/json/users/' + encodeURIComponent(email), url: '/json/bots/' + encodeURIComponent(email),
success: function () { success: function () {
var row = $(e.currentTarget).closest("li"); var row = $(e.currentTarget).closest("li");
row.hide('slow', function () { row.remove(); }); row.hide('slow', function () { row.remove(); });

22
zerver/tests.py
View File

@ -332,6 +332,10 @@ class ActivateTest(AuthedTestCase):
user = get_user_profile_by_email('hamlet@zulip.com') user = get_user_profile_by_email('hamlet@zulip.com')
self.assertTrue(user.is_active) self.assertTrue(user.is_active)
# Can not deactivate a user as a bot
result = self.client_delete('/json/bots/hamlet@zulip.com')
self.assert_json_error(result, 'No such bot')
class BotTest(AuthedTestCase): class BotTest(AuthedTestCase):
def assert_num_bots_equal(self, count): def assert_num_bots_equal(self, count):
result = self.client.get("/json/bots") result = self.client.get("/json/bots")
@ -348,7 +352,7 @@ class BotTest(AuthedTestCase):
self.assert_json_success(result) self.assert_json_success(result)
def deactivate_bot(self): def deactivate_bot(self):
result = self.client_delete("/json/users/hambot-bot@zulip.com") result = self.client_delete("/json/bots/hambot-bot@zulip.com")
self.assert_json_success(result) self.assert_json_success(result)
def test_add_bot(self): def test_add_bot(self):
@ -373,8 +377,8 @@ class BotTest(AuthedTestCase):
self.assert_num_bots_equal(0) self.assert_num_bots_equal(0)
self.create_bot() self.create_bot()
self.assert_num_bots_equal(1) self.assert_num_bots_equal(1)
result = self.client_delete("/json/users/bogus-bot@zulip.com") result = self.client_delete("/json/bots/bogus-bot@zulip.com")
self.assert_json_error(result, 'No such user') self.assert_json_error(result, 'No such bot')
self.assert_num_bots_equal(1) self.assert_num_bots_equal(1)
def test_bot_deactivation_attacks(self): def test_bot_deactivation_attacks(self):
@ -388,16 +392,22 @@ class BotTest(AuthedTestCase):
# Hamlet's bot. # Hamlet's bot.
self.login("othello@zulip.com") self.login("othello@zulip.com")
result = self.client_delete("/json/users/hamlet@zulip.com") # Can not deactivate a user as a bot
self.assert_json_error(result, 'Insufficient permission') result = self.client_delete("/json/bots/hamlet@zulip.com")
self.assert_json_error(result, 'No such bot')
result = self.client_delete("/json/users/hambot-bot@zulip.com") result = self.client_delete("/json/bots/hambot-bot@zulip.com")
self.assert_json_error(result, 'Insufficient permission') self.assert_json_error(result, 'Insufficient permission')
# But we don't actually deactivate the other person's bot. # But we don't actually deactivate the other person's bot.
self.login("hamlet@zulip.com") self.login("hamlet@zulip.com")
self.assert_num_bots_equal(1) self.assert_num_bots_equal(1)
# Can not deactivate a bot as a user
result = self.client_delete("/json/users/hambot-bot@zulip.com")
self.assert_json_error(result, 'No such user')
self.assert_num_bots_equal(1)
def test_bot_permissions(self): def test_bot_permissions(self):
self.login("hamlet@zulip.com") self.login("hamlet@zulip.com")
self.assert_num_bots_equal(0) self.assert_num_bots_equal(0)

14
zerver/views/__init__.py
View File

@ -1782,12 +1782,26 @@ def events_register_backend(request, user_profile, apply_markdown=True,
narrow=narrow) narrow=narrow)
return json_success(ret) return json_success(ret)
def deactivate_user_backend(request, user_profile, email): def deactivate_user_backend(request, user_profile, email):
try: try:
target = get_user_profile_by_email(email) target = get_user_profile_by_email(email)
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
return json_error('No such user') return json_error('No such user')
if target.is_bot:
return json_error('No such user')
return _deactivate_user_profile_backend(request, user_profile, target)
def deactivate_bot_backend(request, user_profile, email):
try:
target = get_user_profile_by_email(email)
except UserProfile.DoesNotExist:
return json_error('No such bot')
if not target.is_bot:
return json_error('No such bot')
return _deactivate_user_profile_backend(request, user_profile, target)
def _deactivate_user_profile_backend(request, user_profile, target):
if not user_profile.can_admin_user(target): if not user_profile.can_admin_user(target):
return json_error('Insufficient permission') return json_error('Insufficient permission')

3
zproject/urls.py
View File

@ -226,7 +226,8 @@ v1_api_and_json_patterns = patterns('zerver.views',
url(r'^bots/(?P<email>.*)/api_key/regenerate$', 'rest_dispatch', url(r'^bots/(?P<email>.*)/api_key/regenerate$', 'rest_dispatch',
{'POST': 'regenerate_bot_api_key'}), {'POST': 'regenerate_bot_api_key'}),
url(r'^bots/(?P<email>.*)$', 'rest_dispatch', url(r'^bots/(?P<email>.*)$', 'rest_dispatch',
{'PATCH': 'patch_bot_backend'}), {'PATCH': 'patch_bot_backend',
'DELETE': 'deactivate_bot_backend'}),
url(r'^register$', 'rest_dispatch', url(r'^register$', 'rest_dispatch',
{'POST': 'api_events_register'}), {'POST': 'api_events_register'}),