Split bot deactivation from user deactivation

(imported from commit 153a870b244e040e3b5976f639866dbace5563f6)

static/js/settings.js

@@ -144,7 +144,7 @@ $(function () {
     $("#bots_list").on("click", "button.delete_bot", function (e) {
         var email = $(e.currentTarget).data('email');
         channel.del({
-            url: '/json/users/' + encodeURIComponent(email),
+            url: '/json/bots/' + encodeURIComponent(email),
             success: function () {
                 var row = $(e.currentTarget).closest("li");
                 row.hide('slow', function () { row.remove(); });

zerver/tests.py

@@ -332,6 +332,10 @@ class ActivateTest(AuthedTestCase):
         user = get_user_profile_by_email('hamlet@zulip.com')
         self.assertTrue(user.is_active)
 
+        # Can not deactivate a user as a bot
+        result = self.client_delete('/json/bots/hamlet@zulip.com')
+        self.assert_json_error(result, 'No such bot')
+
 class BotTest(AuthedTestCase):
     def assert_num_bots_equal(self, count):
         result = self.client.get("/json/bots")
@@ -348,7 +352,7 @@ class BotTest(AuthedTestCase):
         self.assert_json_success(result)
 
     def deactivate_bot(self):
-        result = self.client_delete("/json/users/hambot-bot@zulip.com")
+        result = self.client_delete("/json/bots/hambot-bot@zulip.com")
         self.assert_json_success(result)
 
     def test_add_bot(self):
@@ -373,8 +377,8 @@ class BotTest(AuthedTestCase):
         self.assert_num_bots_equal(0)
         self.create_bot()
         self.assert_num_bots_equal(1)
-        result = self.client_delete("/json/users/bogus-bot@zulip.com")
-        self.assert_json_error(result, 'No such user')
+        result = self.client_delete("/json/bots/bogus-bot@zulip.com")
+        self.assert_json_error(result, 'No such bot')
         self.assert_num_bots_equal(1)
 
     def test_bot_deactivation_attacks(self):
@@ -388,16 +392,22 @@ class BotTest(AuthedTestCase):
         # Hamlet's bot.
         self.login("othello@zulip.com")
 
-        result = self.client_delete("/json/users/hamlet@zulip.com")
-        self.assert_json_error(result, 'Insufficient permission')
+        # Can not deactivate a user as a bot
+        result = self.client_delete("/json/bots/hamlet@zulip.com")
+        self.assert_json_error(result, 'No such bot')
 
-        result = self.client_delete("/json/users/hambot-bot@zulip.com")
+        result = self.client_delete("/json/bots/hambot-bot@zulip.com")
         self.assert_json_error(result, 'Insufficient permission')
 
         # But we don't actually deactivate the other person's bot.
         self.login("hamlet@zulip.com")
         self.assert_num_bots_equal(1)
 
+        # Can not deactivate a bot as a user
+        result = self.client_delete("/json/users/hambot-bot@zulip.com")
+        self.assert_json_error(result, 'No such user')
+        self.assert_num_bots_equal(1)
+
     def test_bot_permissions(self):
         self.login("hamlet@zulip.com")
         self.assert_num_bots_equal(0)

zerver/views/__init__.py

@@ -1782,12 +1782,26 @@ def events_register_backend(request, user_profile, apply_markdown=True,
                              narrow=narrow)
     return json_success(ret)
 
+
 def deactivate_user_backend(request, user_profile, email):
     try:
         target = get_user_profile_by_email(email)
     except UserProfile.DoesNotExist:
         return json_error('No such user')
+    if target.is_bot:
+        return json_error('No such user')
+    return _deactivate_user_profile_backend(request, user_profile, target)
 
+def deactivate_bot_backend(request, user_profile, email):
+    try:
+        target = get_user_profile_by_email(email)
+    except UserProfile.DoesNotExist:
+        return json_error('No such bot')
+    if not target.is_bot:
+        return json_error('No such bot')
+    return _deactivate_user_profile_backend(request, user_profile, target)
+
+def _deactivate_user_profile_backend(request, user_profile, target):
     if not user_profile.can_admin_user(target):
         return json_error('Insufficient permission')
 

zproject/urls.py

@@ -226,7 +226,8 @@ v1_api_and_json_patterns = patterns('zerver.views',
     url(r'^bots/(?P<email>.*)/api_key/regenerate$', 'rest_dispatch',
             {'POST': 'regenerate_bot_api_key'}),
     url(r'^bots/(?P<email>.*)$', 'rest_dispatch',
-            {'PATCH': 'patch_bot_backend'}),
+            {'PATCH': 'patch_bot_backend',
+             'DELETE': 'deactivate_bot_backend'}),
     url(r'^register$', 'rest_dispatch',
             {'POST': 'api_events_register'}),