org_settings: Add backend support to change bot role.

This commit attempts to add the backend support by extending the
/json/bots/{bot_id}/ url support to accept the role field as a
parameter. This was previously already possible via
`/json/users/{user_id}`, so this change just simplifies client
implementation.
This commit is contained in:
Somesh Ranjan 2022-05-07 12:33:02 +05:30 committed by Tim Abbott
parent 0b92e4c22f
commit 0b1f8c05e3
4 changed files with 49 additions and 2 deletions

View File

@ -20,6 +20,12 @@ format used by the Zulip server that they are interacting with.
## Changes in Zulip 6.0 ## Changes in Zulip 6.0
**Feature level 130**
* `PATCH /bots/{bot_user_id}`: Added support for changing a bot's role
via this endpoint. Previously, this could only be done via [`PATCH
/users/{user_id}`](/api/update-user).
**Feature level 129** **Feature level 129**
* [`POST /register`](/api/register-queue), * [`POST /register`](/api/register-queue),

View File

@ -33,7 +33,7 @@ DESKTOP_WARNING_VERSION = "5.4.3"
# Changes should be accompanied by documentation explaining what the # Changes should be accompanied by documentation explaining what the
# new level means in templates/zerver/api/changelog.md, as well as # new level means in templates/zerver/api/changelog.md, as well as
# "**Changes**" entries in the endpoint's documentation in `zulip.yaml`. # "**Changes**" entries in the endpoint's documentation in `zulip.yaml`.
API_FEATURE_LEVEL = 129 API_FEATURE_LEVEL = 130
# Bump the minor PROVISION_VERSION to indicate that folks should provision # Bump the minor PROVISION_VERSION to indicate that folks should provision
# only when going from an old version of the code to a newer version. Bump # only when going from an old version of the code to a newer version. Bump

View File

@ -10,7 +10,7 @@ from zulip_bots.custom_exceptions import ConfigValidationError
from zerver.actions.realm_settings import do_set_realm_property from zerver.actions.realm_settings import do_set_realm_property
from zerver.actions.streams import do_change_stream_permission from zerver.actions.streams import do_change_stream_permission
from zerver.actions.users import do_change_can_create_users, do_deactivate_user from zerver.actions.users import do_change_can_create_users, do_change_user_role, do_deactivate_user
from zerver.lib.bot_config import ConfigError, get_bot_config from zerver.lib.bot_config import ConfigError, get_bot_config
from zerver.lib.bot_lib import get_bot_handler from zerver.lib.bot_lib import get_bot_handler
from zerver.lib.integrations import EMBEDDED_BOTS, WebhookIntegration from zerver.lib.integrations import EMBEDDED_BOTS, WebhookIntegration
@ -1169,6 +1169,31 @@ class BotTest(ZulipTestCase, UploadSerializeMixin):
bot = self.get_bot() bot = self.get_bot()
self.assertEqual(None, bot["default_sending_stream"]) self.assertEqual(None, bot["default_sending_stream"])
def test_patch_bot_role(self) -> None:
self.login("desdemona")
email = "default-bot@zulip.com"
user_profile = self.get_bot_user(email)
do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=user_profile)
req = dict(role=UserProfile.ROLE_GUEST)
result = self.client_patch(f"/json/bots/{self.get_bot_user(email).id}", req)
self.assert_json_success(result)
user_profile = self.get_bot_user(email)
self.assertEqual(user_profile.role, UserProfile.ROLE_GUEST)
# Test for not allowing a non-owner user to make assign a bot an owner role
desdemona = self.example_user("desdemona")
do_change_user_role(desdemona, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
req = dict(role=UserProfile.ROLE_REALM_OWNER)
result = self.client_patch(f"/json/bots/{self.get_bot_user(email).id}", req)
self.assert_json_error(result, "Must be an organization owner")
def test_patch_bot_to_stream_private_allowed(self) -> None: def test_patch_bot_to_stream_private_allowed(self) -> None:
self.login("hamlet") self.login("hamlet")
user_profile = self.example_user("hamlet") user_profile = self.example_user("hamlet")

View File

@ -193,6 +193,8 @@ def update_user_backend(
# grant/remove the role in question. access_user_by_id has # grant/remove the role in question. access_user_by_id has
# already verified we're an administrator; here we enforce # already verified we're an administrator; here we enforce
# that only owners can toggle the is_realm_owner flag. # that only owners can toggle the is_realm_owner flag.
#
# Logic replicated in patch_bot_backend.
if UserProfile.ROLE_REALM_OWNER in [role, target.role] and not user_profile.is_realm_owner: if UserProfile.ROLE_REALM_OWNER in [role, target.role] and not user_profile.is_realm_owner:
raise OrganizationOwnerRequired() raise OrganizationOwnerRequired()
@ -302,6 +304,12 @@ def patch_bot_backend(
user_profile: UserProfile, user_profile: UserProfile,
bot_id: int, bot_id: int,
full_name: Optional[str] = REQ(default=None), full_name: Optional[str] = REQ(default=None),
role: Optional[int] = REQ(
default=None,
json_validator=check_int_in(
UserProfile.ROLE_TYPES,
),
),
bot_owner_id: Optional[int] = REQ(json_validator=check_int, default=None), bot_owner_id: Optional[int] = REQ(json_validator=check_int, default=None),
config_data: Optional[Dict[str, str]] = REQ( config_data: Optional[Dict[str, str]] = REQ(
default=None, json_validator=check_dict(value_validator=check_string) default=None, json_validator=check_dict(value_validator=check_string)
@ -316,6 +324,14 @@ def patch_bot_backend(
if full_name is not None: if full_name is not None:
check_change_bot_full_name(bot, full_name, user_profile) check_change_bot_full_name(bot, full_name, user_profile)
if role is not None and bot.role != role:
# Logic duplicated from update_user_backend.
if UserProfile.ROLE_REALM_OWNER in [role, bot.role] and not user_profile.is_realm_owner:
raise OrganizationOwnerRequired()
do_change_user_role(bot, role, acting_user=user_profile)
if bot_owner_id is not None: if bot_owner_id is not None:
try: try:
owner = get_user_profile_by_id_in_realm(bot_owner_id, user_profile.realm) owner = get_user_profile_by_id_in_realm(bot_owner_id, user_profile.realm)