/json/bots: Return "No user" if access other realms bot.

Instead of returning warning "Insufficient Permission", return
"No such bot" warning if user tries to access other realms bot."

zerver/tests/test_bots.py

@@ -487,7 +487,7 @@ class BotTest(ZulipTestCase, UploadSerializeMixin):
         bot = get_user(bot_email, realm)
         self.login(self.example_email("iago"))
         result = self.client_delete("/json/bots/{}".format(bot.id))
-        self.assert_json_error(result, 'Insufficient permission')
+        self.assert_json_error(result, 'No such bot')
 
     def test_bot_deactivation_attacks(self) -> None:
         """You cannot deactivate somebody else's bot."""

zerver/views/users.py

@@ -63,7 +63,7 @@ def check_last_admin(user_profile: UserProfile) -> bool:
 def deactivate_bot_backend(request: HttpRequest, user_profile: UserProfile,
                            bot_id: int) -> HttpResponse:
     try:
-        target = get_user_profile_by_id(bot_id)
+        target = get_user_profile_by_id_in_realm(bot_id, user_profile.realm)
     except UserProfile.DoesNotExist:
         return json_error(_('No such bot'))
     if not target.is_bot:
@@ -170,7 +170,7 @@ def patch_bot_backend(
         default_all_public_streams: Optional[bool]=REQ(default=None, validator=check_bool)
 ) -> HttpResponse:
     try:
-        bot = get_user_profile_by_id(bot_id)
+        bot = get_user_profile_by_id_in_realm(bot_id, user_profile.realm)
     except UserProfile.DoesNotExist:
         return json_error(_('No such user'))
 
@@ -248,7 +248,7 @@ def patch_bot_backend(
 @has_request_variables
 def regenerate_bot_api_key(request: HttpRequest, user_profile: UserProfile, bot_id: int) -> HttpResponse:
     try:
-        bot = get_user_profile_by_id(bot_id)
+        bot = get_user_profile_by_id_in_realm(bot_id, user_profile.realm)
     except UserProfile.DoesNotExist:
         return json_error(_('No such user'))