Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mirror: Check whether the user is a recipient by id. 

(imported from commit e50f0b00d8e3cb00fdc7af3872b5adc38c432dcc)
This commit is contained in:
Tim Abbott 2012-11-15 15:35:23 -05:00
parent 4fe089e1ce
commit 5230382e4d
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
zephyr/views.py
View File

@ -567,9 +567,6 @@ def send_message_backend(request, user_profile, client_name,
recipient = Recipient.objects.get(type_id=stream.id, type=Recipient.STREAM) recipient = Recipient.objects.get(type_id=stream.id, type=Recipient.STREAM)
elif message_type_name == 'private': elif message_type_name == 'private':
pm_recipients = extract_recipients(request) pm_recipients = extract_recipients(request)
if client_name == "zephyr_mirror":
if user_profile.user.email not in pm_recipients and not forged:
return json_error("User not authorized for this query")
recipient_profile_ids = set() recipient_profile_ids = set()
for recipient in pm_recipients: for recipient in pm_recipients:
@ -580,6 +577,10 @@ def send_message_backend(request, user_profile, client_name,
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
return json_error("Invalid email '%s'" % (recipient,)) return json_error("Invalid email '%s'" % (recipient,))
if client_name == "zephyr_mirror":
if user_profile.id not in recipient_profile_ids and not forged:
return json_error("User not authorized for this query")
# If the private message is just between the sender and # If the private message is just between the sender and
# another person, force it to be a personal internally # another person, force it to be a personal internally
if (len(recipient_profile_ids) == 2 if (len(recipient_profile_ids) == 2