settings: Add moderators-only option in create_stream_policy.

This commit modifies the has_permission function to include realm moderator role. Thus this adds a new option of moderators only for create_stream_policy. Though this automatically adds this option for invite_to_stream_policy also, but we will keep other code for showing error and for tests in a separate commit.
2021-03-21 22:47:45 +05:30 · 2021-03-21 22:47:45 +05:30 · 5b32dcd2e7
parent 911854d0bf
commit 5b32dcd2e7
3 changed files with 42 additions and 4 deletions
--- a/zerver/lib/streams.py
+++ b/zerver/lib/streams.py
@ -604,6 +604,8 @@ def list_to_streams(
        if not user_profile.can_create_streams():
            if user_profile.realm.create_stream_policy == Realm.POLICY_ADMINS_ONLY:
                raise JsonableError(_("Only administrators can create streams."))
+            if user_profile.realm.create_stream_policy == Realm.POLICY_MODERATORS_ONLY:
+                raise JsonableError(_("Only administrators and moderators can create streams."))
            if user_profile.realm.create_stream_policy == Realm.POLICY_FULL_MEMBERS_ONLY:
                raise JsonableError(_("Your account is too new to create streams."))
            raise JsonableError(_("Not allowed for guest users"))
--- a/zerver/models.py
+++ b/zerver/models.py
@ -253,11 +253,13 @@ class Realm(models.Model):
    POLICY_MEMBERS_ONLY = 1
    POLICY_ADMINS_ONLY = 2
    POLICY_FULL_MEMBERS_ONLY = 3
+    POLICY_MODERATORS_ONLY = 4

    COMMON_POLICY_TYPES = [
        POLICY_MEMBERS_ONLY,
        POLICY_ADMINS_ONLY,
        POLICY_FULL_MEMBERS_ONLY,
+        POLICY_MODERATORS_ONLY,
    ]

    # Who in the organization is allowed to create streams.
@ -1449,6 +1451,12 @@ class UserProfile(AbstractBaseUser, PermissionsMixin):
        if policy_value == Realm.POLICY_ADMINS_ONLY:
            return False

+        if self.is_moderator:
+            return True
+
+        if policy_value == Realm.POLICY_MODERATORS_ONLY:
+            return False
+
        if self.is_guest:
            return False

--- a/zerver/tests/test_subs.py
+++ b/zerver/tests/test_subs.py
@ -3216,6 +3216,7 @@ class SubscriptionAPITest(ZulipTestCase):
        do_set_realm_property(
            realm, "create_stream_policy", Realm.POLICY_ADMINS_ONLY, acting_user=None
        )
+        do_change_user_role(user_profile, UserProfile.ROLE_MODERATOR, acting_user=None)
        result = self.common_subscribe_to_streams(
            user_profile,
            ["new_stream1"],
@ -3226,6 +3227,23 @@ class SubscriptionAPITest(ZulipTestCase):
        do_change_user_role(user_profile, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
        self.common_subscribe_to_streams(user_profile, ["new_stream1"])

+        do_set_realm_property(
+            realm, "create_stream_policy", Realm.POLICY_MODERATORS_ONLY, acting_user=None
+        )
+        do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None)
+        # Make sure that we are checking the permission with a full member,
+        # as full member is the user just below moderator in the role hierarchy.
+        self.assertFalse(user_profile.is_provisional_member)
+        result = self.common_subscribe_to_streams(
+            user_profile,
+            ["new_stream2"],
+            allow_fail=True,
+        )
+        self.assert_json_error(result, "Only administrators and moderators can create streams.")
+
+        do_change_user_role(user_profile, UserProfile.ROLE_MODERATOR, acting_user=None)
+        self.common_subscribe_to_streams(user_profile, ["new_stream2"])
+
        do_set_realm_property(
            realm, "create_stream_policy", Realm.POLICY_MEMBERS_ONLY, acting_user=None
        )
@ -3240,7 +3258,7 @@ class SubscriptionAPITest(ZulipTestCase):
        do_change_user_role(user_profile, UserProfile.ROLE_MEMBER, acting_user=None)
        self.common_subscribe_to_streams(
            self.test_user,
-            ["new_stream2"],
+            ["new_stream3"],
        )

        do_set_realm_property(
@ -3249,7 +3267,7 @@ class SubscriptionAPITest(ZulipTestCase):
        do_set_realm_property(realm, "waiting_period_threshold", 100000, acting_user=None)
        result = self.common_subscribe_to_streams(
            user_profile,
-            ["new_stream3"],
+            ["new_stream4"],
            allow_fail=True,
        )
        self.assert_json_error(result, "Your account is too new to create streams.")
@ -3262,12 +3280,20 @@ class SubscriptionAPITest(ZulipTestCase):
        do_change_user_role(othello, UserProfile.ROLE_REALM_ADMINISTRATOR, acting_user=None)
        self.assertTrue(othello.can_create_streams())

-        do_change_user_role(othello, UserProfile.ROLE_MEMBER, acting_user=None)
+        do_change_user_role(othello, UserProfile.ROLE_MODERATOR, acting_user=None)
        do_set_realm_property(
            othello.realm, "create_stream_policy", Realm.POLICY_ADMINS_ONLY, acting_user=None
        )
+        self.assertFalse(othello.can_create_streams())
+
+        do_set_realm_property(
+            othello.realm, "create_stream_policy", Realm.POLICY_MODERATORS_ONLY, acting_user=None
+        )
+        self.assertTrue(othello.can_create_streams())
+
+        do_change_user_role(othello, UserProfile.ROLE_MEMBER, acting_user=None)
        # Make sure that we are checking the permission with a full member,
-        # as full member is the user just below admin in the role hierarchy.
+        # as full member is the user just below moderator in the role hierarchy.
        self.assertFalse(othello.is_provisional_member)
        self.assertFalse(othello.can_create_streams())

@ -3289,6 +3315,8 @@ class SubscriptionAPITest(ZulipTestCase):
        )
        self.assertFalse(othello.can_create_streams())

+        # Ensure that the new moderators can also create streams because moderator
+        # being above the full member in role hierarchy.
        do_change_user_role(othello, UserProfile.ROLE_MODERATOR, acting_user=None)
        self.assertTrue(othello.can_create_streams())