From 5ebe507c9b66b36c2f28c0c302161932dd191dcc Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Mon, 14 Aug 2017 15:44:34 -0700 Subject: [PATCH] decorator: Fix check for incoming webhook bots and move later The check itself was correct, but the error message was in fact the opposite of what this check is for. In other words, the only things these users can do is post messages, and the error message when you tried to do something else was to tell you that the user can't post messages. --- zerver/decorator.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/zerver/decorator.py b/zerver/decorator.py index 9c0f58237b..ecb97a2d83 100644 --- a/zerver/decorator.py +++ b/zerver/decorator.py @@ -206,9 +206,6 @@ def validate_api_key(request, role, api_key, is_webhook=False): profile = cast(UserProfile, profile) # is UserProfile if not profile.is_active: raise JsonableError(_("Account not active")) - if profile.is_incoming_webhook and not is_webhook: - raise JsonableError(_("Account is not valid to post webhook messages")) - if profile.realm.deactivated: raise JsonableError(_("Realm for account has been deactivated")) @@ -221,6 +218,9 @@ def validate_api_key(request, role, api_key, is_webhook=False): profile.email, get_subdomain(request))) raise JsonableError(_("Account is not associated with this subdomain")) + if profile.is_incoming_webhook and not is_webhook: + raise JsonableError(_("This API is not available to incoming webhook bots.")) + return profile def access_user_by_api_key(request, api_key):