user_groups: Add allow_nobody_group to access_user_group_for_setting.

This commit adds allow_nobody_group parameter to access_user_group_for_setting with a default value of True.
2023-04-06 11:43:16 +05:30 · 2023-04-06 11:43:16 +05:30 · 66693f2101
parent 5237e9008f
commit 66693f2101
3 changed files with 31 additions and 0 deletions
--- a/zerver/lib/user_groups.py
+++ b/zerver/lib/user_groups.py
@ -65,6 +65,7 @@ def access_user_group_for_setting(
    require_system_group: bool = False,
    allow_internet_group: bool = False,
    allow_owners_group: bool = False,
+    allow_nobody_group: bool = True,
 ) -> UserGroup:
    user_group = access_user_group_by_id(user_group_id, user_profile, for_read=True)

@ -81,6 +82,11 @@ def access_user_group_for_setting(
            _("'{}' setting cannot be set to '@role:owners' group.").format(setting_name)
        )

+    if not allow_nobody_group and user_group.name == UserGroup.NOBODY_GROUP_NAME:
+        raise JsonableError(
+            _("'{}' setting cannot be set to '@role:nobody' group.").format(setting_name)
+        )
+
    return user_group


--- a/zerver/tests/test_subs.py
+++ b/zerver/tests/test_subs.py
@ -541,6 +541,19 @@ class TestCreateStreams(ZulipTestCase):
            "'can_remove_subscribers_group' setting cannot be set to '@role:owners' group.",
        )

+        nobody_group = UserGroup.objects.get(name="@role:nobody", is_system_group=True, realm=realm)
+        post_data = {
+            "subscriptions": orjson.dumps(
+                [{"name": "new_stream3", "description": "Third new stream"}]
+            ).decode(),
+            "can_remove_subscribers_group_id": orjson.dumps(nobody_group.id).decode(),
+        }
+        result = self.api_post(user, "/api/v1/users/me/subscriptions", post_data, subdomain="zulip")
+        self.assert_json_error(
+            result,
+            "'can_remove_subscribers_group' setting cannot be set to '@role:nobody' group.",
+        )
+

 class RecipientTest(ZulipTestCase):
    def test_recipient(self) -> None:
@ -2104,6 +2117,16 @@ class StreamAdminTest(ZulipTestCase):
            "'can_remove_subscribers_group' setting cannot be set to '@role:owners' group.",
        )

+        nobody_group = UserGroup.objects.get(name="@role:nobody", is_system_group=True, realm=realm)
+        result = self.client_patch(
+            f"/json/streams/{stream.id}",
+            {"can_remove_subscribers_group_id": orjson.dumps(nobody_group.id).decode()},
+        )
+        self.assert_json_error(
+            result,
+            "'can_remove_subscribers_group' setting cannot be set to '@role:nobody' group.",
+        )
+
        # For private streams, even admins must be subscribed to the stream to change
        # can_remove_subscribers_group setting.
        stream = self.make_stream("stream_name2", invite_only=True)
--- a/zerver/views/streams.py
+++ b/zerver/views/streams.py
@ -406,6 +406,7 @@ def update_stream_backend(
                require_system_group=permissions_configuration.require_system_group,
                allow_internet_group=permissions_configuration.allow_internet_group,
                allow_owners_group=permissions_configuration.allow_owners_group,
+                allow_nobody_group=permissions_configuration.allow_nobody_group,
            )
            do_change_stream_group_based_setting(
                stream, setting_name, user_group, acting_user=user_profile
@ -587,6 +588,7 @@ def add_subscriptions_backend(
            user_profile,
            setting_name="can_remove_subscribers_group",
            require_system_group=True,
+            allow_nobody_group=False,
        )
    else:
        can_remove_subscribers_group = UserGroup.objects.get(