From 66693f210110b22c439ac62fd0985500cb5a34dc Mon Sep 17 00:00:00 2001 From: Sahil Batra Date: Thu, 6 Apr 2023 11:43:16 +0530 Subject: [PATCH] user_groups: Add allow_nobody_group to access_user_group_for_setting. This commit adds allow_nobody_group parameter to access_user_group_for_setting with a default value of True. --- zerver/lib/user_groups.py | 6 ++++++ zerver/tests/test_subs.py | 23 +++++++++++++++++++++++ zerver/views/streams.py | 2 ++ 3 files changed, 31 insertions(+) diff --git a/zerver/lib/user_groups.py b/zerver/lib/user_groups.py index 5dee142aa0..dcd6bcc708 100644 --- a/zerver/lib/user_groups.py +++ b/zerver/lib/user_groups.py @@ -65,6 +65,7 @@ def access_user_group_for_setting( require_system_group: bool = False, allow_internet_group: bool = False, allow_owners_group: bool = False, + allow_nobody_group: bool = True, ) -> UserGroup: user_group = access_user_group_by_id(user_group_id, user_profile, for_read=True) @@ -81,6 +82,11 @@ def access_user_group_for_setting( _("'{}' setting cannot be set to '@role:owners' group.").format(setting_name) ) + if not allow_nobody_group and user_group.name == UserGroup.NOBODY_GROUP_NAME: + raise JsonableError( + _("'{}' setting cannot be set to '@role:nobody' group.").format(setting_name) + ) + return user_group diff --git a/zerver/tests/test_subs.py b/zerver/tests/test_subs.py index 3228c7f3cf..5a2d19f594 100644 --- a/zerver/tests/test_subs.py +++ b/zerver/tests/test_subs.py @@ -541,6 +541,19 @@ class TestCreateStreams(ZulipTestCase): "'can_remove_subscribers_group' setting cannot be set to '@role:owners' group.", ) + nobody_group = UserGroup.objects.get(name="@role:nobody", is_system_group=True, realm=realm) + post_data = { + "subscriptions": orjson.dumps( + [{"name": "new_stream3", "description": "Third new stream"}] + ).decode(), + "can_remove_subscribers_group_id": orjson.dumps(nobody_group.id).decode(), + } + result = self.api_post(user, "/api/v1/users/me/subscriptions", post_data, subdomain="zulip") + self.assert_json_error( + result, + "'can_remove_subscribers_group' setting cannot be set to '@role:nobody' group.", + ) + class RecipientTest(ZulipTestCase): def test_recipient(self) -> None: @@ -2104,6 +2117,16 @@ class StreamAdminTest(ZulipTestCase): "'can_remove_subscribers_group' setting cannot be set to '@role:owners' group.", ) + nobody_group = UserGroup.objects.get(name="@role:nobody", is_system_group=True, realm=realm) + result = self.client_patch( + f"/json/streams/{stream.id}", + {"can_remove_subscribers_group_id": orjson.dumps(nobody_group.id).decode()}, + ) + self.assert_json_error( + result, + "'can_remove_subscribers_group' setting cannot be set to '@role:nobody' group.", + ) + # For private streams, even admins must be subscribed to the stream to change # can_remove_subscribers_group setting. stream = self.make_stream("stream_name2", invite_only=True) diff --git a/zerver/views/streams.py b/zerver/views/streams.py index b039771f20..804f517a18 100644 --- a/zerver/views/streams.py +++ b/zerver/views/streams.py @@ -406,6 +406,7 @@ def update_stream_backend( require_system_group=permissions_configuration.require_system_group, allow_internet_group=permissions_configuration.allow_internet_group, allow_owners_group=permissions_configuration.allow_owners_group, + allow_nobody_group=permissions_configuration.allow_nobody_group, ) do_change_stream_group_based_setting( stream, setting_name, user_group, acting_user=user_profile @@ -587,6 +588,7 @@ def add_subscriptions_backend( user_profile, setting_name="can_remove_subscribers_group", require_system_group=True, + allow_nobody_group=False, ) else: can_remove_subscribers_group = UserGroup.objects.get(