settings: Remove create_web_public_stream_policy setting.

This commit removes create_web_public_stream_policy setting
since web-public channel creation permissions are now
handled by group-based setting.

We still pass "realm_create_web_public_stream_policy" in
"/register" response though for older clients with its
value being set depending on the value of group based
setting. If we cannot set its value to an appropriate enum
corresponding to the group setting, then we set it to
"Admins and moderators" considering that server will not
allow the users without permissions to create web-public
channels but the client can make sure that UI is
available to the users who have permission.
This commit is contained in:
Sahil Batra 2024-07-26 13:13:58 +05:30 committed by Tim Abbott
parent 506ead4468
commit 6919448917
10 changed files with 63 additions and 31 deletions

View File

@ -26,6 +26,15 @@ format used by the Zulip server that they are interacting with.
[`GET /events`](/api/get-events): Added `can_create_web_public_channel_group` [`GET /events`](/api/get-events): Added `can_create_web_public_channel_group`
realm setting, which is a [group-setting value](/api/group-setting-values) realm setting, which is a [group-setting value](/api/group-setting-values)
describing the set of users with permission to create web-public channels. describing the set of users with permission to create web-public channels.
* `PATCH /realm`, [`GET /events`](/api/get-events): Removed
`create_web_public_stream_policy` property, as the permission to create
web-public channels is now controlled by `can_create_web_public_channel_group`
setting.
* [`POST /register`](/api/register-queue): `realm_create_web_public_stream_policy`
field is deprecated, having been replaced by `can_create_web_public_channel_group`.
Notably, this backwards-compatible `realm_create_web_public_stream_policy` value
now contains the superset of the true value that best approximates the actual
permission setting.
Feature levels 278-279 are reserved for future use in 9.x maintenance Feature levels 278-279 are reserved for future use in 9.x maintenance
releases. releases.

View File

@ -34,7 +34,7 @@ DESKTOP_WARNING_VERSION = "5.9.3"
# new level means in api_docs/changelog.md, as well as "**Changes**" # new level means in api_docs/changelog.md, as well as "**Changes**"
# entries in the endpoint's documentation in `zulip.yaml`. # entries in the endpoint's documentation in `zulip.yaml`.
API_FEATURE_LEVEL = 277 # Last bumped for Zulip 9.0 API_FEATURE_LEVEL = 280 # Last bumped for can_create_web_public_channel_group
# Bump the minor PROVISION_VERSION to indicate that folks should provision # Bump the minor PROVISION_VERSION to indicate that folks should provision

View File

@ -303,6 +303,13 @@ def fetch_initial_state_data(
realm, "can_create_private_channel_group", Realm.COMMON_POLICY_TYPES realm, "can_create_private_channel_group", Realm.COMMON_POLICY_TYPES
) )
) )
state["realm_create_web_public_stream_policy"] = (
get_corresponding_policy_value_for_group_setting(
realm,
"can_create_web_public_channel_group",
Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES,
)
)
# Most state is handled via the property_types framework; # Most state is handled via the property_types framework;
# these manual entries are for those realm settings that don't # these manual entries are for those realm settings that don't
@ -1287,6 +1294,13 @@ def apply_event(
) )
state["can_create_private_streams"] = user_profile.has_permission(key) state["can_create_private_streams"] = user_profile.has_permission(key)
else: else:
state["realm_create_web_public_stream_policy"] = (
get_corresponding_policy_value_for_group_setting(
user_profile.realm,
"can_create_web_public_channel_group",
Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES,
)
)
state["can_create_web_public_streams"] = user_profile.has_permission(key) state["can_create_web_public_streams"] = user_profile.has_permission(key)
state["can_create_streams"] = ( state["can_create_streams"] = (

View File

@ -0,0 +1,16 @@
# Generated by Django 5.0.6 on 2024-07-26 07:18
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("zerver", "0561_alter_realm_can_create_web_public_channel_group"),
]
operations = [
migrations.RemoveField(
model_name="realm",
name="create_web_public_stream_policy",
),
]

View File

@ -298,10 +298,6 @@ class Realm(models.Model): # type: ignore[django-manager-missing] # django-stub
) )
# Who in the organization is allowed to create streams. # Who in the organization is allowed to create streams.
create_web_public_stream_policy = models.PositiveSmallIntegerField(
default=CreateWebPublicStreamPolicyEnum.OWNERS_ONLY
)
can_create_public_channel_group = models.ForeignKey( can_create_public_channel_group = models.ForeignKey(
"UserGroup", on_delete=models.RESTRICT, related_name="+" "UserGroup", on_delete=models.RESTRICT, related_name="+"
) )
@ -649,7 +645,6 @@ class Realm(models.Model): # type: ignore[django-manager-missing] # django-stub
allow_message_editing=bool, allow_message_editing=bool,
avatar_changes_disabled=bool, avatar_changes_disabled=bool,
bot_creation_policy=int, bot_creation_policy=int,
create_web_public_stream_policy=int,
default_code_block_language=str, default_code_block_language=str,
default_language=str, default_language=str,
delete_own_message_policy=int, delete_own_message_policy=int,
@ -1188,6 +1183,12 @@ def get_corresponding_policy_value_for_group_setting(
# If the group setting is not set to one of the role based groups # If the group setting is not set to one of the role based groups
# that the previous enum setting allowed, then just return the # that the previous enum setting allowed, then just return the
# enum value corresponding to largest group. # enum value corresponding to largest group.
if group_setting_name == "can_create_web_public_channel_group":
# Largest group allowed to create web-public channels is
# moderators group.
assert valid_policy_enums == Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES
return Realm.POLICY_MODERATORS_ONLY
assert valid_policy_enums == Realm.COMMON_POLICY_TYPES assert valid_policy_enums == Realm.COMMON_POLICY_TYPES
return Realm.POLICY_MEMBERS_ONLY return Realm.POLICY_MEMBERS_ONLY

View File

@ -782,7 +782,6 @@ class UserProfile(AbstractBaseUser, PermissionsMixin, UserBaseSettings):
"can_create_public_channel_group", "can_create_public_channel_group",
"can_create_web_public_channel_group", "can_create_web_public_channel_group",
"create_multiuse_invite_group", "create_multiuse_invite_group",
"create_web_public_stream_policy",
"delete_own_message_policy", "delete_own_message_policy",
"direct_message_initiator_group", "direct_message_initiator_group",
"direct_message_permission_group", "direct_message_permission_group",

View File

@ -4298,13 +4298,6 @@ paths:
**Changes**: New in Zulip 10.0 (feature level 280). Previously **Changes**: New in Zulip 10.0 (feature level 280). Previously
`realm_create_web_public_stream_policy` field used to control `realm_create_web_public_stream_policy` field used to control
the permission to create web-public channels. the permission to create web-public channels.
create_web_public_stream_policy:
type: integer
description: |
The [policy](/api/roles-and-permissions#permission-levels)
for which users can create web public channels in this organization.
**Changes**: New in Zulip 5.0 (feature level 103).
default_code_block_language: default_code_block_language:
type: string type: string
description: | description: |
@ -4409,8 +4402,8 @@ paths:
Can only be enabled if the `WEB_PUBLIC_STREAMS_ENABLED` Can only be enabled if the `WEB_PUBLIC_STREAMS_ENABLED`
[server setting][server-settings] is enabled on the Zulip [server setting][server-settings] is enabled on the Zulip
server. See also the `create_web_public_stream_policy` realm server. See also the `can_create_web_public_channel_group`
setting. realm setting.
[server-settings]: https://zulip.readthedocs.io/en/stable/production/settings.html [server-settings]: https://zulip.readthedocs.io/en/stable/production/settings.html
@ -9719,7 +9712,7 @@ paths:
to be enabled on the Zulip server in question, the organization to be enabled on the Zulip server in question, the organization
to have enabled the `enable_spectator_access` realm setting, and to have enabled the `enable_spectator_access` realm setting, and
the current use to have permission under the organization's the current use to have permission under the organization's
`create_web_public_stream_policy` realm setting. `can_create_web_public_channel_group` realm setting.
[server-settings]: https://zulip.readthedocs.io/en/stable/production/settings.html [server-settings]: https://zulip.readthedocs.io/en/stable/production/settings.html
@ -15535,23 +15528,28 @@ paths:
[calc-full-member]: /api/roles-and-permissions#determining-if-a-user-is-a-full-member [calc-full-member]: /api/roles-and-permissions#determining-if-a-user-is-a-full-member
realm_create_web_public_stream_policy: realm_create_web_public_stream_policy:
type: integer type: integer
deprecated: true
description: | description: |
Present if `realm` is present in `fetch_event_types`. Present if `realm` is present in `fetch_event_types`.
Has no effect and should not be displayed in settings UI A deprecated representation of a superset of the users who
unless the Zulip server has the `WEB_PUBLIC_STREAMS_ENABLED` have permission to create web-public channels in the
server-level setting enabled and the organization has enabled organization, available for backwards-compatibility. Clients
the `enable_spectator_access` realm setting. should use `can_create_web_public_channel_group` instead.
The [policy][permission-level] for which users can create web It is an enum with the following possible values, corresponding
public channels in this organization. Allowed to roles/system groups:
values are:
- 2 = Admins only - 2 = Admins only
- 4 = Admins and moderators only - 4 = Admins and moderators only
- 6 = Nobody - 6 = Nobody
- 7 = Owners only - 7 = Owners only
**Changes**: Deprecated in Zulip 10.0 (feature level 280) and
replaced by `realm_can_create_web_public_channel_group`, which
supports finer resolution of configurations, resulting in this
property being inaccurate following that transition.
**Changes**: Added in Zulip 5.0 (feature level 103). **Changes**: Added in Zulip 5.0 (feature level 103).
[permission-level]: /api/roles-and-permissions#permission-levels [permission-level]: /api/roles-and-permissions#permission-levels
@ -15786,7 +15784,7 @@ paths:
Can only be enabled if the `WEB_PUBLIC_STREAMS_ENABLED` Can only be enabled if the `WEB_PUBLIC_STREAMS_ENABLED`
[server setting][server-settings] is enabled on the Zulip [server setting][server-settings] is enabled on the Zulip
server. See also the `create_web_public_stream_policy` realm server. See also the `can_create_web_public_channel_group` realm
setting. setting.
**Changes**: New in Zulip 5.0 (feature level 109). **Changes**: New in Zulip 5.0 (feature level 109).
@ -18943,7 +18941,7 @@ paths:
to be enabled on the Zulip server in question, the organization to be enabled on the Zulip server in question, the organization
to have enabled the `enable_spectator_access` realm setting, and to have enabled the `enable_spectator_access` realm setting, and
the current use to have permission under the organization's the current use to have permission under the organization's
`create_web_public_stream_policy` realm setting. `can_create_web_public_channel_group` realm setting.
[server-settings]: https://zulip.readthedocs.io/en/stable/production/settings.html [server-settings]: https://zulip.readthedocs.io/en/stable/production/settings.html

View File

@ -3440,7 +3440,6 @@ class RealmPropertyActionTest(BaseAction):
message_retention_days=[10, 20], message_retention_days=[10, 20],
name=["Zulip", "New Name"], name=["Zulip", "New Name"],
waiting_period_threshold=[1000, 2000], waiting_period_threshold=[1000, 2000],
create_web_public_stream_policy=Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES,
invite_to_stream_policy=Realm.COMMON_POLICY_TYPES, invite_to_stream_policy=Realm.COMMON_POLICY_TYPES,
user_group_edit_policy=Realm.COMMON_POLICY_TYPES, user_group_edit_policy=Realm.COMMON_POLICY_TYPES,
wildcard_mention_policy=Realm.WILDCARD_MENTION_POLICY_TYPES, wildcard_mention_policy=Realm.WILDCARD_MENTION_POLICY_TYPES,

View File

@ -841,7 +841,6 @@ class RealmTest(ZulipTestCase):
invalid_values = dict( invalid_values = dict(
bot_creation_policy=10, bot_creation_policy=10,
create_web_public_stream_policy=10,
invite_to_stream_policy=10, invite_to_stream_policy=10,
message_retention_days=10, message_retention_days=10,
video_chat_provider=10, video_chat_provider=10,
@ -1558,7 +1557,6 @@ class RealmAPITest(ZulipTestCase):
message_retention_days=[10, 20], message_retention_days=[10, 20],
name=["Zulip", "New Name"], name=["Zulip", "New Name"],
waiting_period_threshold=[10, 20], waiting_period_threshold=[10, 20],
create_web_public_stream_policy=Realm.CREATE_WEB_PUBLIC_STREAM_POLICY_TYPES,
user_group_edit_policy=Realm.COMMON_POLICY_TYPES, user_group_edit_policy=Realm.COMMON_POLICY_TYPES,
invite_to_stream_policy=Realm.COMMON_POLICY_TYPES, invite_to_stream_policy=Realm.COMMON_POLICY_TYPES,
wildcard_mention_policy=Realm.WILDCARD_MENTION_POLICY_TYPES, wildcard_mention_policy=Realm.WILDCARD_MENTION_POLICY_TYPES,

View File

@ -53,7 +53,6 @@ from zerver.models.realms import (
BotCreationPolicyEnum, BotCreationPolicyEnum,
CommonMessagePolicyEnum, CommonMessagePolicyEnum,
CommonPolicyEnum, CommonPolicyEnum,
CreateWebPublicStreamPolicyEnum,
DigestWeekdayEnum, DigestWeekdayEnum,
EditTopicPolicyEnum, EditTopicPolicyEnum,
InviteToRealmPolicyEnum, InviteToRealmPolicyEnum,
@ -147,7 +146,6 @@ def update_realm(
can_create_web_public_channel_group: Json[GroupSettingChangeRequest] | None = None, can_create_web_public_channel_group: Json[GroupSettingChangeRequest] | None = None,
direct_message_initiator_group: Json[GroupSettingChangeRequest] | None = None, direct_message_initiator_group: Json[GroupSettingChangeRequest] | None = None,
direct_message_permission_group: Json[GroupSettingChangeRequest] | None = None, direct_message_permission_group: Json[GroupSettingChangeRequest] | None = None,
create_web_public_stream_policy: Json[CreateWebPublicStreamPolicyEnum] | None = None,
invite_to_stream_policy: Json[CommonPolicyEnum] | None = None, invite_to_stream_policy: Json[CommonPolicyEnum] | None = None,
move_messages_between_streams_policy: Json[MoveMessagesBetweenStreamsPolicyEnum] | None = None, move_messages_between_streams_policy: Json[MoveMessagesBetweenStreamsPolicyEnum] | None = None,
user_group_edit_policy: Json[CommonPolicyEnum] | None = None, user_group_edit_policy: Json[CommonPolicyEnum] | None = None,