mirror of https://github.com/zulip/zulip.git
settings: Disallow everyone group for new setting.
This is important because the "guests" value isn't one that we'd expect anyone to pick intentionally, and in particular isn't an available option for the similar/adjacent "email invitations" setting.
This commit is contained in:
parent
88ec312b21
commit
6c83bbcbdb
|
@ -3,6 +3,7 @@ type GroupPermissionSetting = {
|
||||||
allow_internet_group: boolean;
|
allow_internet_group: boolean;
|
||||||
allow_owners_group: boolean;
|
allow_owners_group: boolean;
|
||||||
allow_nobody_group: boolean;
|
allow_nobody_group: boolean;
|
||||||
|
allow_everyone_group: boolean;
|
||||||
};
|
};
|
||||||
|
|
||||||
const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
|
const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
|
||||||
|
@ -13,6 +14,7 @@ const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
|
||||||
allow_internet_group: false,
|
allow_internet_group: false,
|
||||||
allow_owners_group: false,
|
allow_owners_group: false,
|
||||||
allow_nobody_group: false,
|
allow_nobody_group: false,
|
||||||
|
allow_everyone_group: true,
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
[
|
[
|
||||||
|
@ -22,6 +24,7 @@ const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
|
||||||
allow_internet_group: false,
|
allow_internet_group: false,
|
||||||
allow_owners_group: false,
|
allow_owners_group: false,
|
||||||
allow_nobody_group: true,
|
allow_nobody_group: true,
|
||||||
|
allow_everyone_group: false,
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
]);
|
]);
|
||||||
|
|
|
@ -231,8 +231,13 @@ export function get_realm_user_groups_for_dropdown_list_widget(
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
const {require_system_group, allow_internet_group, allow_owners_group, allow_nobody_group} =
|
const {
|
||||||
group_setting_config;
|
require_system_group,
|
||||||
|
allow_internet_group,
|
||||||
|
allow_owners_group,
|
||||||
|
allow_nobody_group,
|
||||||
|
allow_everyone_group,
|
||||||
|
} = group_setting_config;
|
||||||
|
|
||||||
const system_user_groups = settings_config.system_user_groups_list
|
const system_user_groups = settings_config.system_user_groups_list
|
||||||
.filter((group) => {
|
.filter((group) => {
|
||||||
|
@ -248,6 +253,10 @@ export function get_realm_user_groups_for_dropdown_list_widget(
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!allow_everyone_group && group.name === "role:everyone") {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
})
|
})
|
||||||
.map((group) => {
|
.map((group) => {
|
||||||
|
|
|
@ -287,6 +287,7 @@ class GroupPermissionSetting:
|
||||||
allow_internet_group: bool
|
allow_internet_group: bool
|
||||||
allow_owners_group: bool
|
allow_owners_group: bool
|
||||||
allow_nobody_group: bool
|
allow_nobody_group: bool
|
||||||
|
allow_everyone_group: bool
|
||||||
default_group_name: str
|
default_group_name: str
|
||||||
id_field_name: str
|
id_field_name: str
|
||||||
default_for_system_groups: Optional[str] = None
|
default_for_system_groups: Optional[str] = None
|
||||||
|
|
|
@ -173,6 +173,7 @@ def access_user_group_for_setting(
|
||||||
allow_internet_group: bool = False,
|
allow_internet_group: bool = False,
|
||||||
allow_owners_group: bool = False,
|
allow_owners_group: bool = False,
|
||||||
allow_nobody_group: bool = True,
|
allow_nobody_group: bool = True,
|
||||||
|
allow_everyone_group: bool = True,
|
||||||
) -> UserGroup:
|
) -> UserGroup:
|
||||||
user_group = access_user_group_by_id(user_group_id, user_profile, for_read=True)
|
user_group = access_user_group_by_id(user_group_id, user_profile, for_read=True)
|
||||||
|
|
||||||
|
@ -202,6 +203,13 @@ def access_user_group_for_setting(
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if not allow_everyone_group and user_group.name == UserGroup.EVERYONE_GROUP_NAME:
|
||||||
|
raise JsonableError(
|
||||||
|
_("'{setting_name}' setting cannot be set to 'role:everyone' group.").format(
|
||||||
|
setting_name=setting_name
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
return user_group
|
return user_group
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -765,6 +765,7 @@ class Realm(models.Model): # type: ignore[django-manager-missing] # django-stub
|
||||||
allow_internet_group=False,
|
allow_internet_group=False,
|
||||||
allow_owners_group=False,
|
allow_owners_group=False,
|
||||||
allow_nobody_group=True,
|
allow_nobody_group=True,
|
||||||
|
allow_everyone_group=False,
|
||||||
default_group_name=ADMINISTRATORS_GROUP_NAME,
|
default_group_name=ADMINISTRATORS_GROUP_NAME,
|
||||||
id_field_name="create_multiuse_invite_group_id",
|
id_field_name="create_multiuse_invite_group_id",
|
||||||
),
|
),
|
||||||
|
@ -2296,6 +2297,7 @@ class UserGroup(models.Model): # type: ignore[django-manager-missing] # django-
|
||||||
allow_internet_group=False,
|
allow_internet_group=False,
|
||||||
allow_owners_group=False,
|
allow_owners_group=False,
|
||||||
allow_nobody_group=True,
|
allow_nobody_group=True,
|
||||||
|
allow_everyone_group=True,
|
||||||
default_group_name=EVERYONE_GROUP_NAME,
|
default_group_name=EVERYONE_GROUP_NAME,
|
||||||
default_for_system_groups=NOBODY_GROUP_NAME,
|
default_for_system_groups=NOBODY_GROUP_NAME,
|
||||||
id_field_name="can_mention_group_id",
|
id_field_name="can_mention_group_id",
|
||||||
|
@ -2657,6 +2659,7 @@ class Stream(models.Model):
|
||||||
allow_internet_group=False,
|
allow_internet_group=False,
|
||||||
allow_owners_group=False,
|
allow_owners_group=False,
|
||||||
allow_nobody_group=False,
|
allow_nobody_group=False,
|
||||||
|
allow_everyone_group=True,
|
||||||
default_group_name=UserGroup.ADMINISTRATORS_GROUP_NAME,
|
default_group_name=UserGroup.ADMINISTRATORS_GROUP_NAME,
|
||||||
id_field_name="can_remove_subscribers_group_id",
|
id_field_name="can_remove_subscribers_group_id",
|
||||||
),
|
),
|
||||||
|
|
|
@ -1240,6 +1240,10 @@ class RealmAPITest(ZulipTestCase):
|
||||||
user_group.name == UserGroup.NOBODY_GROUP_NAME
|
user_group.name == UserGroup.NOBODY_GROUP_NAME
|
||||||
and not setting_permission_configuration.allow_nobody_group
|
and not setting_permission_configuration.allow_nobody_group
|
||||||
)
|
)
|
||||||
|
or (
|
||||||
|
user_group.name == UserGroup.EVERYONE_GROUP_NAME
|
||||||
|
and not setting_permission_configuration.allow_everyone_group
|
||||||
|
)
|
||||||
or (
|
or (
|
||||||
user_group.name == UserGroup.OWNERS_GROUP_NAME
|
user_group.name == UserGroup.OWNERS_GROUP_NAME
|
||||||
and not setting_permission_configuration.allow_owners_group
|
and not setting_permission_configuration.allow_owners_group
|
||||||
|
|
|
@ -318,6 +318,7 @@ def update_realm(
|
||||||
allow_internet_group=permissions_configuration.allow_internet_group,
|
allow_internet_group=permissions_configuration.allow_internet_group,
|
||||||
allow_owners_group=permissions_configuration.allow_owners_group,
|
allow_owners_group=permissions_configuration.allow_owners_group,
|
||||||
allow_nobody_group=permissions_configuration.allow_nobody_group,
|
allow_nobody_group=permissions_configuration.allow_nobody_group,
|
||||||
|
allow_everyone_group=permissions_configuration.allow_everyone_group,
|
||||||
)
|
)
|
||||||
do_change_realm_permission_group_setting(
|
do_change_realm_permission_group_setting(
|
||||||
realm, setting_name, user_group, acting_user=user_profile
|
realm, setting_name, user_group, acting_user=user_profile
|
||||||
|
|
|
@ -399,6 +399,7 @@ def update_stream_backend(
|
||||||
allow_internet_group=permissions_configuration.allow_internet_group,
|
allow_internet_group=permissions_configuration.allow_internet_group,
|
||||||
allow_owners_group=permissions_configuration.allow_owners_group,
|
allow_owners_group=permissions_configuration.allow_owners_group,
|
||||||
allow_nobody_group=permissions_configuration.allow_nobody_group,
|
allow_nobody_group=permissions_configuration.allow_nobody_group,
|
||||||
|
allow_everyone_group=permissions_configuration.allow_everyone_group,
|
||||||
)
|
)
|
||||||
do_change_stream_group_based_setting(
|
do_change_stream_group_based_setting(
|
||||||
stream, setting_name, user_group, acting_user=user_profile
|
stream, setting_name, user_group, acting_user=user_profile
|
||||||
|
|
|
@ -74,6 +74,7 @@ def add_user_group(
|
||||||
allow_internet_group=permission_config.allow_internet_group,
|
allow_internet_group=permission_config.allow_internet_group,
|
||||||
allow_owners_group=permission_config.allow_owners_group,
|
allow_owners_group=permission_config.allow_owners_group,
|
||||||
allow_nobody_group=permission_config.allow_nobody_group,
|
allow_nobody_group=permission_config.allow_nobody_group,
|
||||||
|
allow_everyone_group=permission_config.allow_everyone_group,
|
||||||
)
|
)
|
||||||
group_settings_map[setting_name] = setting_value_group
|
group_settings_map[setting_name] = setting_value_group
|
||||||
|
|
||||||
|
@ -139,6 +140,7 @@ def edit_user_group(
|
||||||
allow_internet_group=permission_config.allow_internet_group,
|
allow_internet_group=permission_config.allow_internet_group,
|
||||||
allow_owners_group=permission_config.allow_owners_group,
|
allow_owners_group=permission_config.allow_owners_group,
|
||||||
allow_nobody_group=permission_config.allow_nobody_group,
|
allow_nobody_group=permission_config.allow_nobody_group,
|
||||||
|
allow_everyone_group=permission_config.allow_everyone_group,
|
||||||
)
|
)
|
||||||
do_change_user_group_permission_setting(
|
do_change_user_group_permission_setting(
|
||||||
user_group, setting_name, setting_value_group, acting_user=user_profile
|
user_group, setting_name, setting_value_group, acting_user=user_profile
|
||||||
|
|
Loading…
Reference in New Issue