Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

settings: Disallow everyone group for new setting. 

This is important because the "guests" value isn't one that we'd
expect anyone to pick intentionally, and in particular isn't an
available option for the similar/adjacent "email invitations" setting.
This commit is contained in:
Tim Abbott 2023-09-06 17:06:51 -07:00
parent 88ec312b21
commit 6c83bbcbdb
9 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/group_permission_settings.ts
View File

@ -3,6 +3,7 @@ type GroupPermissionSetting = {
allow_internet_group: boolean;
allow_owners_group: boolean;
allow_nobody_group: boolean;
allow_everyone_group: boolean;
};
const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
@ -13,6 +14,7 @@ const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
allow_internet_group: false,
allow_owners_group: false,
allow_nobody_group: false,
allow_everyone_group: true,
},
],
[
@ -22,6 +24,7 @@ const group_permission_config_dict = new Map<string, GroupPermissionSetting>([
allow_internet_group: false,
allow_owners_group: false,
allow_nobody_group: true,
allow_everyone_group: false,
},
],
]);

13
web/src/user_groups.ts
View File

@ -231,8 +231,13 @@ export function get_realm_user_groups_for_dropdown_list_widget(
return [];
}
const {require_system_group, allow_internet_group, allow_owners_group, allow_nobody_group} =
group_setting_config;
const {
require_system_group,
allow_internet_group,
allow_owners_group,
allow_nobody_group,
allow_everyone_group,
} = group_setting_config;
const system_user_groups = settings_config.system_user_groups_list
.filter((group) => {
@ -248,6 +253,10 @@ export function get_realm_user_groups_for_dropdown_list_widget(
return false;
}
if (!allow_everyone_group && group.name === "role:everyone") {
return false;
}
return true;
})
.map((group) => {

1
zerver/lib/types.py
View File

@ -287,6 +287,7 @@ class GroupPermissionSetting:
allow_internet_group: bool
allow_owners_group: bool
allow_nobody_group: bool
allow_everyone_group: bool
default_group_name: str
id_field_name: str
default_for_system_groups: Optional[str] = None

8
zerver/lib/user_groups.py
View File

@ -173,6 +173,7 @@ def access_user_group_for_setting(
allow_internet_group: bool = False,
allow_owners_group: bool = False,
allow_nobody_group: bool = True,
allow_everyone_group: bool = True,
) -> UserGroup:
user_group = access_user_group_by_id(user_group_id, user_profile, for_read=True)
@ -202,6 +203,13 @@ def access_user_group_for_setting(
)
)
if not allow_everyone_group and user_group.name == UserGroup.EVERYONE_GROUP_NAME:
raise JsonableError(
_("'{setting_name}' setting cannot be set to 'role:everyone' group.").format(
setting_name=setting_name
)
)
return user_group

3
zerver/models.py
View File

@ -765,6 +765,7 @@ class Realm(models.Model): # type: ignore[django-manager-missing] # django-stub
allow_internet_group=False,
allow_owners_group=False,
allow_nobody_group=True,
allow_everyone_group=False,
default_group_name=ADMINISTRATORS_GROUP_NAME,
id_field_name="create_multiuse_invite_group_id",
),
@ -2296,6 +2297,7 @@ class UserGroup(models.Model): # type: ignore[django-manager-missing] # django-
allow_internet_group=False,
allow_owners_group=False,
allow_nobody_group=True,
allow_everyone_group=True,
default_group_name=EVERYONE_GROUP_NAME,
default_for_system_groups=NOBODY_GROUP_NAME,
id_field_name="can_mention_group_id",
@ -2657,6 +2659,7 @@ class Stream(models.Model):
allow_internet_group=False,
allow_owners_group=False,
allow_nobody_group=False,
allow_everyone_group=True,
default_group_name=UserGroup.ADMINISTRATORS_GROUP_NAME,
id_field_name="can_remove_subscribers_group_id",
),

4
zerver/tests/test_realm.py
View File

@ -1240,6 +1240,10 @@ class RealmAPITest(ZulipTestCase):
user_group.name == UserGroup.NOBODY_GROUP_NAME
and not setting_permission_configuration.allow_nobody_group
)
or (
user_group.name == UserGroup.EVERYONE_GROUP_NAME
and not setting_permission_configuration.allow_everyone_group
)
or (
user_group.name == UserGroup.OWNERS_GROUP_NAME
and not setting_permission_configuration.allow_owners_group

1
zerver/views/realm.py
View File

@ -318,6 +318,7 @@ def update_realm(
allow_internet_group=permissions_configuration.allow_internet_group,
allow_owners_group=permissions_configuration.allow_owners_group,
allow_nobody_group=permissions_configuration.allow_nobody_group,
allow_everyone_group=permissions_configuration.allow_everyone_group,
)
do_change_realm_permission_group_setting(
realm, setting_name, user_group, acting_user=user_profile

1
zerver/views/streams.py
View File

@ -399,6 +399,7 @@ def update_stream_backend(
allow_internet_group=permissions_configuration.allow_internet_group,
allow_owners_group=permissions_configuration.allow_owners_group,
allow_nobody_group=permissions_configuration.allow_nobody_group,
allow_everyone_group=permissions_configuration.allow_everyone_group,
)
do_change_stream_group_based_setting(
stream, setting_name, user_group, acting_user=user_profile

2
zerver/views/user_groups.py
View File

@ -74,6 +74,7 @@ def add_user_group(
allow_internet_group=permission_config.allow_internet_group,
allow_owners_group=permission_config.allow_owners_group,
allow_nobody_group=permission_config.allow_nobody_group,
allow_everyone_group=permission_config.allow_everyone_group,
)
group_settings_map[setting_name] = setting_value_group
@ -139,6 +140,7 @@ def edit_user_group(
allow_internet_group=permission_config.allow_internet_group,
allow_owners_group=permission_config.allow_owners_group,
allow_nobody_group=permission_config.allow_nobody_group,
allow_everyone_group=permission_config.allow_everyone_group,
)
do_change_user_group_permission_setting(
user_group, setting_name, setting_value_group, acting_user=user_profile