From 758fdc87e0efc6a959b43c73a092750c35610070 Mon Sep 17 00:00:00 2001 From: Sahil Batra Date: Tue, 24 Sep 2024 15:15:57 +0530 Subject: [PATCH] group_setting_pill: Do not allow guest users for some settings. For settings with allow_everyone_group is False, guest users are not allowed to do the task controlled by that setting even if the guest user is member of the group which is used for that setting. So, we do not show guest users in typeahead for such settings and also not create a pill when someone types full email of the guest user in the input. There is no such restriction in the API and it is fine since we eventually have the check to not give guest user the permission. And we still allow guests to be part of any group, so there is no restriction on using groups containing guests as subgroups of the anonymous groups and showing them in typeahead. --- web/src/group_setting_pill.ts | 40 ++++++++++++++++++++++++++++++----- web/src/pill_typeahead.ts | 5 ++++- web/src/user_pill.ts | 18 +++++++++++++++- 3 files changed, 56 insertions(+), 7 deletions(-) diff --git a/web/src/group_setting_pill.ts b/web/src/group_setting_pill.ts index dce99f07fe..ad16fa9eb4 100644 --- a/web/src/group_setting_pill.ts +++ b/web/src/group_setting_pill.ts @@ -5,6 +5,7 @@ import render_input_pill from "../templates/input_pill.hbs"; import * as group_permission_settings from "./group_permission_settings"; import * as input_pill from "./input_pill"; import type {InputPillConfig} from "./input_pill"; +import * as people from "./people"; import * as pill_typeahead from "./pill_typeahead"; import type {GroupSettingPill, GroupSettingPillContainer} from "./typeahead_helper"; import * as user_group_pill from "./user_group_pill"; @@ -12,6 +13,7 @@ import type {UserGroupPill} from "./user_group_pill"; import * as user_groups from "./user_groups"; import type {UserGroup} from "./user_groups"; import * as user_pill from "./user_pill"; +import type {UserPill} from "./user_pill"; function check_group_allowed_for_setting( group_item: UserGroupPill, @@ -41,17 +43,37 @@ function check_group_allowed_for_setting( ); } +function check_user_allowed_for_setting( + user_item: UserPill, + setting_name: string, + setting_type: "realm" | "stream" | "group", +): boolean { + const group_setting_config = group_permission_settings.get_group_permission_setting_config( + setting_name, + setting_type, + ); + assert(group_setting_config !== undefined); + + if (group_setting_config.allow_everyone_group) { + return true; + } + + const user = people.get_by_email(user_item.email); + return user !== undefined && !user.is_guest; +} + export function create_item_from_text( text: string, current_items: GroupSettingPill[], pill_config?: InputPillConfig, ): GroupSettingPill | undefined { + const setting_name = pill_config?.setting_name; + assert(setting_name !== undefined); + const setting_type = pill_config?.setting_type; + assert(setting_type !== undefined); + const group_item = user_group_pill.create_item_from_group_name(text, current_items); if (group_item) { - const setting_name = pill_config?.setting_name; - assert(setting_name !== undefined); - const setting_type = pill_config?.setting_type; - assert(setting_type !== undefined); if (check_group_allowed_for_setting(group_item, setting_name, setting_type)) { return group_item; } @@ -59,7 +81,15 @@ export function create_item_from_text( return undefined; } - return user_pill.create_item_from_email(text, current_items); + const user_item = user_pill.create_item_from_email(text, current_items); + if (user_item) { + if (check_user_allowed_for_setting(user_item, setting_name, setting_type)) { + return user_item; + } + return undefined; + } + + return undefined; } export function get_text_from_item(item: GroupSettingPill): string { diff --git a/web/src/pill_typeahead.ts b/web/src/pill_typeahead.ts index 8f52a0ce86..ee0eb356ec 100644 --- a/web/src/pill_typeahead.ts +++ b/web/src/pill_typeahead.ts @@ -148,7 +148,10 @@ export function set_up_group_setting_typeahead( let source: GroupSettingTypeaheadItem[] = []; source = user_group_pill.typeahead_source(pills, opts.setting_name, opts.setting_type); - source = [...source, ...user_pill.typeahead_source(pills, true)]; + source = [ + ...source, + ...user_pill.typeahead_source(pills, true, opts.setting_name, opts.setting_type), + ]; return source; }, diff --git a/web/src/user_pill.ts b/web/src/user_pill.ts index deeae478d7..20e26a82ab 100644 --- a/web/src/user_pill.ts +++ b/web/src/user_pill.ts @@ -1,7 +1,10 @@ +import assert from "minimalistic-assert"; + import render_input_pill from "../templates/input_pill.hbs"; import * as blueslip from "./blueslip"; import type {EmojiRenderingDetails} from "./emoji"; +import * as group_permission_settings from "./group_permission_settings"; import type {InputPillConfig, InputPillContainer} from "./input_pill"; import * as input_pill from "./input_pill"; import type {User} from "./people"; @@ -146,8 +149,21 @@ export function has_unconverted_data(pill_widget: UserPillWidget): boolean { export function typeahead_source( pill_widget: UserPillWidget | CombinedPillContainer | GroupSettingPillContainer, exclude_bots?: boolean, + setting_name?: string, + setting_type?: "realm" | "stream" | "group", ): UserPillData[] { - const users = exclude_bots ? people.get_realm_active_human_users() : people.get_realm_users(); + let users = exclude_bots ? people.get_realm_active_human_users() : people.get_realm_users(); + if (setting_name !== undefined) { + assert(setting_type !== undefined); + const group_setting_config = group_permission_settings.get_group_permission_setting_config( + setting_name, + setting_type, + ); + assert(group_setting_config !== undefined); + if (!group_setting_config.allow_everyone_group) { + users = users.filter((user) => !user.is_guest); + } + } return filter_taken_users(users, pill_widget).map((user) => ({type: "user", user})); }